6587f6d85e3e0fc3e409de458b149488d25a1c4f7785f9b31da9d94604c2fec6

Analysis

max time kernel
596s
max time network
457s
platform
windows10-2004_x64
resource
win10v2004-20240426-es
resource tags

arch:x64arch:x86image:win10v2004-20240426-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-05-2024 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VidCoder-9.20-Portable.exe
Size

82.9MB
MD5

e9871a4af33612dabfc41facd7551ff2
SHA1

47ae07d76693a7589698c837298d9fb6ade63622
SHA256

6587f6d85e3e0fc3e409de458b149488d25a1c4f7785f9b31da9d94604c2fec6
SHA512

6396dc36a769664d75b6e69cbc487a316f734ef9986ad966609ae45040d5f1a3c9e9b15f49e38c9642a346317a39e4f4d9b8bc3ce0fada51b71601270f21f9c2
SSDEEP

1572864:dYUlMaNUkgxyWxQCjCphRsC3tdf7vWvxhfr4J3JD7LA+wZ9r9RA5cHlNEgIJosU9:dnMa2kgxyuCt3HOvXfr4JZDB2n/EgIxE

Score

5^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

VidCoder-9.20-Portable.exeVidCoder.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	VidCoder-9.20-Portable.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	VidCoder.exe

Executes dropped EXE 1 IoCs

Processes:

VidCoder.exe

pid process

800 VidCoder.exe

Loads dropped DLL 64 IoCs

Processes:

VidCoder.exe

pid	process
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe
800	VidCoder.exe

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

VidCoder.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32	VidCoder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\VidCoder.exe\" -ToastActivated"	VidCoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32	VidCoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\VidCoder.exe\" -ToastActivated"	VidCoder.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 23 IoCs

Processes:

VidCoder.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe\DisplayName = "VidCoder"	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local	VidCoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\AppId = "{17a3abd3-c4a0-d399-685f-d96d58822c81}"	VidCoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{17a3abd3-c4a0-d399-685f-d96d58822c81}	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp\RarSFX0	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}	VidCoder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\VidCoder.exe\" -ToastActivated"	VidCoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}	VidCoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\VidCoder.exe\" -ToastActivated"	VidCoder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe\IconBackgroundColor = "FFDDDDDD"	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin	VidCoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\LocalServer32	VidCoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{17a3abd3-c4a0-d399-685f-d96d58822c81}\RunAs = "Interactive User"	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID	VidCoder.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp	VidCoder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\17A3ABD3-C4A0-D399-685F-D96D58822C81\\Icon.png"	VidCoder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\AppUserModelId\C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe\CustomActivator = "{17a3abd3-c4a0-d399-685f-d96d58822c81}"	VidCoder.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

Processes:

VidCoder.exe

description	pid	process
Token: SeDebugPrivilege	800	VidCoder.exe
Token: SeIncreaseQuotaPrivilege	800	VidCoder.exe
Token: SeSecurityPrivilege	800	VidCoder.exe
Token: SeTakeOwnershipPrivilege	800	VidCoder.exe
Token: SeLoadDriverPrivilege	800	VidCoder.exe
Token: SeSystemProfilePrivilege	800	VidCoder.exe
Token: SeSystemtimePrivilege	800	VidCoder.exe
Token: SeProfSingleProcessPrivilege	800	VidCoder.exe
Token: SeIncBasePriorityPrivilege	800	VidCoder.exe
Token: SeCreatePagefilePrivilege	800	VidCoder.exe
Token: SeBackupPrivilege	800	VidCoder.exe
Token: SeRestorePrivilege	800	VidCoder.exe
Token: SeShutdownPrivilege	800	VidCoder.exe
Token: SeDebugPrivilege	800	VidCoder.exe
Token: SeSystemEnvironmentPrivilege	800	VidCoder.exe
Token: SeRemoteShutdownPrivilege	800	VidCoder.exe
Token: SeUndockPrivilege	800	VidCoder.exe
Token: SeManageVolumePrivilege	800	VidCoder.exe
Token: 33	800	VidCoder.exe
Token: 34	800	VidCoder.exe
Token: 35	800	VidCoder.exe
Token: 36	800	VidCoder.exe
Token: SeIncreaseQuotaPrivilege	800	VidCoder.exe
Token: SeSecurityPrivilege	800	VidCoder.exe
Token: SeTakeOwnershipPrivilege	800	VidCoder.exe
Token: SeLoadDriverPrivilege	800	VidCoder.exe
Token: SeSystemProfilePrivilege	800	VidCoder.exe
Token: SeSystemtimePrivilege	800	VidCoder.exe
Token: SeProfSingleProcessPrivilege	800	VidCoder.exe
Token: SeIncBasePriorityPrivilege	800	VidCoder.exe
Token: SeCreatePagefilePrivilege	800	VidCoder.exe
Token: SeBackupPrivilege	800	VidCoder.exe
Token: SeRestorePrivilege	800	VidCoder.exe
Token: SeShutdownPrivilege	800	VidCoder.exe
Token: SeDebugPrivilege	800	VidCoder.exe
Token: SeSystemEnvironmentPrivilege	800	VidCoder.exe
Token: SeRemoteShutdownPrivilege	800	VidCoder.exe
Token: SeUndockPrivilege	800	VidCoder.exe
Token: SeManageVolumePrivilege	800	VidCoder.exe
Token: 33	800	VidCoder.exe
Token: 34	800	VidCoder.exe
Token: 35	800	VidCoder.exe
Token: 36	800	VidCoder.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

