Malware Analysis Report

2024-10-19 01:37

Sample ID 241006-27h28svgke
Target 9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N
SHA256 9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45
Tags
netsupport discovery rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45

Threat Level: Known bad

The file 9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N was found to be: Known bad.

Malicious Activity Summary

netsupport discovery rat

NetSupport

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Embeds OpenSSL

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 23:13

Signatures

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 23:13

Reported

2024-10-06 23:15

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe

"C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 23:13

Reported

2024-10-06 23:15

Platform

win10v2004-20240802-en

Max time kernel

111s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe"

Signatures

NetSupport

rat netsupport

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe

"C:\Users\Admin\AppData\Local\Temp\9e14f472c3a214921a07d2b043b62fa53aff15997c7347b62f62b24db9471b45N.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe

"C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x154 0x420

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 download.microsoft.com udp
GB 2.23.221.208:443 download.microsoft.com tcp
N/A 127.0.0.1:54760 tcp
US 8.8.8.8:53 208.221.23.2.in-addr.arpa udp
N/A 127.0.0.1:54765 tcp
US 8.8.8.8:53 gitlab.com udp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 78.251.65.172.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 geo.netsupportsoftware.com udp
US 104.26.0.231:80 geo.netsupportsoftware.com tcp
NL 172.86.75.66:443 tcp
US 104.26.0.231:80 geo.netsupportsoftware.com tcp
US 104.26.0.231:80 geo.netsupportsoftware.com tcp
US 8.8.8.8:53 231.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 66.75.86.172.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\ssw.0

MD5 b90786eaf0dab32e2811fcf40231426b
SHA1 366efaa7b4b92dfd70eb8873fc556c46fe9e3d58
SHA256 13f59d8f72593e6caf2765b986d235b283e2121369a1dde52ae55e8b7b918e97
SHA512 b49c5ae41294c3114540f89c2d48f3609195f4734a152410ff3f2bacd4407d530202376741d3939b23c9d47a87920811afd26c828263ddd9f92d9aed84193079

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Videoconverter.exe

MD5 2590fa88cdcc28e9ca7b7baf4c048dc8
SHA1 441a07436c98a63af66844498b2b2dfa3654644d
SHA256 f59a1b07a4f5abfaba7323292b2046c2a5cc3c49fe9e8bcd8cf0a4c6b26fcce1
SHA512 9c58836529e015d090e9682acbc05e21b392fe6d8504264e6aed0cff5d0bdcc15cdf551ca561926b531da1b3a71f3e49b9fdf64ffa04a6f6f4d336c778716631

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\AVKernel.dll

MD5 83df8d51c5169071f34bd3b51bb9b79e
SHA1 a4015fcf8170a62da74e56bade7d493d40ad958d
SHA256 0f3c2294dd2e6c62e1fae66e62a7d36ebfc49403bd4246ec031fceb0e5e58e00
SHA512 230f8fdad7f3d2c473d6bc332dfc1c7f596b22ca9db05171b06927c34f676fe2d390ad45487caad480fda7fc78b105a00ad8efd8322bda50c3e310d8cc59792d

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\MediaJoinKernel.dll

MD5 778992626f2bc70be656ee5c09c2a213
SHA1 68e154ccaa344c1014c1df997c63955fea3ea658
SHA256 a7185ae14734de9a194ac6f22aa504c85c1d627b46623e49cd740a0b55fea05b
SHA512 65946e0119bfae6c2633eb0ae64a1fd386846a4bcbb475119519bc420d43cee8af9b25c55cf9fcbbd92a92518703129ad69a9454474c0f1e249ccb8d408768ee

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\hwendecoder.dll

MD5 64539a6e2d5faca1edade6197115578c
SHA1 d1bc244de1311abbdb70890514342a6af661ea69
SHA256 2f2da6a3d5cfe230f8fe7d254518736e08f4f31491ed4bf137d52c4537a1518a
SHA512 0f3287b71553551dda1f8a67e2b3118e51d3981543361f67c0238b711d14e437232b1b85bd40d7a264dba891c8a602055a683a4da3c39a2cbfafe9c80c2d8814

