1173af60b8b0b350632ded58fd89429fd9457840f418ffa214f57487768ab19a

Analysis

max time kernel
300s
max time network
282s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-10-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VideoThumbnailsMaker_64bit_Setup.exe
Size

22.8MB
MD5

4ff21725bc66ecbf4260dc085490e806
SHA1

40da3be578b6a174c79f43c8df3087c24eb5d78c
SHA256

1173af60b8b0b350632ded58fd89429fd9457840f418ffa214f57487768ab19a
SHA512

952f9a67421a1a07deccf14f8fe60255c56868c488d0259c839c605f6d3ed05aef20cf4f1183011f860974e75ad8b8b47b7bdb6fad0b9955eefa4bb13ea62307
SSDEEP

393216:JfL+jO7JCQ+MD3ZJjupJpG2/PhcwCg8Lu1UBh6a+ZPIxVBdXfYQBG9OjhCU04CWD:JfLDCQb33jUv4pgOx6VlIhhBG9OjwzAL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4692	VideoThumbnailsMaker.exe
4856	VideoThumbnailsMaker.exe
776	ffmpeg.exe
744	ffprobe.exe
1216	ffprobe.exe
4508	ffprobe.exe
3696	ffprobe.exe

Loads dropped DLL 44 IoCs

pid	Process
4480	VideoThumbnailsMaker_64bit_Setup.exe
4480	VideoThumbnailsMaker_64bit_Setup.exe
4480	VideoThumbnailsMaker_64bit_Setup.exe
4480	VideoThumbnailsMaker_64bit_Setup.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
776	ffmpeg.exe
776	ffmpeg.exe
776	ffmpeg.exe
776	ffmpeg.exe
776	ffmpeg.exe
776	ffmpeg.exe
776	ffmpeg.exe
776	ffmpeg.exe
744	ffprobe.exe
744	ffprobe.exe
744	ffprobe.exe
744	ffprobe.exe
744	ffprobe.exe
744	ffprobe.exe
744	ffprobe.exe
1216	ffprobe.exe
1216	ffprobe.exe
1216	ffprobe.exe
1216	ffprobe.exe
1216	ffprobe.exe
1216	ffprobe.exe
1216	ffprobe.exe
4508	ffprobe.exe
4508	ffprobe.exe
4508	ffprobe.exe
4508	ffprobe.exe
4508	ffprobe.exe
4508	ffprobe.exe
4508	ffprobe.exe
3696	ffprobe.exe
3696	ffprobe.exe
3696	ffprobe.exe
3696	ffprobe.exe
3696	ffprobe.exe
3696	ffprobe.exe
3696	ffprobe.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 36 IoCs