VidCoder.exe

pid process

800 VidCoder.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

VidCoder-9.20-Portable.exe

description	pid	process	target process
PID 4568 wrote to memory of 800	4568	VidCoder-9.20-Portable.exe	VidCoder.exe
PID 4568 wrote to memory of 800	4568	VidCoder-9.20-Portable.exe	VidCoder.exe

C:\Users\Admin\AppData\Local\Temp\VidCoder-9.20-Portable.exe
"C:\Users\Admin\AppData\Local\Temp\VidCoder-9.20-Portable.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4568

C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:800

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\DirectWriteForwarder.dll
Filesize
512KB

MD5
a44133e3dc3abd473f7c047538502a46

SHA1
c8666bec92653f233baf9e944a108bda3070d18d

SHA256
a32e39f506885feab67255700a797703040ecfdbefb4a80df81c17e8331e0964

SHA512
75afe85d74a7d6799df0fa9b05c4ecc515df28e81e667a41c03bf64d31d4f40af548d9afc88186ba7bace02e66b07b990b970406574c615fa918d13641ed2e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Microsoft.Win32.Primitives.dll
Filesize
25KB

MD5
f2ee7789e09626a24bedaed958b85ea3

SHA1
a83f9ea943e8a0c90befe839e81ad52bd18c21c9

SHA256
9f2b9a9bc6be3d13cdd03ee3e860901e37ec348e7565b14f1bab13590ab0d3d6

SHA512
cf0597e39c4fd93b0a7449e64afd724cf3d3a388a3c502ebe944782d00efdbeabbfcc152403eb3ba8ded531b1d7cd37f4532e455af4a5f1c3a1573d89df5c7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Microsoft.Win32.Registry.dll
Filesize
85KB

MD5
cf19b89edcddff601aecc9212feb305e

SHA1
8643910ba840dc241b327210551e1b9944b9f7ad

SHA256
d59189746f362cd58d74de3585256242e9620ad67891d42dccf567ce2e0dec62

SHA512
19e1bb0be8a8d39425f61ef15e512664b18771233a8837c1920ed076c6ed18f7bb39456b58fab86e5af468382dcef1a65dc4d9047b7d6f15199ad454e673ebf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PresentationCore.dll
Filesize
8.3MB

MD5
e6f19c31e8154784a873f5ef71cbe531

SHA1
9a43c006cc186005960b34b804267524ace6db85

SHA256
27c3507eea90e8f385a45376445c57e44f3e474b0937609ea40e758432cf37d2

SHA512
d12d07e08939051cb8746318a0f856a03d8315ea1973859627b80aa3fac80855daf5100c0c472a5cfc169b88ce27d566a70475095a02751ee870b0cf733853e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PresentationFramework.dll
Filesize
15.5MB

MD5
0f050890212acdfc6d6d4f29ed0b2e6d

SHA1
2010f4bb2d7dd4836d3a56a5d2372615563d08eb

SHA256
ed36e1c734f596b33003cb3769b2570eb73529fabf791d0fa539a16640407008

SHA512
65d47a7f913dd714baef7093ab69ce4c26ab4e2631411d4fe48b04d5a1197d88da1992f17c3e697efbe54e646dfea99bc8d8dc730f5262872e5cd7048c385e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PresentationNative_cor3.dll
Filesize
1.2MB