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avcodec-55.dll

MD5 72a8bc7f30b5fa382b736a63a8c0c0a6
SHA1 e6b90b5527e3f5b9f244f1de2d15d8d513fddeb8
SHA256 0aaa0b6122d416d385e871ce0fa508fa59eec257561ef81ff904415d394b65ce
SHA512 23358587a953d59bcd8c632038febfee2a1cd1fb644d5b39ea070ea4e9c727b49b53c40acde1b0e8f2a80b5fd5050dbc6472e53e62f71fbf938ec50fb1c76351

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Verify.dll

MD5 1583338f5d055cd5b4ea5677b2ccff6e
SHA1 2335761bd200d0008cb041eb3d7d4860e9e421e9
SHA256 c1f8e9f30a5bf7ca4a0f2f1f60ffd97a0f49f65448bf5b6b4bbdbc8a263a321f
SHA512 8a44820050d955d1401ef7b912ac4b86fcf5839fc2a64c1ae4cc8ac1a3fe9bb1aa1fa6063df863d3dc2a1d0804451f6fcac4f188390d5a27a68891273bbed957

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\swscale-2.dll

MD5 a77eba780a25aee9bc8bcfacd933ca2e
SHA1 892ff855046f66febb144c3ef7b0bb661c43c9c8
SHA256 a5716f6546c98778436fea455eb35b7cf8fae0f380bdfa2053201a75afa6e8d4
SHA512 0c44d284c968b406664a7b20c77202da78c79600d23b6813842e091cd163ea2e4da7b1a54d252a5ca9eec70401729cd9ad75fbe03d2848cefba650dc9709313d

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\ApngDecoder.dll

MD5 77db62270b198c2acbc463e3f1f0b982
SHA1 ee293fefd9c439b01f4b0584a4816d2ec86221bd
SHA256 ecb3c629a4c97d83dce819e0d4b211055be55eff3444cf28a2564b3f0669fcff
SHA512 64e153891d1c636b25804404680b13e8a1f3a33cb4c41a92af6363deca7c1d4e779933556a1eb97d55b15a6ba500f102c09e4480cc5b7c91bb284e735afe8132

memory/1204-129-0x0000000001B50000-0x0000000001F57000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\AntiWatermark.dll

MD5 5d9df775b1014d446c751a784a248f90
SHA1 11ebccab5d0ba8d4403da59f994221134104d58b
SHA256 a857e4e1c9b8974cdf3637a5904d20f013b2f21defe51e6d7ccc179b1d267147
SHA512 ecadc16a50e6b04772e430a2d40ae3e3da943acd46a8e5ab1ea5df37c565d6a846fe47873fed36f5ca3f65234d98c327ed33b5d0b7605e4f66cdbeee3b238a14

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\SoundTouch.dll

MD5 580d5f1c3d871bab51dd606f2a2352e5
SHA1 98a9744c58e3b9f85e96b591e0f6cd8127f5eeab
SHA256 34fbc87d455dc0bffa2866daf2aa2d1b2bc0608623daeec6a80a6702010fe4b5
SHA512 6216c4b55621169bbea1edfa633c216ac56287f8eac668f78251fffbb3cd70b250283d76a7a79a0e5ef7d85a4399cd7c9dbb5285cc67b56d6e4f9c0c436c3f73

memory/1204-163-0x00000000025C0000-0x0000000002610000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\sxg.1

MD5 c4496fae1b86651096323d56807af3e5
SHA1 98a13326b8d2ea41898577a59e7d998514b56bb1
SHA256 2051e4f41ff8f9a58e88e0f9b744a910becdb8e983f72114d56bc0ec3ef343dc
SHA512 41ab6fc8d660b450b24a812ba526ac11681d6a77a41f22c764c0c6783313382c41f68f8a5fac6a96a3f84eea9d4d75489125d172eb80459c701dd2807e91cddb

