640201ba830e9420516377b100409a490f0623a508b3085acc7e7ac721915f4f

Analysis

max time kernel
1799s
max time network
1598s
platform
windows10-1703_x64
resource
win10-20230703-es
resource tags

arch:x64arch:x86image:win10-20230703-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
15/07/2023, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hitpaw-video-enhancer.exe
Size

2.2MB
MD5

2613687b43fb2e509fce47e8b0b2444d
SHA1

e852da21c8c388edd4ed569d3be0fd63d9aa3897
SHA256

640201ba830e9420516377b100409a490f0623a508b3085acc7e7ac721915f4f
SHA512

d0ef88c6c3c87517957275d8ad2f06ff4aa6e98bd7a6020aca2ae524b98f2cb4a8519f1f6afe63e1832e8bbae4415c590121823d2a24d07aa2aa2c58a5f3c3eb
SSDEEP

49152:5BfoNtu1abLX7EzIXXpT3yDeoOZdft+aXMEV8av5sW6aRHm1TN3zID:5BfBSHhZTCDeoOZPD8EVzRsWvRD

Score

8^/10

discovery evasion trojan upx vmprotect

Malware Config

Signatures

Sets file to hidden 1 TTPs 3 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1158

pid	Process
1828	attrib.exe
1772	attrib.exe
4904	attrib.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/660-117-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-125-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-127-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-129-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-131-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-133-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-137-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-139-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-141-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-143-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-145-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-147-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-152-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-176-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-213-0x0000000000400000-0x00000000008AD000-memory.dmp	upx
behavioral1/memory/660-3440-0x0000000000400000-0x00000000008AD000-memory.dmp	upx

VMProtect packed file 55 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x000600000001b0e9-565.dat	vmprotect
behavioral1/files/0x000600000001b0e9-3381.dat	vmprotect
behavioral1/files/0x000600000001b0e9-3382.dat	vmprotect
behavioral1/memory/1224-3441-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/files/0x000600000001b0cc-3386.dat	vmprotect
behavioral1/files/0x000600000001b0cc-3385.dat	vmprotect
behavioral1/memory/1224-3457-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1224-3483-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1224-3562-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/224-4368-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1492-4390-0x0000000000870000-0x00000000012E9000-memory.dmp	vmprotect
behavioral1/memory/224-4589-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/224-4601-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4468-4609-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1492-4623-0x0000000000870000-0x00000000012E9000-memory.dmp	vmprotect
behavioral1/memory/4468-4637-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/3756-4705-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/3756-4709-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1388-4711-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1388-4714-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/4872-4762-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/4872-4764-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1900-4765-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1900-4766-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/3732-4825-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/3732-4828-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/4832-4829-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4832-4830-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/4916-4887-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4916-4889-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1772-4888-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1772-4890-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/2032-4892-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1828-4950-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1828-4952-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/5004-4953-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/5004-4954-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/4416-5016-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4416-5018-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1388-5019-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1388-5020-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1276-5075-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1276-5076-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/1752-5085-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/1752-5087-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/2344-5135-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/2344-5139-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/4904-5146-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4904-5148-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/676-5154-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/676-5207-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4108-5205-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/4108-5209-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp	vmprotect
behavioral1/memory/3760-5290-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect
behavioral1/memory/736-5291-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp	vmprotect

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	HitPawVideoEnhancer.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	HitPawVideoEnhancer.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
10	ip-api.com
1016	ip-api.com

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Control Panel\International\Geo\Nation	HitPawVideoEnhancer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Control Panel\International\Geo\Nation	HitPawVideoEnhancer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Control Panel\International\Geo\Nation	HitPawVideoEnhancer.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 40 IoCs

pid	Process
1224	HitPawVideoEnhancer.exe
2032	HitPawVideoEnhancer.exe
4468	HitPawVideoEnhancer.exe
224	HitPawVideoEnhancer.exe
1492	HelpService.exe
1388	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe
4916	HitPawVideoEnhancer.exe
1828	HitPawVideoEnhancer.exe
5004	HitPawVideoEnhancer.exe
4416	HitPawVideoEnhancer.exe
1388	HitPawVideoEnhancer.exe
1276	HitPawVideoEnhancer.exe
1752	HitPawVideoEnhancer.exe
2344	HitPawVideoEnhancer.exe
4904	HitPawVideoEnhancer.exe
4108	HitPawVideoEnhancer.exe
676	HitPawVideoEnhancer.exe
3760	HitPawVideoEnhancer.exe
736	HitPawVideoEnhancer.exe
4224	HitPawVideoEnhancer.exe
1720	HitPawVideoEnhancer.exe
5116	HitPawVideoEnhancer.exe
4336	HitPawVideoEnhancer.exe
2632	HitPawVideoEnhancer.exe
1104	HitPawVideoEnhancer.exe
3788	HitPawVideoEnhancer.exe
748	HitPawVideoEnhancer.exe
3472	HitPawVideoEnhancer.exe
396	HitPawVideoEnhancer.exe
4220	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
3320	HitPawVideoEnhancer.exe
4952	HitPawVideoEnhancer.exe
4904	HitPawVideoEnhancer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\InstallerProcess\is-7V5T7.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.1.0\is-KEI52.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.1.1\is-VIF5U.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\Material\is-DHHLG.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\Material\is-HMAEV.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\Universal\is-7PGQC.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\UWRes\UWLang\UWLang1.0.0\is-CDDMO.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\api-ms-win-core-synch-l1-2-0.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-2V6TS.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-VQTV1.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.0.0\is-8TL14.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.7.0\is-0HVDN.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\translations\is-ECCGP.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-ICKF9.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtGraphicalEffects\private\is-BPD7G.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Styles\Base\images\is-MGK5G.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\is-BT5P5.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\Universal\is-PRBQ9.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\api-ms-win-core-file-l1-1-0.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\is-FK1HB.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Private\is-RD36F.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Private\is-TQN98.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Styles\Desktop\is-VNP7O.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Styles\Desktop\is-HOP2O.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\Imagine\is-TQJV8.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick3D\Materials\maps\is-BABC5.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\UWRes\UWLang\UWLang1.0.0\is-4KLGI.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsTranscoderFFmpeg.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\PublicPlugin\ProcessingproxyPlugin.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\InstallerProcess\is-A8108.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\platforminputcontexts\is-L8FSH.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\is-DOH4R.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\ThirdParty\is-MJHG5.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Quick3DUtils.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5RemoteObjects.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-9UJRT.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-KNUBE.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-NGQGH.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Styles\Desktop\is-T72OM.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick3D\Effects\is-GQF1E.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\InstallerProcess\vcruntime140.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-U4J74.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-H0RBI.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.7.0\is-TO4PR.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\qmltooling\qmldbg_local.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\InstallerProcess\is-48DJH.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\is-S43DP.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HelpService\is-6OKBN.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.3.1\is-B9I8V.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\qmltooling\is-C8S75.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\is-4A88N.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\InstallerProcess\is-TPHIP.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\InstallerProcess\is-F2DUS.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.4.0mac\is-GHCEM.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Private\is-RS2B2.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls.2\Material\is-TKL3P.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick3D\Materials\is-NJ94V.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick3D\Materials\maps\is-AJRQP.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\api-ms-win-core-io-l1-1-1.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\scenegraph\qsgd3d12backend.dll	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.7.0\is-P1682.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\platforms\is-C179S.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQml\StateMachine\is-2HLI9.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick\Controls\Styles\Desktop\is-ANJMN.tmp	hitpawvideoenhancer_hitpawnet_1.7.0.tmp

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	HitPawVideoEnhancer.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	HitPawVideoEnhancer.exe

