Analysis Overview
SHA256
9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45
Threat Level: Known bad
The file 9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N was found to be: Known bad.
Malicious Activity Summary
NetSupport
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Embeds OpenSSL
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 23:13
Signatures
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 23:13
Reported
2024-10-06 23:15
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe
"C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 23:13
Reported
2024-10-06 23:15
Platform
win10v2004-20240802-en
Max time kernel
111s
Max time network
108s
Command Line
Signatures
NetSupport
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1040 wrote to memory of 1204 | N/A | C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe |
| PID 1040 wrote to memory of 1204 | N/A | C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe |
| PID 1040 wrote to memory of 1204 | N/A | C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe | C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe
"C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe
"C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x420
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| GB | 2.23.221.208:443 | download.microsoft.com | tcp |
| N/A | 127.0.0.1:54760 | tcp | |
| US | 8.8.8.8:53 | 208.221.23.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:54765 | tcp | |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 172.65.251.78:443 | gitlab.com | tcp |
| US | 8.8.8.8:53 | 78.251.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 104.26.0.231:80 | geo.netsupportsoftware.com | tcp |
| NL | 172.86.75.66:443 | tcp | |
| US | 104.26.0.231:80 | geo.netsupportsoftware.com | tcp |
| US | 104.26.0.231:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 231.0.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.75.86.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ssw.0
| MD5 | b90786eaf0dab32e2811fcf40231426b |
| SHA1 | 366efaa7b4b92dfd70eb8873fc556c46fe9e3d58 |
| SHA256 | 13f59d8f72593e6caf2765b986d235b283e2121369a1dde52ae55e8b7b918e97 |
| SHA512 | b49c5ae41294c3114540f89c2d48f3609195f4734a152410ff3f2bacd4407d530202376741d3939b23c9d47a87920811afd26c828263ddd9f92d9aed84193079 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe
| MD5 | 2590fa88cdcc28e9ca7b7baf4c048dc8 |
| SHA1 | 441a07436c98a63af66844498b2b2dfa3654644d |
| SHA256 | f59a1b07a4f5abfaba7323292b2046c2a5cc3c49fe9e8bcd8cf0a4c6b26fcce1 |
| SHA512 | 9c58836529e015d090e9682acbc05e21b392fe6d8504264e6aed0cff5d0bdcc15cdf551ca561926b531da1b3a71f3e49b9fdf64ffa04a6f6f4d336c778716631 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\AVKernel.dll
| MD5 | 83df8d51c5169071f34bd3b51bb9b79e |
| SHA1 | a4015fcf8170a62da74e56bade7d493d40ad958d |
| SHA256 | 0f3c2294dd2e6c62e1fae66e62a7d36ebfc49403bd4246ec031fceb0e5e58e00 |
| SHA512 | 230f8fdad7f3d2c473d6bc332dfc1c7f596b22ca9db05171b06927c34f676fe2d390ad45487caad480fda7fc78b105a00ad8efd8322bda50c3e310d8cc59792d |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\MediaJoinKernel.dll