MD5
aeffae9ee6610a1b941cae781422a177

SHA1
23767efd808cf1b0a19d8a4fe19998c74ad1e4b3

SHA256
2cdab1fc17ce70595586ab91b87c1c4b2dee7b2b462f180f22f4682fa4ddf4bb

SHA512
187c6a091fc305323bab2c1feee6e71461b06d13f93a02c8afa1850505d292f7ae7362d8e13c96c5b8058e8e246c28f76185f6f9f76ae91ba9b40514f069f858

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Collections.NonGeneric.dll
Filesize
98KB

MD5
e2311907c521f46c510a34aa084ce5fb

SHA1
a16e6fb00b5e3f041a6f93797b94d0d0ea11b86f

SHA256
697d5886477da479a0003e7123ab715b7cdd5d524dde8cb839f08b328b7d055f

SHA512
95c4d8ec94ed2b3b74b7ace911cfe86068345699169ac77e2e24ec11ae86a2945deeb5b1741958c17a9c8cf7f4086a03654930eb2f8934565546ea86967d4332

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Collections.Specialized.dll
Filesize
93KB

MD5
5b36825632c9c4832be5cab8d8d05f0c

SHA1
c2bcf188359ce8bbe8d8e25d89d32bbec858217d

SHA256
6f55e08ed6e942680552471d8c98f1f11ae25a38e7a1563d704444529e4110dc

SHA512
3176b5ad041a48b9c992670a5d69f46d82c0a5824139e1f8b38a7d9230b5a88996143ee9178a0713f2a563cb8740f2f952cefa725cba84215df66d5fbd8db9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Collections.dll
Filesize
258KB

MD5
f687361f2dc8c90597557c311c4ee1f4

SHA1
2a7cfc6a7e9de416d63836d79b642f92b4ce490b

SHA256
bd70f91f77879c3f3e287ea1eb8e23b2413a938fc61459f766b03865a56fe1d8

SHA512
395c0ddbc977cd7021667907640c8ade41dbc5ba68ae7266303f8b49b7ccfbf226badcfef3bf24ba483793d3fd1b74187122c4645ac5cbe1b72b228390548817

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.ComponentModel.Primitives.dll
Filesize
73KB

MD5
de8b91cffb07571067c82b5b1ca8b9ef

SHA1
0f5725b846f7e1b9536d520e0dc40f31ac658c51

SHA256
0da88ac3e50fc1742ae33d254429cf77a575459f9b8cbf2e6d2790e0fc435123

SHA512
0c31f7ae813f9da5fba50971cfdc6371a9144aa5a4fb1b37a7d503961045bf80d7457526ec19b12b828afe275f51eea3dceb9d44db2fec7a3b200b05a807687f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Configuration.ConfigurationManager.dll
Filesize
982KB

MD5
cf8aef647a0ac49a5d94509fd3d1424d

SHA1
3242690808ae3adf72ee42bf9a2d407db0dbf534

SHA256
e3b902b6825d4deee4b5ef7ff0a5408a767caef5c8ec9355a805a87f9a9bab38

SHA512
7d80711b9635f9d014aa2fa9b134414a7dc0cd377f4244d7d2ba7e903fad5d644fa5eebd9aeb8266ec9695e74de66fc7816e6b96762c527fa58333b7d1820efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Diagnostics.Debug.dll
Filesize
15KB

MD5
3b28ad5ad2731fcb1f7b0d6961520e45

SHA1
3c748297ce5ab4a8dcbd57abfb0bf6f3c466f18c

SHA256
394eb8a62569f42ea6ce80a4d3ec892668f60a9330887b960daa0b34ade8e901

SHA512
be88d5e3f05dce597731989f44fa95077ad3bce47a2f1e2e026f35af3dbc69008642028e499169fb8bafde84681c2ccd1531349121f2317835bcf3258e4a3d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.IO.Packaging.dll
Filesize
273KB

MD5
e9bfc3fd7d2c442844de148c39f66280

SHA1
60a6acd88c984f10bbf27f5c31cb70d0e0f01a70

SHA256
86667c3caf04fa28013cb854d5f1a50ce56949e034754d88dfe743ee3439b4e4

SHA512
6f4168719b410b95946869a1ac1a370aaa2210d24fda2448cfe0295d78d37f3cc8da18a8a0317430e29aa958892882ee25e2f5dd8e0d1481feef394b88912e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Net.WebClient.dll
Filesize
162KB