Executes dropped EXE 50 IoCs

pid	Process
4880	hitpawvideoenhancer_hitpawnet_1.7.0.exe
1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
1224	HitPawVideoEnhancer.exe
4356	dpiset.exe
4776	CheckOpenGL.exe
3300	CheckOpenGL.exe
2032	HitPawVideoEnhancer.exe
4468	HitPawVideoEnhancer.exe
224	HitPawVideoEnhancer.exe
2868	Update.exe
1492	HelpService.exe
4136	HitPawInfo.exe
1388	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe
4916	HitPawVideoEnhancer.exe
1828	HitPawVideoEnhancer.exe
5004	HitPawVideoEnhancer.exe
4416	HitPawVideoEnhancer.exe
1388	HitPawVideoEnhancer.exe
1276	HitPawVideoEnhancer.exe
1752	HitPawVideoEnhancer.exe
2344	HitPawVideoEnhancer.exe
4904	HitPawVideoEnhancer.exe
4108	HitPawVideoEnhancer.exe
676	HitPawVideoEnhancer.exe
3760	HitPawVideoEnhancer.exe
736	HitPawVideoEnhancer.exe
4224	HitPawVideoEnhancer.exe
1720	HitPawVideoEnhancer.exe
5116	HitPawVideoEnhancer.exe
4336	HitPawVideoEnhancer.exe
2632	HitPawVideoEnhancer.exe
1104	HitPawVideoEnhancer.exe
3440	dpiset.exe
220	dpiset.exe
3788	HitPawVideoEnhancer.exe
748	HitPawVideoEnhancer.exe
3472	HitPawVideoEnhancer.exe
396	HitPawVideoEnhancer.exe
4220	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
3320	HitPawVideoEnhancer.exe
3312	dpiset.exe
4952	HitPawVideoEnhancer.exe
4904	HitPawVideoEnhancer.exe

Loads dropped DLL 64 IoCs

pid	Process
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
4356	dpiset.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
3724	tasklist.exe
432	tasklist.exe
2504	tasklist.exe

Kills process with taskkill 6 IoCs

evasion

pid	Process
2728	taskkill.exe
4736	taskkill.exe
4964	taskkill.exe
4220	taskkill.exe
1652	taskkill.exe
4732	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Internet Explorer\Main	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hitpaw.net\NumberOfSubdomain = "0"	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hitpaw.net\ = "0"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f1a8462a8add901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "158"	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hitpaw.net\Total = "39"	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.hitpaw.net\ = "0"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hitpaw.net\Total = "0"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.hitpaw.net\ = "39"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hitpaw.net\NumberOfSubdom = "0"	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hitpaw.net\Total = "158"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{5FE773C7-7308-4C09-9A55-E8861058811F} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hitpaw.net	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hitpaw.net\NumberOfSubdomain = "1"	HitPawVideoEnhancer.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "39"	HitPawVideoEnhancer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	hitpaw-video-enhancer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	hitpaw-video-enhancer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	hitpaw-video-enhancer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	hitpaw-video-enhancer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	hitpaw-video-enhancer.exe

Suspicious behavior: AddClipboardFormatListener 11 IoCs

pid	Process
4356	dpiset.exe
1224	HitPawVideoEnhancer.exe
4776	CheckOpenGL.exe
3300	CheckOpenGL.exe
2868	Update.exe
3440	dpiset.exe
220	dpiset.exe
4224	HitPawVideoEnhancer.exe
1720	HitPawVideoEnhancer.exe
3312	dpiset.exe
3472	HitPawVideoEnhancer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
660	hitpaw-video-enhancer.exe
660	hitpaw-video-enhancer.exe
660	hitpaw-video-enhancer.exe
660	hitpaw-video-enhancer.exe
660	hitpaw-video-enhancer.exe
660	hitpaw-video-enhancer.exe
1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
4468	HitPawVideoEnhancer.exe
4468	HitPawVideoEnhancer.exe
224	HitPawVideoEnhancer.exe
224	HitPawVideoEnhancer.exe
2032	HitPawVideoEnhancer.exe
2032	HitPawVideoEnhancer.exe
1492	HelpService.exe
1492	HelpService.exe
1492	HelpService.exe
1492	HelpService.exe
224	HitPawVideoEnhancer.exe
224	HitPawVideoEnhancer.exe
1492	HelpService.exe
1492	HelpService.exe
4468	HitPawVideoEnhancer.exe
4468	HitPawVideoEnhancer.exe
2032	HitPawVideoEnhancer.exe
2032	HitPawVideoEnhancer.exe
1492	HelpService.exe
1492	HelpService.exe
1492	HelpService.exe
1492	HelpService.exe
1388	HitPawVideoEnhancer.exe
1388	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
1388	HitPawVideoEnhancer.exe
1388	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe
4916	HitPawVideoEnhancer.exe
4916	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1224	HitPawVideoEnhancer.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
1292	MicrosoftEdgeCP.exe
1292	MicrosoftEdgeCP.exe
1292	MicrosoftEdgeCP.exe
1292	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	3724	tasklist.exe
Token: SeDebugPrivilege	2728	taskkill.exe
Token: SeDebugPrivilege	4736	taskkill.exe
Token: SeDebugPrivilege	4964	taskkill.exe
Token: SeDebugPrivilege	4220	taskkill.exe
Token: SeDebugPrivilege	432	tasklist.exe
Token: SeDebugPrivilege	1652	taskkill.exe
Token: SeDebugPrivilege	2504	tasklist.exe
Token: SeDebugPrivilege	4732	taskkill.exe
Token: SeDebugPrivilege	4416	HitPawVideoEnhancer.exe
Token: SeDebugPrivilege	4416	HitPawVideoEnhancer.exe
Token: SeDebugPrivilege	4416	HitPawVideoEnhancer.exe
Token: SeDebugPrivilege	4416	HitPawVideoEnhancer.exe
Token: SeDebugPrivilege	2508	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2508	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4136	HitPawInfo.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp
660	hitpaw-video-enhancer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4356	dpiset.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1740	MicrosoftEdge.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
4776	CheckOpenGL.exe
1292	MicrosoftEdgeCP.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
4416	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
3300	CheckOpenGL.exe
1224	HitPawVideoEnhancer.exe
1292	MicrosoftEdgeCP.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
1224	HitPawVideoEnhancer.exe
2868	Update.exe
2868	Update.exe
2868	Update.exe
2868	Update.exe
224	HitPawVideoEnhancer.exe
4468	HitPawVideoEnhancer.exe
2032	HitPawVideoEnhancer.exe
3756	HitPawVideoEnhancer.exe
1388	HitPawVideoEnhancer.exe
4872	HitPawVideoEnhancer.exe
1900	HitPawVideoEnhancer.exe
3732	HitPawVideoEnhancer.exe
4832	HitPawVideoEnhancer.exe
1772	HitPawVideoEnhancer.exe
4916	HitPawVideoEnhancer.exe
1828	HitPawVideoEnhancer.exe
5004	HitPawVideoEnhancer.exe
4416	HitPawVideoEnhancer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 4880	660	hitpaw-video-enhancer.exe	71
PID 660 wrote to memory of 4880	660	hitpaw-video-enhancer.exe	71
PID 660 wrote to memory of 4880	660	hitpaw-video-enhancer.exe	71
PID 4880 wrote to memory of 1900	4880	hitpawvideoenhancer_hitpawnet_1.7.0.exe	72
PID 4880 wrote to memory of 1900	4880	hitpawvideoenhancer_hitpawnet_1.7.0.exe	72
PID 4880 wrote to memory of 1900	4880	hitpawvideoenhancer_hitpawnet_1.7.0.exe	72
PID 1900 wrote to memory of 4912	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	74
PID 1900 wrote to memory of 4912	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	74
PID 1900 wrote to memory of 4912	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	74
PID 1900 wrote to memory of 2120	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	77
PID 1900 wrote to memory of 2120	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	77
PID 1900 wrote to memory of 2120	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	77
PID 1900 wrote to memory of 1912	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	76
PID 1900 wrote to memory of 1912	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	76
PID 1900 wrote to memory of 1912	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	76
PID 1900 wrote to memory of 1152	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	75
PID 1900 wrote to memory of 1152	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	75
PID 1900 wrote to memory of 1152	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	75
PID 1152 wrote to memory of 3724	1152	cmd.exe	83
PID 1152 wrote to memory of 3724	1152	cmd.exe	83
PID 1152 wrote to memory of 3724	1152	cmd.exe	83
PID 2120 wrote to memory of 2728	2120	cmd.exe	82
PID 2120 wrote to memory of 2728	2120	cmd.exe	82
PID 2120 wrote to memory of 2728	2120	cmd.exe	82
PID 4912 wrote to memory of 1828	4912	cmd.exe	81
PID 4912 wrote to memory of 1828	4912	cmd.exe	81
PID 4912 wrote to memory of 1828	4912	cmd.exe	81
PID 1152 wrote to memory of 3888	1152	cmd.exe	84
PID 1152 wrote to memory of 3888	1152	cmd.exe	84
PID 1152 wrote to memory of 3888	1152	cmd.exe	84
PID 1912 wrote to memory of 4736	1912	cmd.exe	85
PID 1912 wrote to memory of 4736	1912	cmd.exe	85
PID 1912 wrote to memory of 4736	1912	cmd.exe	85
PID 1900 wrote to memory of 3344	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	88
PID 1900 wrote to memory of 3344	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	88
PID 1900 wrote to memory of 3344	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	88
PID 1900 wrote to memory of 3792	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	89
PID 1900 wrote to memory of 3792	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	89
PID 1900 wrote to memory of 3792	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	89
PID 1900 wrote to memory of 3404	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	91
PID 1900 wrote to memory of 3404	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	91
PID 1900 wrote to memory of 3404	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	91
PID 1900 wrote to memory of 3900	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	93
PID 1900 wrote to memory of 3900	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	93
PID 1900 wrote to memory of 3900	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	93
PID 3344 wrote to memory of 1772	3344	cmd.exe	96
PID 3344 wrote to memory of 1772	3344	cmd.exe	96
PID 3344 wrote to memory of 1772	3344	cmd.exe	96
PID 3404 wrote to memory of 4964	3404	cmd.exe	97
PID 3404 wrote to memory of 4964	3404	cmd.exe	97
PID 3404 wrote to memory of 4964	3404	cmd.exe	97
PID 3792 wrote to memory of 4220	3792	cmd.exe	98
PID 3792 wrote to memory of 4220	3792	cmd.exe	98
PID 3792 wrote to memory of 4220	3792	cmd.exe	98
PID 3900 wrote to memory of 432	3900	cmd.exe	100
PID 3900 wrote to memory of 432	3900	cmd.exe	100
PID 3900 wrote to memory of 432	3900	cmd.exe	100
PID 3900 wrote to memory of 3188	3900	cmd.exe	99
PID 3900 wrote to memory of 3188	3900	cmd.exe	99
PID 3900 wrote to memory of 3188	3900	cmd.exe	99
PID 1900 wrote to memory of 3896	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	102
PID 1900 wrote to memory of 3896	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	102
PID 1900 wrote to memory of 3896	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	102
PID 1900 wrote to memory of 3908	1900	hitpawvideoenhancer_hitpawnet_1.7.0.tmp	103