| MD5 | 778992626f2bc70be656ee5c09c2a213 |
| SHA1 | 68e154ccaa344c1014c1df997c63955fea3ea658 |
| SHA256 | a7185ae14734de9a194ac6f22aa504c85c1d627b46623e49cd740a0b55fea05b |
| SHA512 | 65946e0119bfae6c2633eb0ae64a1fd386846a4bcbb475119519bc420d43cee8af9b25c55cf9fcbbd92a92518703129ad69a9454474c0f1e249ccb8d408768ee |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\hwendecoder.dll
| MD5 | 64539a6e2d5faca1edade6197115578c |
| SHA1 | d1bc244de1311abbdb70890514342a6af661ea69 |
| SHA256 | 2f2da6a3d5cfe230f8fe7d254518736e08f4f31491ed4bf137d52c4537a1518a |
| SHA512 | 0f3287b71553551dda1f8a67e2b3118e51d3981543361f67c0238b711d14e437232b1b85bd40d7a264dba891c8a602055a683a4da3c39a2cbfafe9c80c2d8814 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avcodec-55.dll
| MD5 | 72a8bc7f30b5fa382b736a63a8c0c0a6 |
| SHA1 | e6b90b5527e3f5b9f244f1de2d15d8d513fddeb8 |
| SHA256 | 0aaa0b6122d416d385e871ce0fa508fa59eec257561ef81ff904415d394b65ce |
| SHA512 | 23358587a953d59bcd8c632038febfee2a1cd1fb644d5b39ea070ea4e9c727b49b53c40acde1b0e8f2a80b5fd5050dbc6472e53e62f71fbf938ec50fb1c76351 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Verify.dll
| MD5 | 1583338f5d055cd5b4ea5677b2ccff6e |
| SHA1 | 2335761bd200d0008cb041eb3d7d4860e9e421e9 |
| SHA256 | c1f8e9f30a5bf7ca4a0f2f1f60ffd97a0f49f65448bf5b6b4bbdbc8a263a321f |
| SHA512 | 8a44820050d955d1401ef7b912ac4b86fcf5839fc2a64c1ae4cc8ac1a3fe9bb1aa1fa6063df863d3dc2a1d0804451f6fcac4f188390d5a27a68891273bbed957 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\swscale-2.dll
| MD5 | a77eba780a25aee9bc8bcfacd933ca2e |
| SHA1 | 892ff855046f66febb144c3ef7b0bb661c43c9c8 |
| SHA256 | a5716f6546c98778436fea455eb35b7cf8fae0f380bdfa2053201a75afa6e8d4 |
| SHA512 | 0c44d284c968b406664a7b20c77202da78c79600d23b6813842e091cd163ea2e4da7b1a54d252a5ca9eec70401729cd9ad75fbe03d2848cefba650dc9709313d |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\ApngDecoder.dll
| MD5 | 77db62270b198c2acbc463e3f1f0b982 |
| SHA1 | ee293fefd9c439b01f4b0584a4816d2ec86221bd |
| SHA256 | ecb3c629a4c97d83dce819e0d4b211055be55eff3444cf28a2564b3f0669fcff |
| SHA512 | 64e153891d1c636b25804404680b13e8a1f3a33cb4c41a92af6363deca7c1d4e779933556a1eb97d55b15a6ba500f102c09e4480cc5b7c91bb284e735afe8132 |
memory/1204-129-0x0000000001B50000-0x0000000001F57000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\AntiWatermark.dll
| MD5 | 5d9df775b1014d446c751a784a248f90 |
| SHA1 | 11ebccab5d0ba8d4403da59f994221134104d58b |
| SHA256 | a857e4e1c9b8974cdf3637a5904d20f013b2f21defe51e6d7ccc179b1d267147 |
| SHA512 | ecadc16a50e6b04772e430a2d40ae3e3da943acd46a8e5ab1ea5df37c565d6a846fe47873fed36f5ca3f65234d98c327ed33b5d0b7605e4f66cdbeee3b238a14 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\SoundTouch.dll
| MD5 | 580d5f1c3d871bab51dd606f2a2352e5 |
| SHA1 | 98a9744c58e3b9f85e96b591e0f6cd8127f5eeab |
| SHA256 | 34fbc87d455dc0bffa2866daf2aa2d1b2bc0608623daeec6a80a6702010fe4b5 |