MD5
039bdabb8dbd31182023d8f053a2ee66

SHA1
a4c00fccc59115ea24cb3a6a5a442110302a48f8

SHA256
335afe760b8b62178111e0b5ccd3fec2d02b11fb703ec85699e164078b8f3a77

SHA512
8af27c83b17c6380efac3f7c4a5344845557e943b2f4b1117145ebbcbe95477eac633f5ebfed5b9af4da4ed1a6c1f73c7b8535fbec6b5762574d643444c8edbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Private.CoreLib.dll
Filesize
10.1MB

MD5
cd1cbd2a66aca4e53419357e84837b32

SHA1
4ac5ca7cb6a9f8c4d58172188185abbe76dcc995

SHA256
eed65437df311c58937d34491bbe0b52a704aa5a900a5aa80bd2c20dc52989b6

SHA512
d785da82d5a0270b94ab05e8961bc86a47240990c3c27a9be48745ce9decf40361780eb7285ab4cba738242c30681e4235a0d6dd65ce64d56959a4bfb6ec283d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Private.Uri.dll
Filesize
246KB

MD5
3ce30c524db23de721215acc7d80b698

SHA1
f4beca55bad70305fb05d988cab7e7f0e9371613

SHA256
aff7c2c581e4a998d3c77bc537724e2e189532de249531d706d3fa51121b934f

SHA512
77894581ffa16223e32eb1075225f17375bce38eef1b8c7941acf8a0fc81fd3cff65371f0447229382e5c30c3acba4c5af1b482989ba83dba735aa02b539cac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Private.Xml.dll
Filesize
8.1MB

MD5
192a0e55c838903c975386158f4d1fcf

SHA1
7db55a16fb461c14d6ef01d773c355695867f6f7

SHA256
e2f32806df3e27c256ca4b3f2084235f63d570019a90fe6bc4a6263db77ef67c

SHA512
c2fe5b8b2f4fde639c9b7fb7322aa1d7baea84cd7c491c8e4e6d55626744c94b140a86f9db84582832965e6f257ed9aa57109c29f12ac9ad99f6bef4c86da9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Runtime.CompilerServices.VisualC.dll
Filesize
19KB

MD5
a73e3c49bbe8244f2a99cc5d89c7c429

SHA1
a790c47d96bad3aa2cee60e8aa511dc4335dcf24

SHA256
111c4f4814f284a8e4befca0616cc58e310854cfaed4a1136bd7dd157f210ec5

SHA512
c5a5e618207952ab05f7e280fe77ad966a1c46a0a4cf0c72c4cba663990e7214761c716652cb61e574232a933a6208bdb85bcf0b194353f3aa54226f318a0435

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Runtime.Extensions.dll
Filesize
17KB

MD5
bd30f3a1bf86a20ceeead4f4844387c7

SHA1
7c2c5f545358b234f49b9ffee78212436e210905

SHA256
d57b59997925b2e63cfd5b2845c459f8a6a923233bdd1e7ae78fd5870c669cf8

SHA512
510bdb64761d12c80c780741182891efe14e47cf02a042020533fbf56a628a5850dd68c52506426194a46f58ba19257c54b39aed39a364085eaa55f9228b83d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Runtime.InteropServices.RuntimeInformation.dll
Filesize
31KB

MD5
5a2bda88d61e32384765e0b7ab387caa

SHA1
348a1f54cca7dd551013ffa22e6d27185451b85e

SHA256
affb47793654e5541da9f3dcffa6a0840f10594e3f6ef9bdfd902464b825732b

SHA512
de57d3e97337e677216bb5a7838e32c028fff1da2093d0200a757895de77d978000ab6a5d8bb232cfb65b2fe95f3b4cfb79d25cb4b1f30efdac731a4ce227801

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Runtime.InteropServices.dll
Filesize
50KB

MD5
e58537b2b7f0143bda57d8fa16b062a3

SHA1
f2a32d67a73974b9576d9df455efe870005b8001

SHA256
4c94f80f91254c0c4e111707da05a2457913d000bec88d861bc1c8230ffd8d1b

SHA512
2301174328131910dc71f37de55ac9fc2e9751c2831e39b5be18e257a71bd67efc4f17eefa27d7ec9de3ade0753e039266dec2763fbaef383e5a8c8aebf8a767