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
1772	attrib.exe
4904	attrib.exe
1828	attrib.exe

C:\Users\Admin\AppData\Local\Temp\hitpaw-video-enhancer.exe
"C:\Users\Admin\AppData\Local\Temp\hitpaw-video-enhancer.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:660
- C:\Users\Admin\AppData\Local\Temp\hitpawvideoenhancer_hitpawnet\hitpawvideoenhancer_hitpawnet_1.7.0.exe
  /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\" /LANG=es /LOG="C:\Users\Admin\AppData\Local\Temp\HitPaw Video Enhancer_Setup_20230703121325.log" /sptrack null
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Users\Admin\AppData\Local\Temp\is-Q13JO.tmp\hitpawvideoenhancer_hitpawnet_1.7.0.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-Q13JO.tmp\hitpawvideoenhancer_hitpawnet_1.7.0.tmp" /SL5="$502D6,880519926,233984,C:\Users\Admin\AppData\Local\Temp\hitpawvideoenhancer_hitpawnet\hitpawvideoenhancer_hitpawnet_1.7.0.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\" /LANG=es /LOG="C:\Users\Admin\AppData\Local\Temp\HitPaw Video Enhancer_Setup_20230703121325.log" /sptrack null
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1900
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c attrib +s +h C:\ProgramData\HitPawVideoEnhacnerAI
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4912
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib +s +h C:\ProgramData\HitPawVideoEnhacnerAI
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:1828
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c tasklist /fo csv | find /c /i "HitPawVideoEnhancer.exe" > "C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1152
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3724
    - - C:\Windows\SysWOW64\find.exe
        
        find /c /i "HitPawVideoEnhancer.exe"
        5⤵
        
        PID:3888
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilGPU\tsphotoctilGPU.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilGPU\tsphotoctilGPU.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4736
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilCPU\tsphotoctilCPU.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2120
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilCPU\tsphotoctilCPU.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2728
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c attrib +s +h C:\ProgramData\HitPawVideoEnhacnerAI
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3344
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib +s +h C:\ProgramData\HitPawVideoEnhacnerAI
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:1772
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilCPU\tsphotoctilCPU.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3792
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilCPU\tsphotoctilCPU.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4220
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilGPU\tsphotoctilGPU.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3404
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilGPU\tsphotoctilGPU.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4964
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c tasklist /fo csv | find /c /i "HitPawVideoEnhancer.exe" > "C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3900
    - - C:\Windows\SysWOW64\find.exe
        
        find /c /i "HitPawVideoEnhancer.exe"
        5⤵
        
        PID:3188
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:432
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c attrib +s +h C:\ProgramData\HitPawVideoEnhacnerAI
      4⤵
      PID:3896
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib +s +h C:\ProgramData\HitPawVideoEnhacnerAI
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:4904
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilCPU\tsphotoctilCPU.exe
      4⤵
      PID:3908
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilCPU\tsphotoctilCPU.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1652
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c tasklist /fo csv | find /c /i "HitPawVideoEnhancer.exe" > "C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt"
      4⤵
      PID:1848
    - - C:\Windows\SysWOW64\find.exe
        
        find /c /i "HitPawVideoEnhancer.exe"
        5⤵
        
        PID:3616
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2504
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilGPU\tsphotoctilGPU.exe
      4⤵
      PID:3888
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im C:\ProgramData\HitPawVideoEnhacnerAI\tsphotoctilGPU\tsphotoctilGPU.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4732
- C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
  "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1224
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe" "HitPaw Software" "HitPaw Video Enhancer"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:4356
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\CheckOpenGL.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\CheckOpenGL.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:4776
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\CheckOpenGL.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\CheckOpenGL.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:3300
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HelpService\HelpService.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HelpService\HelpService.exe" 1224(#-+)HitPaw Video Enhancer Win(#-+)1.7.0(#-+)4808(#-+)(#-+)1(#-+)ppl20230703-121809
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1492
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_0 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:224
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_0 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4468
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" ProcessDaemonManager_0 ws://127.0.0.1:26534 m_videoExePath "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer" m_videoExePath m_videoExePath
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2032
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Update.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Update.exe" Update|545283674652 ws://127.0.0.1:55585 es "HitPaw Software" "HitPaw Video Enhancer"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:2868
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawInfo.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawInfo.exe" "HitPaw Software" "HitPaw Video Enhancer" isSetVirtualMemory_True
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4136
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_1 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    PID:1388
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_1 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3756
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_2 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4872
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_2 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1900
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_3 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    PID:3732
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_3 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4832
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_4 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1772
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_4 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4916
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_5 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1828
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_5 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5004
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_6 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Checks whether UAC is enabled
    - Checks computer location settings
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Windows directory
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4416
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_6 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1388
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_7 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:1276
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_7 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:1752
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_8 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:2344
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_8 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    PID:4904
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_9 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:4108
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_9 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:676
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_10 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:3760
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_10 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:736
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_11 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:5116
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_11 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Checks whether UAC is enabled
    - Checks computer location settings
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Windows directory
    - Executes dropped EXE
    - Modifies registry class
    PID:4336
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_12 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:2632
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_12 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:1104
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_13 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:3788
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_13 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:748
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_14 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:396
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_14 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:4220
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_15 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3732
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_15 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:3320
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskProcessClient_16 ws://127.0.0.1:26530 AAAAAQAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABz "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideo"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:4952
- - C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
    "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe" TaskPreviewClient_16 ws://127.0.0.1:26531 AAAAAgAAAA4AbQBkAHMAUABhAHQAaAAAAAoAAAAAUABDADoALwBQAHIAbwBnAHIAYQBtAEQAYQB0AGEALwBIAGkAdABQAGEAdwBWAGkAZABlAG8ARQBuAGgAYQBjAG4AZQByAEEASQAvAG0AZABzAAAADgBHAFAAVQBUAHkAcABlAAAAAgAAAAAA "C:/Users/Admin/AppData/Local/cache/log\HitPaw Video Enhancer/tsVideoPre" TaskPreviewServer
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    PID:4904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4416