| SHA512 | 6216c4b55621169bbea1edfa633c216ac56287f8eac668f78251fffbb3cd70b250283d76a7a79a0e5ef7d85a4399cd7c9dbb5285cc67b56d6e4f9c0c436c3f73 |
memory/1204-163-0x00000000025C0000-0x0000000002610000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sxg.1
| MD5 | c4496fae1b86651096323d56807af3e5 |
| SHA1 | 98a13326b8d2ea41898577a59e7d998514b56bb1 |
| SHA256 | 2051e4f41ff8f9a58e88e0f9b744a910becdb8e983f72114d56bc0ec3ef343dc |
| SHA512 | 41ab6fc8d660b450b24a812ba526ac11681d6a77a41f22c764c0c6783313382c41f68f8a5fac6a96a3f84eea9d4d75489125d172eb80459c701dd2807e91cddb |
C:\Users\Admin\AppData\Local\Temp\VideoConverter.txt
| MD5 | 8b8c7e3971e51920409c76b4c353b3bc |
| SHA1 | 3c23b45fff9a28cbbbaefeb09395b844defe976a |
| SHA256 | 582959691dfef4821b7547fde23b7c0177bc4dfe64321481987d37ee682c4a95 |
| SHA512 | 698bc762c4768a252fa7d6f191d55ed6f23c360fe4e6d3989226213a1a0fca0e588a36ae53b5039cd88340fba1a7394f993124308c477b5519a2dc6807a0058d |
memory/1204-183-0x0000000007C00000-0x0000000007D59000-memory.dmp
memory/1204-182-0x0000000071610000-0x0000000071903000-memory.dmp
memory/1204-161-0x0000000002560000-0x00000000025B1000-memory.dmp
memory/1204-160-0x0000000002550000-0x000000000255B000-memory.dmp
memory/1204-140-0x00000000020D0000-0x00000000024EA000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\MemFlash.dll
| MD5 | 10d431fd5feeb2265a699358bd1271b2 |
| SHA1 | ed38caa117de507cc236ba32c567350f29be7a1f |
| SHA256 | 01510d9d759c6c2602ca2891c0f31abdbbef0f3e97b5bf03732facf35944e06c |
| SHA512 | efc5cffbdc0c5121c359bf6a0d9e9d66f6c142d66d33a02e0c0ffd39f928c47cc5c995564b3515d00734fec1b7ee529314f6b9d297731a1aa300ba356e6c8387 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\DVDAudioRip.dll
| MD5 | add03cea2f229c7d4d395c975ff4dec2 |
| SHA1 | 663c4afb28b34d6d230cac28684b847d936ba250 |
| SHA256 | 25525b1bbccd5a337cb53f77d17a1b9b2cd41d17a0009096bb241c8c45d1e7ca |
| SHA512 | 7d0f2c7efc130b1ac6a4b041fadf35e5a90dfd9abdff1eb9fe21000851f8f74c986503bdf7ef0609045a206e6a980c148919a8dc15d421434debd85f71192aa2 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\RealQuickJoin.dll
| MD5 | a441d73bc5b540f9a75a63730859e7b3 |
| SHA1 | f30e2aa862d46e7965948373b65c7596cbded283 |
| SHA256 | dfffca37c8c9638b2c3d90495901af584f7c3621a1867991c36cccf4c4582629 |
| SHA512 | 6dd1e39b696de7db417e2f831cb698786cc25b5467fd5dfcfb7cca181c8e29db429a7205d8bcdc89b4cba93b28b192823a2d51be003c92abd31c21918849d0d3 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\MediaEncoderImp.dll
| MD5 | fab0f7839e8a70869c288ab9f8622818 |
| SHA1 | 1b2d97cd9c58a96820d47fc48356c27ab50d5113 |
| SHA256 | 74968f94677fdf5c39b5dcf1c80a6d0bb03afb8763e253a4a438ac8ed7c937ef |
| SHA512 | 56629044f242042d9679c63f5860199f67e00a46a952af7430b4edb514da17764699f106717c753fe1f353cdb1d6a80f5ceea648cbc7a192b3568f0b3974f0c0 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\simage.dll
| MD5 | 478bfd5a1d918a32eb2b48d08c60f3b0 |
| SHA1 | 9d0650083a2545f3f0f711259407c2d7425663fd |
| SHA256 | cf929e03f373d0dfe0e378778eaa2dd048d01c3a998ee8475c93da90d6887854 |