C:\Users\Admin\AppData\Local\Temp\VideoConverter.txt

MD5 8b8c7e3971e51920409c76b4c353b3bc
SHA1 3c23b45fff9a28cbbbaefeb09395b844defe976a
SHA256 582959691dfef4821b7547fde23b7c0177bc4dfe64321481987d37ee682c4a95
SHA512 698bc762c4768a252fa7d6f191d55ed6f23c360fe4e6d3989226213a1a0fca0e588a36ae53b5039cd88340fba1a7394f993124308c477b5519a2dc6807a0058d

memory/1204-183-0x0000000007C00000-0x0000000007D59000-memory.dmp

memory/1204-182-0x0000000071610000-0x0000000071903000-memory.dmp

memory/1204-161-0x0000000002560000-0x00000000025B1000-memory.dmp

memory/1204-160-0x0000000002550000-0x000000000255B000-memory.dmp

memory/1204-140-0x00000000020D0000-0x00000000024EA000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\MemFlash.dll

MD5 10d431fd5feeb2265a699358bd1271b2
SHA1 ed38caa117de507cc236ba32c567350f29be7a1f
SHA256 01510d9d759c6c2602ca2891c0f31abdbbef0f3e97b5bf03732facf35944e06c
SHA512 efc5cffbdc0c5121c359bf6a0d9e9d66f6c142d66d33a02e0c0ffd39f928c47cc5c995564b3515d00734fec1b7ee529314f6b9d297731a1aa300ba356e6c8387

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\DVDAudioRip.dll

MD5 add03cea2f229c7d4d395c975ff4dec2
SHA1 663c4afb28b34d6d230cac28684b847d936ba250
SHA256 25525b1bbccd5a337cb53f77d17a1b9b2cd41d17a0009096bb241c8c45d1e7ca
SHA512 7d0f2c7efc130b1ac6a4b041fadf35e5a90dfd9abdff1eb9fe21000851f8f74c986503bdf7ef0609045a206e6a980c148919a8dc15d421434debd85f71192aa2

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\RealQuickJoin.dll

MD5 a441d73bc5b540f9a75a63730859e7b3
SHA1 f30e2aa862d46e7965948373b65c7596cbded283
SHA256 dfffca37c8c9638b2c3d90495901af584f7c3621a1867991c36cccf4c4582629
SHA512 6dd1e39b696de7db417e2f831cb698786cc25b5467fd5dfcfb7cca181c8e29db429a7205d8bcdc89b4cba93b28b192823a2d51be003c92abd31c21918849d0d3

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\MediaEncoderImp.dll

MD5 fab0f7839e8a70869c288ab9f8622818
SHA1 1b2d97cd9c58a96820d47fc48356c27ab50d5113
SHA256 74968f94677fdf5c39b5dcf1c80a6d0bb03afb8763e253a4a438ac8ed7c937ef
SHA512 56629044f242042d9679c63f5860199f67e00a46a952af7430b4edb514da17764699f106717c753fe1f353cdb1d6a80f5ceea648cbc7a192b3568f0b3974f0c0

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\simage.dll

MD5 478bfd5a1d918a32eb2b48d08c60f3b0
SHA1 9d0650083a2545f3f0f711259407c2d7425663fd
SHA256 cf929e03f373d0dfe0e378778eaa2dd048d01c3a998ee8475c93da90d6887854
SHA512 1e216e8dd4aa6b9ac47ccf4ea70eebcee2190376bf8a0e5ef740cc8a922adc01bf6dc7b62aeb1024b8b48cf546fa9750cb2b03d586f16cc1f18bfe9cb10c2b00

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\pthreadVC2.dll

MD5 54aeddc619eed2faeee9533d58f778b9
SHA1 ca9d723b87e0c688450b34f2a606c957391fbbf4
SHA256 ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7
SHA512 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

memory/1204-138-0x0000000002020000-0x00000000020D0000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\AVPlayer.dll