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4336

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2508

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2560

C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
"C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:4224
- C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe
  "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe" "HitPaw Software" "HitPaw Video Enhancer"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  PID:3440

C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
"C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:1720
- C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe
  "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe" "HitPaw Software" "HitPaw Video Enhancer"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  PID:220

C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe
"C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:3472
- C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe
  "C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\dpiset.exe" "HitPaw Software" "HitPaw Video Enhancer"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  PID:3312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Armor.dll

Filesize
6.4MB

MD5
fa9301dce218c98353bd994f1740ed25

SHA1
9f07572a0d4d8bbdb36e7d5c2b8f3435a91358b9

SHA256
072f648f7c30f05f04bea003bd8a38104ed08752c0536337ba1b85f435c94c68

SHA512
97fb2cfff279ea9f3566cf75a2223a33d72754e2a3050b48fe107d22cab0b26b44654de21ebda8fd9817257a28caa0ab57130a8a7854f4effefe3a66cf1a583c

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\FFmpegJoint.dll

Filesize
82KB

MD5
dbddc4476c5454275373d05483d48b39

SHA1
eab0feefb9404e5e9e27783ec2cd919ae0095ff8

SHA256
ed3d09e31f8e0bb380b23bdf96e9bfd8cb0849a9be3d10384410e40b93e26491

SHA512
620875e0bce91fcf33f770456293dbe316d06b368e8e62d7ff583ce707730418fa1f442140c4143f6c453712082777e4bc0a8876b052e0bd1e06bbe80d8d5be5

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\FileReport.dll

Filesize
115KB

MD5
a01fdb3cef78b16bf98bca8fd776e8cf

SHA1
380284dfd6047849e62484dbcdbd593cf279e6c0

SHA256
4ffa7f918df69edcac1fe34e83d221301390d0bef2b694d4f2d3b0adb39e8ed3

SHA512
5eafadc2a9c5eabf7640b1d59cacb674907724d8ab90cb4ae01053d27443c19d330d49aa9d87aa43cc56e178653993466f663321fc524661815dc18a6c31a986

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe

Filesize
11.3MB

MD5
1a682a95a2aefd5d6a63391048fd23dd

SHA1
7a2485f45974b274ab493d72b8e42b45a3fcef56

SHA256
2df38d9c1a72bd9d6ed5a81a303a35f66840e3e272d7aced5e4e43f6128c56d0

SHA512
eb933da6240875cbfba1de227073ee5807c69b08a9e854744bfd879f816edc427d7e15bd841effa94cb1b6942ba6a034d8073dbd4dad6e88e5bbf4dfcaae1b7f

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe

Filesize
11.3MB

MD5
1a682a95a2aefd5d6a63391048fd23dd

SHA1
7a2485f45974b274ab493d72b8e42b45a3fcef56

SHA256
2df38d9c1a72bd9d6ed5a81a303a35f66840e3e272d7aced5e4e43f6128c56d0

SHA512
eb933da6240875cbfba1de227073ee5807c69b08a9e854744bfd879f816edc427d7e15bd841effa94cb1b6942ba6a034d8073dbd4dad6e88e5bbf4dfcaae1b7f

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\HitPawVideoEnhancer.exe

Filesize
11.3MB

MD5
1a682a95a2aefd5d6a63391048fd23dd

SHA1
7a2485f45974b274ab493d72b8e42b45a3fcef56

SHA256
2df38d9c1a72bd9d6ed5a81a303a35f66840e3e272d7aced5e4e43f6128c56d0

SHA512
eb933da6240875cbfba1de227073ee5807c69b08a9e854744bfd879f816edc427d7e15bd841effa94cb1b6942ba6a034d8073dbd4dad6e88e5bbf4dfcaae1b7f

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\MSVCP140.dll

Filesize
618KB

MD5
b9abe16b723ddd90fc612d0ddb0f7ab4

SHA1
b323de242f21f39cf1cca4198ba1abb52e6aa0fb

SHA256
75fc76655631a4ae72d015b8e85f899537c603661ca35a3f29099b8e4c84716c

SHA512
2a66bddb9b6768419c6baacbf8bb19cda5662f5b1a1a3ca760b1d9d7ea7d65d19c29f48b7621362107eef819d692f1d2a55a6d7d0217ecea91eb6e150f6ab646

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Core.dll

Filesize
5.8MB

MD5
b2b77282c8f09de9c77bd486a94a1676

SHA1
78758728c039ecc6ce77f45cc70408a49b0fa4e6

SHA256
60b21a618c7f4ee015b8060dd8a64e9fb39c5167ff369eba8aeaaa29290c3485

SHA512
dacd2643397ecc6d45859fc202480ba964782b6334c017095ee02888cfbdddd3b91621ba6d2fe34c51a4c7166413f89bfd2409ac23d89b712587dce95cf9caa5

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Gui.dll

Filesize
6.7MB

MD5
6d50542785d7962382c3756cd85ca12c

SHA1
4838742895b3a2450031d6c90768fe9bc9722f33

SHA256
0323c7fbd9a579f339b597b3e5f5b6e02814ae594f7fbc0cdd1786a5a32551ac

SHA512
c3f6ce45a901032052453565b01516a5ae81c41580e8dbdeffc45920692f8e7cdd0c4149c30ca07867be11f3964c6528f78a2de948d5eaa9aa1bab6f2b8cea0e

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Network.dll

Filesize
1.3MB

MD5
d9730d9354bc8b3d2b6afec51893a990

SHA1
e47a84d9961792180ba34380eb6200656d2b085f

SHA256
c5650340a415128f0d4f47ce1d94ea04e9bde9199943fb22f22547d0678264b1

SHA512
6fafba68a3ee6c24339e76b8c5f58b2e1bed0eeb9fe9ce09f6431a5e43cd8c9f30f5a8063aa890766cf02de9daa6c9b02e630617cacb9dc36a41216e8b5536b3

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5QuickWidgets.dll

Filesize
77KB

MD5
cafa3a400e27cac75e709c05e5e86675

SHA1
65c6f9c9ee522e71ebe131f245706a2af458cbd9

SHA256
0b75ff566be55aeb1d6e04f3a15509bc1c4e0e285fefcc59365533d0a2e6fe60

SHA512
41a94502209440c1709ffe045e4800cfbb62f7fceb2bf3afce0d1b9a220428331c65cddd8052b0629ceaf8763d0cc4a3428607ab239bf18af029f746e73f1c09

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5RemoteObjects.dll

Filesize
474KB

MD5
585eb34783656eaac5d292fa8595ba52

SHA1
c985d3cbb05fd7b558fbedbb726c703ed992f2d8

SHA256
6d968bc1d4b79643504c753bb24e8d735a8c8a66e8903c45a43b8ae81d540084

SHA512
09ce1c7783dccfe430e513840c45145817771ed55bfa33e95680207d3554404a2600f45cd1b9b935765ebbf4304a8cb6c1012438ab15581f67bd7fe198df6788

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Widgets.dll

Filesize
5.3MB

MD5
220bf38b520fb1e7fcdb36b514fdea46

SHA1
b143c471b47b2c524e35305ba977cbf9d54edc23

SHA256
54f56144d8e1199f548a2462519c1c2e42fb49faf15fba19c032284e82f1c883

SHA512
59a48600f80ce86e41eaf8ef61211754447de331ff9f5d8ab3fe6e1d2a4f55533824a32e1c4e6d99df430b784fe835d421cd646bd371d439e8ea4495ee7ddffa

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\QtQuick3D\Materials\maps\is-8MDD3.tmp