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Runtime.dll
Filesize
41KB

MD5
d493b2e3691e0f8c7ac457b096f3c1cb

SHA1
93f458d067249f9dd2efeb762c275d0311b2c7e5

SHA256
4ca447a6c7666de87f73a76ba2a22e347f7c8ff3461b93752c6f79f0ccfefb4b

SHA512
684283c7fa97a8964260c64893886f267fe1e8a6b6fc8d568ab3242855a80cdfff5b4ba8ce2805fbbb1a4852e88d926f1ed8d87ef3d9b3f70e40c3a4b37e7707

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Threading.Thread.dll
Filesize
15KB

MD5
83e7664fa355134ed4baed691511123d

SHA1
3262e7ba09bac1fe57b83e8668debcdd532fd3af

SHA256
6d3316914fcf914df36ba297c7ff2d10c65752432c5c0c457cb48d85a9d0bff1

SHA512
62769a4cc68a4d546c288c41c38800c10165f9ee55284ba1b8cb0c8bae9169419f9515bb42617e473e227b6febebca4f29d28c7b0e9643a9254bbe938060eb0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Threading.dll
Filesize
78KB

MD5
dc0cf475432fde4bc85a7f414b56cf17

SHA1
c3f4f2d84cc9ee4f8f7e3cd9d2b089d0c6a00fac

SHA256
8046a9a6c5e1ebc579ac97fba84831cbe94dd373727388702380ffd2e6037b00

SHA512
3f03ae7ecbd420948b4b90a907cb61ec1cbeb2dcbe521341aea282597f12d09500f2640e0870c8174dd63e48a633ba45f5106104f4f73cb307957c3e226b8a9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Xaml.dll
Filesize
1.4MB

MD5
8a07d51f0e363121340429efb491822f

SHA1
5f8066d5605f813916b07c3cc06fa9f0ab9f5b8b

SHA256
326273fb9852103148f1a79b98d489c9af3115e04b4ce0ecde7a7a87276c4a16

SHA512
4cf736dd8d6a3e97dfcc86f7acc0a0ced19045109ad88a52c8327db325df226878a9bb0684b0e81590cadceda885002ed87f01a5e11d60d9437d7cd1908b2754

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\System.Xml.ReaderWriter.dll
Filesize
21KB

MD5
4692e0e050a771e53c051858dc62cb73

SHA1
c5045f8e0454211049cf5db839ed4b52b6bdde23

SHA256
2b23170c4fb20a3a401d725851d93b49d515735e96a012adfb412769f39cca9c

SHA512
f1af05ad38c9da1cccae6c9315c04bd143f855c8389469eb75da0f11f7385f94b15b12467771e3fd722579141f0ffc2dea1689acc3ef5be48ba583d08d59919d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.deps.json
Filesize
136KB

MD5
20ca7d6a7067431ce97d4dfee320cb50

SHA1
b6705cbe4b17ccaea72d7111778c0de92969e263

SHA256
0c2bbcdec0c0f1875a1c6c1e9140f7a8b5daf5b08bd93ea9f05fa38ed789e1e0

SHA512
830010f4733d939387b7fd55cecf57430b107e397fb3f0f2d6d5d32c7aab58ad82a9b6eb0d10db331b3b3cef0fec8ff87437bcea54d97bdfd5df90a3dfec2017

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.dll
Filesize
1.5MB

MD5
80d4732c4a0bf49f57588eef52e87a6e

SHA1
1ea2fae6a6d9aeb9279b809f135eec2a4a884152

SHA256
d1032db485e73ad328c1ba8d1865fa35c188eaa56c1699420d396e4e752ecf31

SHA512
a741de47fdaea4bd763a0e3b55180fc74f398093a796280f55b22bea3248360e3f61efe75c2633b8d97912d6909ba9722d9ae6d9de88c0282001596e96321eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.exe
Filesize
175KB

MD5
b01c0bd5ba704cca17b615f5672e3db4

SHA1
6eb10ff70498b4a920ef76cdbca5d9124bb918a3

SHA256
7ce7727b889b6258d941ce9d233071678b45b9d107bb262f93cb928df7e495e1

SHA512
ff05472bc7f049267fb95e03e0e3de7acf94d3e57ce4b3c639d793da04ca096f0e9df0e321f298af0a6e14451212251fe4c6babe15cf68bc214f57d105982343

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoder.runtimeconfig.json
Filesize
382B

MD5
edc9bb8806b269ced2ce5d73dfe6c98d

SHA1
0df8a5780e598365d81b426e2a764a4bbc1162a1

SHA256
a4d5322718ee83e4d6401fb0cc5d8ecfe04335abbba1a8412ffd7342460873e0

SHA512
3418d3ec07f739ec9520a58a2daa6cfbca69743824488d745685068b6a68016d0a9ce52c607c73993507132a7494ec665105f7e28e0af2f1050046696051741c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VidCoderWindowlessCLI.runtimeconfig.json
Filesize
253B