MD5 6c42393f37c3fe5bd7fe5e9fd8f306bf
SHA1 1a916c9fa35f96f47028bb86ebecd74e01a8542f
SHA256 d8caeef771207bc35e48ce5d7fbc87c7aa16ae8e4a8c0ab32c613736fb258bbd
SHA512 374e640322e05abb6c75c7f90a7ed8631723a996c0913bb7c2b0119a5852b0941fd33d9cc1f40f85bbe08edd888f340817ef6e43d92c58317dbc8c9fbb551bf5

memory/1204-127-0x0000000001940000-0x0000000001B45000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\gsUpgrade.dll

MD5 7573903d85593e097cb3be1a1d1572c2
SHA1 5f97f22da6e345f98bc84db84024dcb14bfb24ba
SHA256 b89c53f9ada2da742d329e765999724541df858d6972c1deeaf0dd7154c1deb5
SHA512 1d42c0717cfdd31fe64a8cb302d472eb59946629d71948308d4ac9b69df7eb2224d64c427cf95f30612f109b9fdf496faa8722cc5c37d682d11db0022dc59ad9

memory/1204-124-0x00000000018D0000-0x000000000192B000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\postproc-52.dll

MD5 4be7d715efc9aa8e484cfed90cb355f7
SHA1 a0a42d3fe952ca4cb35bd36d4fa861da09cf5220
SHA256 73c1ea9c103214ffef68252b0fa50a9394a7026c230c4660ea8a6d02f08add6f
SHA512 fa836aa7471928531f2f1bd27b75152b044a018eb1b42f5751b734aa5237b1e4a16ecf2f84c9134a99c4c9778a4f5f6b7daedd003207e3a93b094caa9624164a

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\libx265.dll

MD5 57512ce8d50ff06234b056179a71586a
SHA1 64eda393a2bef9884457d4ff30d15b6dfe6f92f4
SHA256 b0159c453d988c0a392f01bd57295e575f5352bc3abd17e707f6a267d53a03c8
SHA512 c386ef0bc389c9ba36aa0c46074880cff39d6fe5f80bdf67fe673a0e09c2b8615bcf41f8b41febe9f22edc65388e5579265bc395be4920b3d579ae8bf9b5664d

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\xvidcore.dll

MD5 4962d3bb23aaa3b389f986335e6c4ee2
SHA1 1b01a8f626a0cbaea18622cd4dcfb3c0cc632ad8
SHA256 c205df696f37d6c6aa0832f2b776b2e461665ffb5588a7ab7d35bcf24be4506d
SHA512 38f1fbc8a35d481fc7b12d85fea29a228e5a5918cbee6c18b90ca8c1e43a295088e28fabe1d5ed832821caf1e2b6fa573759819d2232455d9ee163f706b91143

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\swresample-0.dll

MD5 933daac76271c5b6e73f2f317227d40a
SHA1 29849e5bb80da373fd4aeb4848fcfd044f0285c1
SHA256 93ca5a7683524b927fe444ff8535c1483466905d0127b816af5c38105c7b867f
SHA512 39da5e5e6f360104aca489f8e3d184af5a8f993e012e62c62104e03d717d15af32de82a8b79cf588f68a9f3854affc8173244cf71f00d8cedf9da00269497705

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avfilter-4.dll

MD5 b3c93b1582f753b36b6087915df7cbd2
SHA1 c1a4e89d8131ae9948e91b171a9a5efcc8f21b07
SHA256 b3187c70fc77b38806fad063fa5acfb60f9972a67802eeb4a6b517ac84175baf
SHA512 b5623d3bcd579e2366696de90502a635707c5ef3d4d3a12bb8d8b17b9879dfa7725f8d63464093d3920329a898b8574b745897108432f5fe053f3dfc517739af

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\pthreadGC2.dll

MD5 6f346d712c867cf942d6b599adb61081
SHA1 24d942dfc2d0c7256c50b80204bb30f0d98b887a
SHA256 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3
SHA512 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

memory/1204-136-0x0000000001F70000-0x0000000002005000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\magicskin.dll