Filesize
334B

MD5
882310febbcd112f6416015145fd8c6d

SHA1
e142d0ba597a2c773e6354673bbc4a760f8d963f

SHA256
03003aa01026e944b75447078f5758d0ffab854d03e9ce80780a174411073f7f

SHA512
b21d8a189123c3019b5c99c1927d9eb10293cbe9321cb54d1fe183bf57efd22f778a61e47be27afb8f54d731ce17f96a6c6452dc76c3a8596b1bf1fdd532d4c4

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\SoftwareLog.dll

Filesize
1.5MB

MD5
33247280aa899db9d76832414ce1a1c4

SHA1
ca5e659ea499ab4bdf35735c0304996d5cc3a8d1

SHA256
d0319c334e826b36554ea44d22430ec1f12d66d74e0cb89b22319802fb10890a

SHA512
49db5bcc2b28cfa89e217ab47d8cf56e28099a6f916a9ef7ab2449766b9346d433ccdacf2c06653e0e09ab38b4185880c811fc7c468ad6e1d41e47f5ca35e9c6

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TSConfig.HitPawVideoEnhancer.json

Filesize
779B

MD5
1343e6798f87fc2f8d6df5044c6d1ed8

SHA1
d496621fd9f052bafa70337064a111ae6617b45c

SHA256
2e0feefe05b1f611080bd4f6148a9497ea28d0dd39808b20c5d155de8b4f8e48

SHA512
8bed825a3701cc471d8940378e9a12ce72f98f26acdcf20263cd50fc37ad45a06efd23368bb76a961b086f881565beeec21ad5136d9d79a8d44a8090fa3f1c80

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TSMonitor.dll

Filesize
40KB

MD5
5bd5bb152cdf036889365054f4fa12aa

SHA1
bcee97faae391ef1ed3e0425acdb16a68bf17297

SHA256
c4fd6fbbcb890adfe1bb2b39539602a01b487918cd36c7cb9b6124e6df4ea43b

SHA512
e9af88fd5d2b43805c1c16ffbb481c6e8513d3a38051a9c2c45d60a6afeb2a30123d1f767e526377bb2ba77638704f86dc6dd008994ffece259835b24e07a690

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TaiShan.dll

Filesize
413KB

MD5
066a56b06301006ae1d2de09fd926cf8

SHA1
d4c156b3d046567727f738075b3925fa20d8f90e

SHA256
2e5613e16c04382df2645d46b7735dab9075754587c957612dd872a20522c6f8

SHA512
601e4d4982eeb10e7050f6c1f0911dedb8450042f8ca042b5084ad2cf5539d9617239c7387ef3f80b6538d455f441805446967490b531d57f19d9f353f77b5bb

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TaiShanBase.dll

Filesize
89KB

MD5
6f1cd7b597782d889eba769d2cacc62e

SHA1
5aa69ec7f0e39392dd8fff3b882a2b02d01739cf

SHA256
ccdb5491716989a161350d8401b16c600ce658afe4ea3ecacfce6e14ab247a9d

SHA512
5ccca2aebac0963b7b10732ccafd845ab7bc7a5274d55f2fd70d7f69f0f6366a853abe5138f43c095dbe7459843e3f4c347357c2e3a654204cd73c35acb2f04f

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TaskProcessSever.dll

Filesize
228KB

MD5
76cd87fdc71bbf56070f4f1cb7958856

SHA1
2d61ff1fb8909d8f709e20af2fa127c539b17118

SHA256
dac2720383d08849f7554165e1c75adb9e3682251278af983dcf57bc1342097b

SHA512
2ff9d0ab7ee52d00ae1b9985030b8b70f1303a5229fbd09d3e0c2a903bec8afd6aad1921752810bc5c5ff6490b0b2d9d0d73acb0d5384ad415c3e125afe66c46

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsDispatcher.dll

Filesize
537KB

MD5
d405b162e5a07dfbba0edc5daf917581

SHA1
dd2b0dd6b128fe5e2421bc6197f0def10a80431a

SHA256
9d7d9595851d678a10f52e78a3ce35b012aea33a3110a40428f1dc601d819a7e

SHA512
5d65afa7dfe7f3852898979cbec5e7555aedceff17ac710ca213c456138667e9557b28971edae0cc7a560b4d91fb4cca9eb538a644cb13e40bee9d4ad09e268b

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsFetcher.dll

Filesize
229KB

MD5
f67f5aa64d64a6452752acffa8d34620

SHA1
8c3efd745426d5565314d56e5f3e29acbdad3249

SHA256
13d1531b7507337c346bd6a8eb4dabc88934093f1f93ee420fa5dda1266dd8f6

SHA512
a1f5c3cc8416c286bdc7ac622426ad787d19e4a09feb57333d58f84b7167c4bf4289de3fb2779f3a0fae50030606894508d622ca46b23e66707d4d450cb2298a

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsGunner.dll

Filesize
555KB

MD5
08a97737ed7739e6bfa5fd00ab49afca

SHA1
3154be4b2c7af35d0937a93ededa651934465b4d

SHA256
1d0d3623b7873ba01f71ff44b547e0ad9db785eb8b0a02e049384e859afc5508

SHA512
715f12a49d17d979952a915ee700b7838c0939a2553e5313efe26982d6437fb1b4d3feaf1c7d8a00d06097fba4ea1e7c98b0170de6869c172ee8f403e9820d44

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsPlayer.dll

Filesize
833KB

MD5
b546fb37affa3c3286e42924b162dd66

SHA1
65cb1f050e392b704eac747676ff2157ea70d09f

SHA256
7b119bf4d48880ad00e212fc03f4b6e7d63defee69bf3ceeb1434dc6c4c9e3fd

SHA512
94eada68b221393d57ace44c4cdfc20e287126f27254f61af9aecf3dd7877f02af8cc5826e044a5ac0930d76156dce930e78d55d46efe520196bf0d18886b718

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsRevert.dll

Filesize
282KB

MD5
cb3c47dfa89a0575d13255f3b0fde4a1

SHA1
dcb67be81c0ea47c6ef1099a68df9157ab9c15ba

SHA256
2f1ba30f0352525f416cba2025c888d4451789fb21695719e131350d0f5514ae

SHA512
ef24726893ae48bc1c8726513b362a6a5dff852bca5d77db6718ddcacc4ba6c2aae9c5ff63b0b3e4aa1c5a927f4cda3a5b8b8fc8cab3c9a56bb16c4a6866c924

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsStable.dll

Filesize
223KB

MD5
08bdb4e5812e7c98a6f326a187170c0c

SHA1
047edd1011b9d73fe5f80ddbebc2891c050cc280

SHA256
1e411dd8e768fd02e7f00f906ce5ec9dc1d4223cb88e94fbfb36647721a07355

SHA512
940dec55656360bd1ea8292ec009ba54ee86ca19a3b81f1fe8c63aeb76b5e12e1e05132f796b7421680bc4f70bc15a947150e606a18f1d3fdf5694befe85db11

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\VCRUNTIME140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\VCRUNTIME140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\avcodec-59.dll

Filesize
71.7MB

MD5
839fec4ecb99ff114806826c62b7b44a

SHA1
f345ef9d80f4c4b5e5b5434cf8a7ac126e537c4f

SHA256
7be151a709e0333e62e1bce0e5dab857a60ac820de25430c18d48244fcab6929

SHA512
d5618c886b79ad5a9f073e32b5f8c683d2a0cbc18a9511826a3be291169da36fbab65c1ca783b06e53a38287d7e65139b702c8110bd9de9dc8926a4e3432fa93

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\avformat-59.dll

Filesize
14.9MB

MD5
8b012c9732d39dd3279041698627fa8d

SHA1
3f8058d3813b64aea7baa1c763f89a5a95566a13

SHA256
584ef6ffe72870ce8b29dd367e9775dd990631ae2d2741c41a1537333dc743cd

SHA512
a5cb7dc9f327f20a8824ea4d53c57b8dddb8f9a021cc49470c576e91946c672e935afa1018387724292b34297bd71d6f030b2557b94eca82c2cbb5560aa8cb30

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\avutil-57.dll

Filesize
1.1MB

MD5
4f226bf8955f9f5d55809f7ee9dfdd1f

SHA1
6d80129fba0c454cc1b2e92c7402ddcb21e59c27

SHA256
5f84132cdf18b251bcf825ad698ab2fa937e2de9e9c6604003e9f201f4e98ed9

SHA512
c91478c4f2dd71137f41e889264049b7fa78e138d2990b323ed3312cf0a47ab38e4bc0854eaa3f706fb4efdf10a7a68477c75838e0ee5e15d24e371762e9fdf2