| SHA512 | 1e216e8dd4aa6b9ac47ccf4ea70eebcee2190376bf8a0e5ef740cc8a922adc01bf6dc7b62aeb1024b8b48cf546fa9750cb2b03d586f16cc1f18bfe9cb10c2b00 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
memory/1204-138-0x0000000002020000-0x00000000020D0000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\AVPlayer.dll
| MD5 | 6c42393f37c3fe5bd7fe5e9fd8f306bf |
| SHA1 | 1a916c9fa35f96f47028bb86ebecd74e01a8542f |
| SHA256 | d8caeef771207bc35e48ce5d7fbc87c7aa16ae8e4a8c0ab32c613736fb258bbd |
| SHA512 | 374e640322e05abb6c75c7f90a7ed8631723a996c0913bb7c2b0119a5852b0941fd33d9cc1f40f85bbe08edd888f340817ef6e43d92c58317dbc8c9fbb551bf5 |
memory/1204-127-0x0000000001940000-0x0000000001B45000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\gsUpgrade.dll
| MD5 | 7573903d85593e097cb3be1a1d1572c2 |
| SHA1 | 5f97f22da6e345f98bc84db84024dcb14bfb24ba |
| SHA256 | b89c53f9ada2da742d329e765999724541df858d6972c1deeaf0dd7154c1deb5 |
| SHA512 | 1d42c0717cfdd31fe64a8cb302d472eb59946629d71948308d4ac9b69df7eb2224d64c427cf95f30612f109b9fdf496faa8722cc5c37d682d11db0022dc59ad9 |
memory/1204-124-0x00000000018D0000-0x000000000192B000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\postproc-52.dll
| MD5 | 4be7d715efc9aa8e484cfed90cb355f7 |
| SHA1 | a0a42d3fe952ca4cb35bd36d4fa861da09cf5220 |
| SHA256 | 73c1ea9c103214ffef68252b0fa50a9394a7026c230c4660ea8a6d02f08add6f |
| SHA512 | fa836aa7471928531f2f1bd27b75152b044a018eb1b42f5751b734aa5237b1e4a16ecf2f84c9134a99c4c9778a4f5f6b7daedd003207e3a93b094caa9624164a |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\libx265.dll
| MD5 | 57512ce8d50ff06234b056179a71586a |
| SHA1 | 64eda393a2bef9884457d4ff30d15b6dfe6f92f4 |
| SHA256 | b0159c453d988c0a392f01bd57295e575f5352bc3abd17e707f6a267d53a03c8 |
| SHA512 | c386ef0bc389c9ba36aa0c46074880cff39d6fe5f80bdf67fe673a0e09c2b8615bcf41f8b41febe9f22edc65388e5579265bc395be4920b3d579ae8bf9b5664d |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\xvidcore.dll
| MD5 | 4962d3bb23aaa3b389f986335e6c4ee2 |
| SHA1 | 1b01a8f626a0cbaea18622cd4dcfb3c0cc632ad8 |
| SHA256 | c205df696f37d6c6aa0832f2b776b2e461665ffb5588a7ab7d35bcf24be4506d |
| SHA512 | 38f1fbc8a35d481fc7b12d85fea29a228e5a5918cbee6c18b90ca8c1e43a295088e28fabe1d5ed832821caf1e2b6fa573759819d2232455d9ee163f706b91143 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\swresample-0.dll
| MD5 | 933daac76271c5b6e73f2f317227d40a |
| SHA1 | 29849e5bb80da373fd4aeb4848fcfd044f0285c1 |
| SHA256 | 93ca5a7683524b927fe444ff8535c1483466905d0127b816af5c38105c7b867f |
| SHA512 | 39da5e5e6f360104aca489f8e3d184af5a8f993e012e62c62104e03d717d15af32de82a8b79cf588f68a9f3854affc8173244cf71f00d8cedf9da00269497705 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avfilter-4.dll
| MD5 | b3c93b1582f753b36b6087915df7cbd2 |
| SHA1 | c1a4e89d8131ae9948e91b171a9a5efcc8f21b07 |
| SHA256 | b3187c70fc77b38806fad063fa5acfb60f9972a67802eeb4a6b517ac84175baf |
| SHA512 | b5623d3bcd579e2366696de90502a635707c5ef3d4d3a12bb8d8b17b9879dfa7725f8d63464093d3920329a898b8574b745897108432f5fe053f3dfc517739af |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