description	ioc	Process
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_SVT_AV1.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\swresample-5.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_DirectShowLibNET.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\WebP\x64\libwebpdemux.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\d2dlib64.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\d2dlibexport.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Watermarks\VTM_White_for_the_Rigth_Side.png	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Watermarks\VTM_White_for_the_Left_Side.png	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_FFmpeg.AutoGen.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_FFmpeg.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\DirectShowLib-2005.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Watermarks\VTM_Black_for_the_Rigth_Side.png	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\WebP\x64\libwebpmux.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\VideoThumbnailsMaker.exe	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg.AutoGen.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\swscale-8.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_d2dlib.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_dav1d.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Uninstall.exe	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\apng.lib.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffmpeg.exe	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\WebP\x64\libwebp.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_APNG.NET.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_WebP_WebM.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\License_FFmpeg_Build.txt	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avcodec-61.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avutil-59.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\loop.cur	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Watermarks\VTM_Black_for_the_Left_Side.png	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avdevice-61.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avfilter-10.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avformat-61.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\PicturesThumbnailsViewer.exe	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\d2dwinform.dll	VideoThumbnailsMaker_64bit_Setup.exe
File created	C:\Program Files\Video Thumbnails Maker\Licenses\README.txt	VideoThumbnailsMaker_64bit_Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VideoThumbnailsMaker_64bit_Setup.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "186"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.webp	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\WebP\Shell\open\Command\ = "C:\\Program Files\\Video Thumbnails Maker\\PicturesThumbnailsViewer.exe \"%1\""	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.webp\ = "WebP"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.webp\Content Type = "image/webp"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616193"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Options File\Shell\open	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Options File\Shell\open\Command	VideoThumbnailsMaker.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.webp	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	VideoThumbnailsMaker.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.webp\OpenWithProgids	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\WebP\Shell\open\Command	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.vts\ = "VTM Settings File"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\PTM Picture File\Shell\open\Command	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\WebP\ = "WebP File"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.vtm\Content Type = "application/myprogram"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.vts\Content Type = "application/myprogram"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.vtx	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Picture File\Shell\open\Command	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Options File\ = "Video Thumbnails Maker Options File"	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4 = 14002e80922b16d365937a46956b92703aca08af0000	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0400000003000000020000000100000000000000ffffffff	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Documents"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Settings File\Shell\open	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Options File	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Settings File\Shell\open\Command	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\WebP\DefaultIcon\ = "C:\\Program Files\\Video Thumbnails Maker\\PicturesThumbnailsViewer.exe,0"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\PTM Picture File\ = "Pictures Thumbnails Maker Picture File"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.vtm\ = "VTM Options File"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\WebP\Shell	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0300000004000000020000000100000000000000ffffffff	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Settings File\Shell	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.vtx\Content Type = "application/myprogram"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\PTM Picture File\Shell\open	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\WebP\DefaultIcon	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Picture File\ = "Video Thumbnails File"	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\.ptx\ = "PTM Picture File"	VideoThumbnailsMaker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\VTM Picture File\Shell	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	VideoThumbnailsMaker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	VideoThumbnailsMaker.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	VideoThumbnailsMaker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4\NodeSlot = "7"	VideoThumbnailsMaker.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
3428	vlc.exe
2712	vlc.exe
1996	vlc.exe
2572	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe
4692	VideoThumbnailsMaker.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4692	VideoThumbnailsMaker.exe
3428	vlc.exe
2572	vlc.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4636	Process not Found
800	Process not Found
1216	Process not Found
4116	Process not Found
3712	Process not Found
2116	Process not Found
3304	Process not Found
400	Process not Found
5112	Process not Found
3920	Process not Found
4508	Process not Found
3788	Process not Found
828	Process not Found
4708	Process not Found
3172	Process not Found
780	Process not Found
324	Process not Found
4816	Process not Found
1600	Process not Found
336	Process not Found
1060	Process not Found
3696	Process not Found
2936	Process not Found
240	Process not Found
2900	Process not Found
4556	Process not Found
2440	Process not Found
3312	Process not Found
1604	Process not Found
4276	Process not Found
3500	Process not Found
4820	Process not Found
3576	Process not Found
1212	Process not Found
708	Process not Found
4076	Process not Found
1660	Process not Found
3004	Process not Found
380	Process not Found
572	Process not Found
4612	Process not Found
1332	Process not Found
4756	Process not Found
4252	Process not Found
1628	Process not Found
4984	Process not Found
1344	Process not Found
3888	Process not Found
2400	Process not Found
352	Process not Found
1536	Process not Found
1896	Process not Found
4440	Process not Found
2032	Process not Found
3164	Process not Found
2580	Process not Found
1760	Process not Found
412	Process not Found
5008	Process not Found
1124	Process not Found
1848	Process not Found
2980	Process not Found
1284	Process not Found
2676	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4692	VideoThumbnailsMaker.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
2572	vlc.exe
2572	vlc.exe
2572	vlc.exe
2572	vlc.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
3428	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
1996	vlc.exe
2572	vlc.exe
2572	vlc.exe
2572	vlc.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3428	vlc.exe
2712	vlc.exe
1996	vlc.exe
2572	vlc.exe
4692	VideoThumbnailsMaker.exe
700	LogonUI.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 4692	4480	VideoThumbnailsMaker_64bit_Setup.exe	78
PID 4480 wrote to memory of 4692	4480	VideoThumbnailsMaker_64bit_Setup.exe	78
PID 4692 wrote to memory of 776	4692	VideoThumbnailsMaker.exe	104
PID 4692 wrote to memory of 776	4692	VideoThumbnailsMaker.exe	104
PID 4692 wrote to memory of 744	4692	VideoThumbnailsMaker.exe	106
PID 4692 wrote to memory of 744	4692	VideoThumbnailsMaker.exe	106
PID 4692 wrote to memory of 1216	4692	VideoThumbnailsMaker.exe	108
PID 4692 wrote to memory of 1216	4692	VideoThumbnailsMaker.exe	108
PID 4692 wrote to memory of 4508	4692	VideoThumbnailsMaker.exe	110
PID 4692 wrote to memory of 4508	4692	VideoThumbnailsMaker.exe	110
PID 4692 wrote to memory of 3696	4692	VideoThumbnailsMaker.exe	112
PID 4692 wrote to memory of 3696	4692	VideoThumbnailsMaker.exe	112