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\feedback.dll

Filesize
273KB

MD5
06b4f643dddd660fbee51f2b5aedfb72

SHA1
cde0e382cd89af15267315f6ff9f6d867b3ab7d4

SHA256
af9149a6da3eb3cf9ec4e17306f689b54217c7b439534e8c7c61ef35a4fdf689

SHA512
65003c5650200086433b2b5b879d2dd262f240da60ac16425b09a819b3a2f8d563a2847814f5ab49a6b05fd5356c6260e90415a376b8d420e36d233440708049

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\lang\translation1.1.1\is-9MSG9.tmp

Filesize
5KB

MD5
3d3f06703d589d456aa6a74925b9067d

SHA1
0a605a2f297a382a0f2c6555328d2e7dfbc22e9d

SHA256
e036602fb15577ba98789d5428aa3eaf60a27fc8522c75a5b75b2b273f39b7a4

SHA512
f76060695a2a9d566d742c8e4cd7bc62be22a974bf1ea3f5060b6b2547ab0cdb1df668aac14fafe916d69ee0207b917a71b283865f9d2518744855fccd59d17a

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\swscale-6.dll

Filesize
678KB

MD5
cdb26f15cf4c078cca6de731e6dcc1a3

SHA1
c9d8ff6d9da9b5e47f96c9ad5760f379f10eee26

SHA256
456a06a4a589b53d48a88ee18c572b8f533fb5c34efe94baa7837f66570b88fd

SHA512
358d30c07d0ec620b81ed56658545f5a05d0a40935015e1f5d63136eb5435b2e24f7b457adc1d6a1e3c15c216b6fb24e6a31167655fd1d7465339092c7d6f8a4

Download Submit
C:\Program Files (x86)\HitPaw\HitPaw Video Enhancer\unins000.exe

Filesize
1.3MB

MD5
875043a4500bd66bc5e6789758fae631

SHA1
def39f076b34b1b84edfe05e598b64d47a9e270d

SHA256
9b44f3397610c8e4c0668f394ac76f928050af324a6d08313ab0c4b1441ace23

SHA512
bd47a246bbb86a30c0578a8b8871304f0888e152d7da1ca51ace9c48739a2df6038815764e5b4f6a0772bce64f9e99717d0b3d12d9d28b4881ad600c0a5e0fa1

Download Submit
C:\Users\Admin\AppData\Local\HitPaw Software\HitPaw Video Enhancer\cache\qmlcache\d24a0f881d27d186ce137c6d58fa00ab25176fdb.qmlc

Filesize
19KB

MD5
176fc2501cc8c8cf29678706834366b8

SHA1
82a3b2a9f14a2fc2048fa2c2cf3893b38debdefb

SHA256
d2ab5812df8a441f4f2a4692e273efa06b1f574815ebe369bbd7e82d54dc4cd5

SHA512
efafac4a31dde2ab67e216f89f3a23f3b70751036b412f8f2ebe0263f6e0e99d3d91c71e142e616390aedaf781546478cb60f9d10423b61df5f3ab7664cffd8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T5JYCXSS\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OHRMU0Q9\rn-ui-hitpaw2-1.0.0.min[2].css

Filesize
122KB

MD5
9cf4fc79b7283154b73a2f63cf4b9dd9

SHA1
f5d16230ded7df24605d0e72dc5932242ddb2187

SHA256
34a994462bf7672bb46f4501785aef3ee9e0101ab20d3c8a5c3ba55f4ec36c67

SHA512
afe7e2cde3f76fecfb9101f5ff4723edaa11058d64789c3163d002c3ca27f0b64d8879149a63e3c715ee4564462245d6113f4672e695f352f0cb21a63ae54e21

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\95H871LW\www.hitpaw[1].xml

Filesize
415B

MD5
f2ccd1ecf4dbbbcb3edaa837d0b313fa

SHA1
7963a7883ebaadc132ca5d560fbf2808f7c0c755

SHA256
ac638f2c9ddeec7aefd349e72a86a5460b6b466daef7ad9548de808d970d3ef9

SHA512
cd8d144a6e9d4fe377de4a70e2fb6e71de8b117859dcc9d27f48d4b9dcc9646c66e75a04362762af688e4f3727dfd96efc25dc27fab17eff52dd6a72dde372bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5P5ZDI7L\logo[1].ico

Filesize
4KB

MD5
17067b0dbf04631596f1fa46df4b1cd6

SHA1
48e68e32b24cf8b727be9a3a2da5798185626284

SHA256
0c7d618116f1aa4cebf6ad24a94e565776fe9dcf5af40343c17021cb5ad291a6

SHA512
96050bb79d72bf63235d10c38e81ba05d91574c67f9ded8ccb3544b192eb9194d0fa75a21576c32aab2d634e4a25aec486d7765740185acf48300c8e058794e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bugsplat.log

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Users\Admin\AppData\Local\Temp\hitpawvideoenhancer_hitpawnet\hitpawvideoenhancer_hitpawnet_1.7.0.exe

Filesize
840.3MB

MD5
cae6accab869343977e976d67254ddd7

SHA1
a32c9d35a060dfbf73bf2bc1e6b5ef0cfd006297

SHA256
18b56fcd527aae7bfccc283fd1cd9a74680043b8b5716893e8f55b6f9b94bfe8

SHA512
69a088bc0e5c3306a97acc75e912a6780d8d1efda01d3e9e823d77f0ea6c6b6410ee127fcad8c5e0af1989b0c3b929597c1010df8e935079db8ad8e661782cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\hitpawvideoenhancer_hitpawnet\hitpawvideoenhancer_hitpawnet_1.7.0.exe

Filesize
840.3MB

MD5
cae6accab869343977e976d67254ddd7

SHA1
a32c9d35a060dfbf73bf2bc1e6b5ef0cfd006297

SHA256
18b56fcd527aae7bfccc283fd1cd9a74680043b8b5716893e8f55b6f9b94bfe8

SHA512
69a088bc0e5c3306a97acc75e912a6780d8d1efda01d3e9e823d77f0ea6c6b6410ee127fcad8c5e0af1989b0c3b929597c1010df8e935079db8ad8e661782cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q13JO.tmp\hitpawvideoenhancer_hitpawnet_1.7.0.tmp

Filesize
1.3MB

MD5
875043a4500bd66bc5e6789758fae631

SHA1
def39f076b34b1b84edfe05e598b64d47a9e270d

SHA256
9b44f3397610c8e4c0668f394ac76f928050af324a6d08313ab0c4b1441ace23

SHA512
bd47a246bbb86a30c0578a8b8871304f0888e152d7da1ca51ace9c48739a2df6038815764e5b4f6a0772bce64f9e99717d0b3d12d9d28b4881ad600c0a5e0fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q13JO.tmp\hitpawvideoenhancer_hitpawnet_1.7.0.tmp

Filesize
1.3MB

MD5
875043a4500bd66bc5e6789758fae631

SHA1
def39f076b34b1b84edfe05e598b64d47a9e270d

SHA256
9b44f3397610c8e4c0668f394ac76f928050af324a6d08313ab0c4b1441ace23

SHA512
bd47a246bbb86a30c0578a8b8871304f0888e152d7da1ca51ace9c48739a2df6038815764e5b4f6a0772bce64f9e99717d0b3d12d9d28b4881ad600c0a5e0fa1

Download Submit
C:\Users\Admin\AppData\Roaming\TSHelpService\4808\backup\tempga.wk

Filesize
3KB

MD5
acf4a8ec8ea68461f4e4143a7fa17cce

SHA1
08b9813498d9d80067664f399624b952f5bbd1e6

SHA256
8ec7e51398a10ed7e4213664b0ebebd2b591a68688825a8436640e3106056f2c

SHA512
3f980a94f1bd3ac978a1a36bcce30d8c6b204c6f37d9f3de96f79a30c9f24af8ff77cace8bd775fb6277c8e165e3d910a31ae64b5ef516998b2caae3bc760b85