memory/1204-136-0x0000000001F70000-0x0000000002005000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\magicskin.dll
| MD5 | 5ee2a64aa58b599bc4fefd560a8eeba7 |
| SHA1 | 0053baab59b92bc4fab54aae4eac272438080526 |
| SHA256 | 1f131e86a97e54b102d9be1cb6680a8a4eaf627d518861032346210dd227ead8 |
| SHA512 | e0d6c0053febb0d45da9ab3566f7768ed225792905bd71fdae65c892e977cc6cfe59881d4fb16e1d8cde68dc493c63875dde6478ba2cb163085211329c598491 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avformat-55.dll
| MD5 | 30b33bf10d45c0cdc1c4d874abb39383 |
| SHA1 | e60059954fd34b27d14dbc8f21e3831a9c3c5f78 |
| SHA256 | bb9612f4e3818c8682db5ece6263570844bac85583421e1f44a7a82c0363aa96 |
| SHA512 | 74735a052230d8acc06fff4867bd052501aa93fcc7f0ba3bdeb0a1293e9f15f4ecdb50b955ec1ee71980fc52832457cbd259e272c094d2e34836fb0022d94444 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avutil-52.dll
| MD5 | 2c33156ea27722fd08575c9ff596466c |
| SHA1 | 86d522e5a115c911a001348ad2fcff02973daa40 |
| SHA256 | ccdc0a5a0c6e46d6f5991aa0c2a74fa96b6eadfefedde4deef248bc0e05c62bd |
| SHA512 | 0193437ed87c62ba8a285b1f3a9fb044bba6295cfb83b827336e4c304bd07037ed46c23b291536c8a1a05cc2f1fbe7009dbdaf6a03a195325382c069778cb362 |
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Pic2m2v.dll
| MD5 | 694350e6af2d55c3637fb81dcf21a2d7 |
| SHA1 | e62b4b56730daef10d02d4b333fbcc42d4512fd0 |
| SHA256 | 19846a0f1d7a661f5e2d36cf6b29337397cef3cf259c97e8898efe26e8ff1862 |
| SHA512 | 9e6565963e27d56ef68f814c095a5b4c06cfd1138c0bb650993f866ab79fa3e6351c4f7b892e3acbd0b0868f547a3ac35949fc26dc1e03288174fcf0c84e7c04 |
memory/1204-204-0x0000000007C00000-0x0000000007D59000-memory.dmp
memory/1204-206-0x0000000007C00000-0x0000000007D59000-memory.dmp
memory/1204-212-0x0000000074CF0000-0x0000000074D7B000-memory.dmp
memory/1204-211-0x0000000074E00000-0x0000000074FB9000-memory.dmp
memory/1204-209-0x0000000000400000-0x00000000012FF000-memory.dmp
memory/1204-210-0x0000000074FC0000-0x000000007502A000-memory.dmp
memory/1204-220-0x0000000002020000-0x00000000020D0000-memory.dmp
memory/1204-213-0x00000000722C0000-0x0000000073A74000-memory.dmp
memory/1204-219-0x0000000001940000-0x0000000001B45000-memory.dmp
memory/1204-218-0x0000000074610000-0x0000000074647000-memory.dmp
memory/1204-217-0x0000000062600000-0x0000000062726000-memory.dmp
memory/1204-216-0x00000000748E0000-0x0000000074903000-memory.dmp
memory/1204-215-0x0000000074920000-0x0000000074AAD000-memory.dmp
memory/1204-382-0x0000000000400000-0x00000000012FF000-memory.dmp
memory/1204-394-0x0000000000400000-0x00000000012FF000-memory.dmp
memory/1204-406-0x0000000007C00000-0x0000000007D59000-memory.dmp
memory/1204-420-0x0000000007C00000-0x0000000007D59000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\TS Video Converter\nsm.lic
| MD5 | 886e4bb84e1ecc4a04ae599d76fcce1d |
| SHA1 | 3f0493bb2088af50bcc8223462db0b207354e946 |
| SHA256 | 5eeb014e3b390e0c85ce72988d422dcd9de1520566b11755c70bdd9bb7376060 |
| SHA512 | f4db9038a113c4b1e2462b3e0becef2500c9532a79c8187f51d011d690bc68c6d1a99585e43136cb082bd6a232136546db50265f226ff19e67d8430306a8761f |