C:\Users\Admin\AppData\Local\Temp\VideoThumbnailsMaker_64bit_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\VideoThumbnailsMaker_64bit_Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files\Video Thumbnails Maker\VideoThumbnailsMaker.exe
  "C:\Program Files\Video Thumbnails Maker\VideoThumbnailsMaker.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffmpeg.exe
    "C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffmpeg.exe" -i "C:\Users\Admin\Desktop\DebugImport.mpe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:776
- - C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe
    "C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe" -v quiet -show_entries stream=index:stream_tags=language -select_streams a -of compact=p=0:nk=1:s=/ "C:\Users\Admin\Desktop\DebugImport.mpe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:744
- - C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe
    "C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe" -v quiet -show_entries stream=index:stream_tags=language -select_streams s -of compact=p=0:nk=1:s=/ "C:\Users\Admin\Desktop\DebugImport.mpe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1216
- - C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe
    "C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe" -v quiet -select_streams v:0 -show_entries stream=codec_name,profile,bit_rate,avg_frame_rate -of default=noprint_wrappers=1:nokey=1 "C:\Users\Admin\Desktop\DebugImport.mpe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4508
- - C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe
    "C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe" -v quiet -select_streams a:0 -show_entries stream=codec_name,profile,sample_rate,channels,channel_layout,bit_rate -of default=noprint_wrappers=1:nokey=1 "C:\Users\Admin\Desktop\DebugImport.mpe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2908

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Music\UnpublishExit.avi"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3428

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DebugImport.mpe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ConfirmLimit.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ClearConvertTo.asx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Program Files\Video Thumbnails Maker\VideoThumbnailsMaker.exe
"C:\Program Files\Video Thumbnails Maker\VideoThumbnailsMaker.exe"
1⤵
- Executes dropped EXE
PID:4856

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a20055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Video Thumbnails Maker\DirectShowLib-2005.dll

Filesize
276KB

MD5
4386f1c7558af3d3cc32b8a84b98bb90

SHA1
805683789ce64f78604a6fe3df9f9a5051da92b7

SHA256
6e9723fd0f6c00224101ff646db6af7f3a3ae042c79e667f1be849be95038aa4

SHA512
91f2d81028b0b2b6fb6e6386e90717ee24972177ce3533b71c6554c887e7f2058eba9f9fd34737c3e3cc8f41ac0f570ac16ad7180f83a33ed6bf58b710cb97c4

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg.AutoGen.dll

Filesize
617KB

MD5
7fa3f0ccb2ef991056714f7a69fc2bb8

SHA1
13d24c4ebd772d6699ff7cd087d3702c8eeb52a3

SHA256
d542d106de769b2b54ec3089932eaba9cd5c28d88b528e0f4632ff99473ee585

SHA512
d380c6d782ad494e6120a9a61b0c8f452a36100701433495609e6941cdec8709cddee8baf9066c1cf743daf9c0ada37a4ad8960c225ffc5bf943bb59bc1cd759