Download Submit
C:\Users\Admin\AppData\Roaming\TSHelpService\4808\backup\tempga.wk

Filesize
3KB

MD5
f4a233949323e2943a53307169c59e84

SHA1
aba7d4086f5939e35fb0362839dcab404f93e870

SHA256
42d5c5bbebae00ed1c29b9195753ee7841b3b4dca9d336803b25bf7c4818f8d0

SHA512
80c296a1defaf9b002162a2012c6c88b8857a879ab92ecaf3a78002d052f0aef7f3419c433ecfe1202b25f463a1511bea713c74c2769628a47d3999445867ca3

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Armor.dll

Filesize
6.4MB

MD5
fa9301dce218c98353bd994f1740ed25

SHA1
9f07572a0d4d8bbdb36e7d5c2b8f3435a91358b9

SHA256
072f648f7c30f05f04bea003bd8a38104ed08752c0536337ba1b85f435c94c68

SHA512
97fb2cfff279ea9f3566cf75a2223a33d72754e2a3050b48fe107d22cab0b26b44654de21ebda8fd9817257a28caa0ab57130a8a7854f4effefe3a66cf1a583c

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\FFmpegJoint.dll

Filesize
82KB

MD5
dbddc4476c5454275373d05483d48b39

SHA1
eab0feefb9404e5e9e27783ec2cd919ae0095ff8

SHA256
ed3d09e31f8e0bb380b23bdf96e9bfd8cb0849a9be3d10384410e40b93e26491

SHA512
620875e0bce91fcf33f770456293dbe316d06b368e8e62d7ff583ce707730418fa1f442140c4143f6c453712082777e4bc0a8876b052e0bd1e06bbe80d8d5be5

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\FileReport.dll

Filesize
115KB

MD5
a01fdb3cef78b16bf98bca8fd776e8cf

SHA1
380284dfd6047849e62484dbcdbd593cf279e6c0

SHA256
4ffa7f918df69edcac1fe34e83d221301390d0bef2b694d4f2d3b0adb39e8ed3

SHA512
5eafadc2a9c5eabf7640b1d59cacb674907724d8ab90cb4ae01053d27443c19d330d49aa9d87aa43cc56e178653993466f663321fc524661815dc18a6c31a986

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Core.dll

Filesize
5.8MB

MD5
b2b77282c8f09de9c77bd486a94a1676

SHA1
78758728c039ecc6ce77f45cc70408a49b0fa4e6

SHA256
60b21a618c7f4ee015b8060dd8a64e9fb39c5167ff369eba8aeaaa29290c3485

SHA512
dacd2643397ecc6d45859fc202480ba964782b6334c017095ee02888cfbdddd3b91621ba6d2fe34c51a4c7166413f89bfd2409ac23d89b712587dce95cf9caa5

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Gui.dll

Filesize
6.7MB

MD5
6d50542785d7962382c3756cd85ca12c

SHA1
4838742895b3a2450031d6c90768fe9bc9722f33

SHA256
0323c7fbd9a579f339b597b3e5f5b6e02814ae594f7fbc0cdd1786a5a32551ac

SHA512
c3f6ce45a901032052453565b01516a5ae81c41580e8dbdeffc45920692f8e7cdd0c4149c30ca07867be11f3964c6528f78a2de948d5eaa9aa1bab6f2b8cea0e

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Network.dll

Filesize
1.3MB

MD5
d9730d9354bc8b3d2b6afec51893a990

SHA1
e47a84d9961792180ba34380eb6200656d2b085f

SHA256
c5650340a415128f0d4f47ce1d94ea04e9bde9199943fb22f22547d0678264b1

SHA512
6fafba68a3ee6c24339e76b8c5f58b2e1bed0eeb9fe9ce09f6431a5e43cd8c9f30f5a8063aa890766cf02de9daa6c9b02e630617cacb9dc36a41216e8b5536b3

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5RemoteObjects.dll

Filesize
474KB

MD5
585eb34783656eaac5d292fa8595ba52

SHA1
c985d3cbb05fd7b558fbedbb726c703ed992f2d8

SHA256
6d968bc1d4b79643504c753bb24e8d735a8c8a66e8903c45a43b8ae81d540084

SHA512
09ce1c7783dccfe430e513840c45145817771ed55bfa33e95680207d3554404a2600f45cd1b9b935765ebbf4304a8cb6c1012438ab15581f67bd7fe198df6788

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\Qt5Widgets.dll

Filesize
5.3MB

MD5
220bf38b520fb1e7fcdb36b514fdea46

SHA1
b143c471b47b2c524e35305ba977cbf9d54edc23

SHA256
54f56144d8e1199f548a2462519c1c2e42fb49faf15fba19c032284e82f1c883

SHA512
59a48600f80ce86e41eaf8ef61211754447de331ff9f5d8ab3fe6e1d2a4f55533824a32e1c4e6d99df430b784fe835d421cd646bd371d439e8ea4495ee7ddffa

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\SoftwareLog.dll

Filesize
1.5MB

MD5
33247280aa899db9d76832414ce1a1c4

SHA1
ca5e659ea499ab4bdf35735c0304996d5cc3a8d1

SHA256
d0319c334e826b36554ea44d22430ec1f12d66d74e0cb89b22319802fb10890a

SHA512
49db5bcc2b28cfa89e217ab47d8cf56e28099a6f916a9ef7ab2449766b9346d433ccdacf2c06653e0e09ab38b4185880c811fc7c468ad6e1d41e47f5ca35e9c6

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TSMonitor.dll

Filesize
40KB

MD5
5bd5bb152cdf036889365054f4fa12aa

SHA1
bcee97faae391ef1ed3e0425acdb16a68bf17297

SHA256
c4fd6fbbcb890adfe1bb2b39539602a01b487918cd36c7cb9b6124e6df4ea43b

SHA512
e9af88fd5d2b43805c1c16ffbb481c6e8513d3a38051a9c2c45d60a6afeb2a30123d1f767e526377bb2ba77638704f86dc6dd008994ffece259835b24e07a690

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TaiShan.dll

Filesize
413KB

MD5
066a56b06301006ae1d2de09fd926cf8

SHA1
d4c156b3d046567727f738075b3925fa20d8f90e

SHA256
2e5613e16c04382df2645d46b7735dab9075754587c957612dd872a20522c6f8

SHA512
601e4d4982eeb10e7050f6c1f0911dedb8450042f8ca042b5084ad2cf5539d9617239c7387ef3f80b6538d455f441805446967490b531d57f19d9f353f77b5bb

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TaiShanBase.dll

Filesize
89KB

MD5
6f1cd7b597782d889eba769d2cacc62e

SHA1
5aa69ec7f0e39392dd8fff3b882a2b02d01739cf

SHA256
ccdb5491716989a161350d8401b16c600ce658afe4ea3ecacfce6e14ab247a9d

SHA512
5ccca2aebac0963b7b10732ccafd845ab7bc7a5274d55f2fd70d7f69f0f6366a853abe5138f43c095dbe7459843e3f4c347357c2e3a654204cd73c35acb2f04f

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TaskProcessSever.dll

Filesize
228KB

MD5
76cd87fdc71bbf56070f4f1cb7958856

SHA1
2d61ff1fb8909d8f709e20af2fa127c539b17118

SHA256
dac2720383d08849f7554165e1c75adb9e3682251278af983dcf57bc1342097b

SHA512
2ff9d0ab7ee52d00ae1b9985030b8b70f1303a5229fbd09d3e0c2a903bec8afd6aad1921752810bc5c5ff6490b0b2d9d0d73acb0d5384ad415c3e125afe66c46

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsDispatcher.dll

Filesize
537KB

MD5
d405b162e5a07dfbba0edc5daf917581

SHA1
dd2b0dd6b128fe5e2421bc6197f0def10a80431a

SHA256
9d7d9595851d678a10f52e78a3ce35b012aea33a3110a40428f1dc601d819a7e

SHA512
5d65afa7dfe7f3852898979cbec5e7555aedceff17ac710ca213c456138667e9557b28971edae0cc7a560b4d91fb4cca9eb538a644cb13e40bee9d4ad09e268b