MD5
24e4653829de1022d01cd7ddd26e2f22

SHA1
9160a009cb381e044ba4c63e4435da6bfeb9dc6d

SHA256
ded3aeb5856a11db0b654a785574490cab55839ebfb17efe9e39b89618fc5b91

SHA512
efd4bbba1baec0b47003831510e3aa539db9ef468e0f06ba9d7ba6d0b3800035f7c818d7d90171bfd377ec97d08c4617555bcff635dd83efceb412b1a9cca820

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\WindowsBase.dll
Filesize
2.2MB

MD5
050dc5a86523712f8872d099654b6a22

SHA1
bf82eddacae716060abcb3390abc7573fcd9a986

SHA256
c253cc56b761dffbce3619c842645b1eb5d7531301d085249984fc53b785d1f8

SHA512
c0c1bddb6c2411d0b0e0ca08509dffbfb87078ea03c1bddeac5da9aec13cc0029ce6eea53b4e34c0b2be67049f450e780661aa470bdc75976b16b22adaaf256c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\clrjit.dll
Filesize
1.4MB

MD5
64926c3fa660f6f0dcb738335e61ec84

SHA1
5d97bd9d0f2c61b669730f872122a1a42f7fb5db

SHA256
20fbdc406e0f36d1320a44e76f0d4881b86cfb18947a7f8e4e7acf8798a1534d

SHA512
0cb4197a817699a2ace0ce6a3bd1bbd825bda72c2f29fae0a8bf234a8ae849a6e6fc75117b9fddc4ccaa71f6b18cea64938d0ebff7277f9aad712b25961d65a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\coreclr.dll
Filesize
4.9MB

MD5
6ffa88e2df9e2d543239985832c78181

SHA1
b6168e470c68095e803ca827fe35d59daf827bce

SHA256
7fc775e076b2cf7021fe38058ff782228926ed45ea79a687d99b6bb499c3b7f5

SHA512
1fb2958a6fb541d046801a8c2ce73cf8a39901c32b84aceace70c8d93fe0a9ca24cbac5ae93669e7fa4ff1978d124baa782e39750f64cbae99ed3ccfac352052

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\hostfxr.dll
Filesize
369KB

MD5
ee507878a7e2579d2bfda2d03fa84465

SHA1
4e9c9ff4f2672012612ff9f27ade39fa264d337b

SHA256
0b0aed1f8f291cc81d2334b649837ca1d0f13d14d58fbd19cf3a282e80f299e1

SHA512
569e1036c930a401983747eb9d7c1aeff71e359d7d2e0a301479c255f24fdfb9e41b3585b0918dbaac12e2b5afc3f5710455fae1222adde763850e0364cc01ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\hostpolicy.dll
Filesize
384KB

MD5
19167bb1ae169e319e62aa8a11bf2122

SHA1
4b7942151c595ffa3b23a2a954fe89823e34c8a7

SHA256
b6fd2e79738e993263efb4553ed9a94b98300c543f7c0d38a0bc7bceae9fc2ea

SHA512
599e1c792490b0e9a95be06224486c0c694bd2a6d5970459875c802a7143ebdd727f1f7f316282afd64934d5d6932b91fe22a518000f0ef930140a0e7aecfb2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\mscorrc.dll
Filesize
143KB

MD5
4e9dfc286b3d1a5123e68aa937da21cf

SHA1
faeef31d79135c8e38744b5b0d08fdaa101776d0

SHA256
642f650fd5d3520dec37c6ecb96f6566d45b81ea196cd4a293bc33c12a612743

SHA512
32b77bb9fb0cd5b7057663dfb8c750db266965de7df866212600d1afae14d106c26ddba9c1f60b191f42db0ca01e3e9ebf0d429f47f5dccdf72a6f5c2306e704

Download Submit
memory/800-1209-0x00007FFAB3C5B000-0x00007FFAB3C5C000-memory.dmp

Filesize
4KB

Download
memory/800-1285-0x00007FFA9E0A0000-0x00007FFAA3A69000-memory.dmp

Filesize
89.8MB

Download
memory/800-1287-0x00007FFAB3C5B000-0x00007FFAB3C5C000-memory.dmp

Filesize
4KB

Download