MD5 5ee2a64aa58b599bc4fefd560a8eeba7
SHA1 0053baab59b92bc4fab54aae4eac272438080526
SHA256 1f131e86a97e54b102d9be1cb6680a8a4eaf627d518861032346210dd227ead8
SHA512 e0d6c0053febb0d45da9ab3566f7768ed225792905bd71fdae65c892e977cc6cfe59881d4fb16e1d8cde68dc493c63875dde6478ba2cb163085211329c598491

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avformat-55.dll

MD5 30b33bf10d45c0cdc1c4d874abb39383
SHA1 e60059954fd34b27d14dbc8f21e3831a9c3c5f78
SHA256 bb9612f4e3818c8682db5ece6263570844bac85583421e1f44a7a82c0363aa96
SHA512 74735a052230d8acc06fff4867bd052501aa93fcc7f0ba3bdeb0a1293e9f15f4ecdb50b955ec1ee71980fc52832457cbd259e272c094d2e34836fb0022d94444

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\avutil-52.dll

MD5 2c33156ea27722fd08575c9ff596466c
SHA1 86d522e5a115c911a001348ad2fcff02973daa40
SHA256 ccdc0a5a0c6e46d6f5991aa0c2a74fa96b6eadfefedde4deef248bc0e05c62bd
SHA512 0193437ed87c62ba8a285b1f3a9fb044bba6295cfb83b827336e4c304bd07037ed46c23b291536c8a1a05cc2f1fbe7009dbdaf6a03a195325382c069778cb362

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\Pic2m2v.dll

MD5 694350e6af2d55c3637fb81dcf21a2d7
SHA1 e62b4b56730daef10d02d4b333fbcc42d4512fd0
SHA256 19846a0f1d7a661f5e2d36cf6b29337397cef3cf259c97e8898efe26e8ff1862
SHA512 9e6565963e27d56ef68f814c095a5b4c06cfd1138c0bb650993f866ab79fa3e6351c4f7b892e3acbd0b0868f547a3ac35949fc26dc1e03288174fcf0c84e7c04

memory/1204-204-0x0000000007C00000-0x0000000007D59000-memory.dmp

memory/1204-206-0x0000000007C00000-0x0000000007D59000-memory.dmp

memory/1204-212-0x0000000074CF0000-0x0000000074D7B000-memory.dmp

memory/1204-211-0x0000000074E00000-0x0000000074FB9000-memory.dmp

memory/1204-209-0x0000000000400000-0x00000000012FF000-memory.dmp

memory/1204-210-0x0000000074FC0000-0x000000007502A000-memory.dmp

memory/1204-220-0x0000000002020000-0x00000000020D0000-memory.dmp

memory/1204-213-0x00000000722C0000-0x0000000073A74000-memory.dmp

memory/1204-219-0x0000000001940000-0x0000000001B45000-memory.dmp

memory/1204-218-0x0000000074610000-0x0000000074647000-memory.dmp

memory/1204-217-0x0000000062600000-0x0000000062726000-memory.dmp

memory/1204-216-0x00000000748E0000-0x0000000074903000-memory.dmp

memory/1204-215-0x0000000074920000-0x0000000074AAD000-memory.dmp

memory/1204-382-0x0000000000400000-0x00000000012FF000-memory.dmp

memory/1204-394-0x0000000000400000-0x00000000012FF000-memory.dmp

memory/1204-406-0x0000000007C00000-0x0000000007D59000-memory.dmp

memory/1204-420-0x0000000007C00000-0x0000000007D59000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\TS Video Converter\nsm.lic

MD5 886e4bb84e1ecc4a04ae599d76fcce1d
SHA1 3f0493bb2088af50bcc8223462db0b207354e946
SHA256 5eeb014e3b390e0c85ce72988d422dcd9de1520566b11755c70bdd9bb7376060
SHA512 f4db9038a113c4b1e2462b3e0becef2500c9532a79c8187f51d011d690bc68c6d1a99585e43136cb082bd6a232136546db50265f226ff19e67d8430306a8761f