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsFetcher.dll

Filesize
229KB

MD5
f67f5aa64d64a6452752acffa8d34620

SHA1
8c3efd745426d5565314d56e5f3e29acbdad3249

SHA256
13d1531b7507337c346bd6a8eb4dabc88934093f1f93ee420fa5dda1266dd8f6

SHA512
a1f5c3cc8416c286bdc7ac622426ad787d19e4a09feb57333d58f84b7167c4bf4289de3fb2779f3a0fae50030606894508d622ca46b23e66707d4d450cb2298a

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsGunner.dll

Filesize
555KB

MD5
08a97737ed7739e6bfa5fd00ab49afca

SHA1
3154be4b2c7af35d0937a93ededa651934465b4d

SHA256
1d0d3623b7873ba01f71ff44b547e0ad9db785eb8b0a02e049384e859afc5508

SHA512
715f12a49d17d979952a915ee700b7838c0939a2553e5313efe26982d6437fb1b4d3feaf1c7d8a00d06097fba4ea1e7c98b0170de6869c172ee8f403e9820d44

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsPlayer.dll

Filesize
833KB

MD5
b546fb37affa3c3286e42924b162dd66

SHA1
65cb1f050e392b704eac747676ff2157ea70d09f

SHA256
7b119bf4d48880ad00e212fc03f4b6e7d63defee69bf3ceeb1434dc6c4c9e3fd

SHA512
94eada68b221393d57ace44c4cdfc20e287126f27254f61af9aecf3dd7877f02af8cc5826e044a5ac0930d76156dce930e78d55d46efe520196bf0d18886b718

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsRevert.dll

Filesize
282KB

MD5
cb3c47dfa89a0575d13255f3b0fde4a1

SHA1
dcb67be81c0ea47c6ef1099a68df9157ab9c15ba

SHA256
2f1ba30f0352525f416cba2025c888d4451789fb21695719e131350d0f5514ae

SHA512
ef24726893ae48bc1c8726513b362a6a5dff852bca5d77db6718ddcacc4ba6c2aae9c5ff63b0b3e4aa1c5a927f4cda3a5b8b8fc8cab3c9a56bb16c4a6866c924

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\TsStable.dll

Filesize
223KB

MD5
08bdb4e5812e7c98a6f326a187170c0c

SHA1
047edd1011b9d73fe5f80ddbebc2891c050cc280

SHA256
1e411dd8e768fd02e7f00f906ce5ec9dc1d4223cb88e94fbfb36647721a07355

SHA512
940dec55656360bd1ea8292ec009ba54ee86ca19a3b81f1fe8c63aeb76b5e12e1e05132f796b7421680bc4f70bc15a947150e606a18f1d3fdf5694befe85db11

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\avformat-59.dll

Filesize
14.9MB

MD5
8b012c9732d39dd3279041698627fa8d

SHA1
3f8058d3813b64aea7baa1c763f89a5a95566a13

SHA256
584ef6ffe72870ce8b29dd367e9775dd990631ae2d2741c41a1537333dc743cd

SHA512
a5cb7dc9f327f20a8824ea4d53c57b8dddb8f9a021cc49470c576e91946c672e935afa1018387724292b34297bd71d6f030b2557b94eca82c2cbb5560aa8cb30

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\avutil-57.dll

Filesize
1.1MB

MD5
4f226bf8955f9f5d55809f7ee9dfdd1f

SHA1
6d80129fba0c454cc1b2e92c7402ddcb21e59c27

SHA256
5f84132cdf18b251bcf825ad698ab2fa937e2de9e9c6604003e9f201f4e98ed9

SHA512
c91478c4f2dd71137f41e889264049b7fa78e138d2990b323ed3312cf0a47ab38e4bc0854eaa3f706fb4efdf10a7a68477c75838e0ee5e15d24e371762e9fdf2

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\feedback.dll

Filesize
273KB

MD5
06b4f643dddd660fbee51f2b5aedfb72

SHA1
cde0e382cd89af15267315f6ff9f6d867b3ab7d4

SHA256
af9149a6da3eb3cf9ec4e17306f689b54217c7b439534e8c7c61ef35a4fdf689

SHA512
65003c5650200086433b2b5b879d2dd262f240da60ac16425b09a819b3a2f8d563a2847814f5ab49a6b05fd5356c6260e90415a376b8d420e36d233440708049

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\msvcp140.dll

Filesize
618KB

MD5
b9abe16b723ddd90fc612d0ddb0f7ab4

SHA1
b323de242f21f39cf1cca4198ba1abb52e6aa0fb

SHA256
75fc76655631a4ae72d015b8e85f899537c603661ca35a3f29099b8e4c84716c

SHA512
2a66bddb9b6768419c6baacbf8bb19cda5662f5b1a1a3ca760b1d9d7ea7d65d19c29f48b7621362107eef819d692f1d2a55a6d7d0217ecea91eb6e150f6ab646

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\swscale-6.dll

Filesize
678KB

MD5
cdb26f15cf4c078cca6de731e6dcc1a3

SHA1
c9d8ff6d9da9b5e47f96c9ad5760f379f10eee26

SHA256
456a06a4a589b53d48a88ee18c572b8f533fb5c34efe94baa7837f66570b88fd

SHA512
358d30c07d0ec620b81ed56658545f5a05d0a40935015e1f5d63136eb5435b2e24f7b457adc1d6a1e3c15c216b6fb24e6a31167655fd1d7465339092c7d6f8a4

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\vcruntime140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Program Files (x86)\HitPaw\HitPaw Video Enhancer\vcruntime140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
memory/224-4368-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/224-4601-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/224-4589-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/660-131-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-3440-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-137-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-139-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-141-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-117-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-133-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-143-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-152-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-213-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-129-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-127-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-125-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-145-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-176-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/660-147-0x0000000000400000-0x00000000008AD000-memory.dmp

Filesize
4.7MB

Download
memory/676-5207-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/676-5154-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/736-5291-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1224-3562-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1224-3457-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1224-3441-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1224-3443-0x00007FFDF0920000-0x00007FFDF0922000-memory.dmp

Filesize
8KB

Download
memory/1224-3483-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1224-3465-0x00000207BE1F0000-0x00000207BE200000-memory.dmp

Filesize
64KB

Download
memory/1224-3458-0x00007FFDF0940000-0x00007FFDF0942000-memory.dmp

Filesize
8KB

Download
memory/1276-5075-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1276-5076-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1388-5020-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1388-5019-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1388-4711-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1388-4714-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1492-4770-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/1492-4623-0x0000000000870000-0x00000000012E9000-memory.dmp

Filesize
10.5MB

Download
memory/1492-4390-0x0000000000870000-0x00000000012E9000-memory.dmp

Filesize
10.5MB

Download
memory/1752-5085-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1752-5087-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1772-4888-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1772-4890-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1828-4950-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1828-4952-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/1900-236-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-207-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-223-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-226-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-243-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-218-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-230-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-239-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-232-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-182-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1900-187-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-215-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-197-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-212-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-220-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/1900-210-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1900-4765-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/1900-4766-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/2032-4892-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/2344-5135-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/2344-5139-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/2868-4344-0x000001E802DC0000-0x000001E802DD0000-memory.dmp

Filesize
64KB

Download
memory/3300-3559-0x000001DCFF530000-0x000001DCFF540000-memory.dmp

Filesize
64KB

Download
memory/3732-4825-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/3732-4828-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/3756-4709-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/3756-4705-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/3760-5290-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4108-5209-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4108-5205-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4356-3464-0x000001E7C4540000-0x000001E7C4550000-memory.dmp

Filesize
64KB

Download
memory/4416-5016-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4416-5018-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4468-4637-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4468-4609-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4776-3526-0x00000237AEFC0000-0x00000237AEFD0000-memory.dmp

Filesize
64KB

Download
memory/4832-4829-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4832-4830-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4872-4762-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4872-4764-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4880-178-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4880-173-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4880-3378-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4880-184-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4904-5146-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/4904-5148-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4916-4889-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download
memory/4916-4887-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/5004-4953-0x00007FF7894C0000-0x00007FF78AAC8000-memory.dmp

Filesize
22.0MB

Download
memory/5004-4954-0x00007FFDD3630000-0x00007FFDD416C000-memory.dmp

Filesize
11.2MB

Download