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avcodec-61.dll

Filesize
33.5MB

MD5
a3f5721cc87ab67fca5c564e793795d0

SHA1
be5496d1a764f068c227e1f87d810baa5e38d44c

SHA256
0d7068cbc534877bbc54c9d691c8fdede81156b9e1bd2574f2ccf1e1b6921d95

SHA512
04f377c2d13acee138015d5f307a31bf4197500213a003e29d603a04b567c1d169259e1f95636b65637b286e177f0f5dc68e0b1767c81e109d83f0b925daeff7

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avdevice-61.dll

Filesize
616KB

MD5
e9008be1118cde19812b483cec65b3b7

SHA1
e840c3bf6904341eede248cd6bf9ab5e6da6f657

SHA256
1528de689eca2de25ef71f0d0ccbc75ba9fe5ea0d833eb5311d5f8dec8e811fd

SHA512
61b86495635fb5b4e992de2c1632b0a15e79411a6384a75324a3b624f896b14f03a13fc6845e3e9659927f3bc2a7dbac36394480e1a6d87c708fcdc7c468bfe8

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avfilter-10.dll

Filesize
6.5MB

MD5
fceccb6e09605bf0bbbb53e306d634af

SHA1
bb736e004bd15742f4e54f12ac89d50895cfdc42

SHA256
f7d4949c0815a8fc7c503a31130690b1422044123cee98f2c73060b5d85b4683

SHA512
d03aeb3e8bb7455640e091d398d85b5270ea10de94d6836c6007f55bee3e477a7fc1dd331df704b0ef772c5ed8056ffc3e682c159e3473961d5e246d5642d8b6

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avformat-61.dll

Filesize
4.4MB

MD5
ad64f8bac274a6feffaac8d335c8bcbf

SHA1
b616139ff431018c88e47d02614bc567af298d4a

SHA256
3a18b4e54cdcc82ca89d961c20d8fc0124e5576c2fbc792252e95aef27d0745c

SHA512
3691df7f0f774d702b03221e3833a2273860094917168fbf6918e856cd7dcaf528388911c2af8fe028e4b9e0a2574f8b125446cc64c142ea60bd37c014f6f4e3

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\avutil-59.dll

Filesize
1.9MB

MD5
0392bb56a6b25dafb9798443b781359a

SHA1
cc05be0e4f67d0fd90b7aa4fda4d84f68af63d2e

SHA256
75210a5b6201dd23ae95bbd11d5465a594c84fe03315f6337d76e1ad7284738b

SHA512
1e492d5c863326ead3e3dac2615d13806c0a194788950d777b5b8ab8a2cdf398db340b0a4ac18ac1cc59ed88603ce3325ea2f1573608e3b584b6dceddf6e82fe

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffmpeg.exe

Filesize
417KB

MD5
4189a33aec1259427361cf0457150302

SHA1
bc7354e59861c93e3d3355d5dbac5d67a7a88559

SHA256
b31020247917868ac819222facfd6389e330be384729b28bb6722a84a8d8d7d7

SHA512
6d0068ede460c538965bd1328bb80b28aa6f642b656d4e240ea70d1aa5cb4e21f29f90b74f4bc2f752bbb360fb292ad4f0346686feed0ce67cc006493a976be8

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\ffprobe.exe

Filesize
198KB

MD5
b67614a3cedea08a8f30bf1726355c71

SHA1
76c3497adb5e01b73c4bd703a34760b111a6c153

SHA256
08d4dc26a074de1c10a6e4285811d6e91cfca37713e062f7683ea646b04369e6

SHA512
c09e232513d476dedbd6bcfab6a993499a95f858b89d5681163c2772d0ccc6f7b5fe5b662dbf9bc2daf1883bc99d4f7c48969d73c451933ec98948f6a6d131e1

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\swresample-5.dll

Filesize
239KB

MD5
9dfa3bb531cac53cb059e17e587e9b5f

SHA1
f2ca953002cd42764bfba1a136e4ed6dba66c43f

SHA256
48f1d4fe98ee50a8717d4e14c51d77b70eefd2d19c6080afd26aaca87c3f662c

SHA512
7f1cb77b68b7ffc378320e2d836021cc1e06b3ef3aa2c410bda9bf2d39267e2b9b09236ac5ef6700a2eb6d0d3414712f4b532535ca9ac8a69a71fed83d25b40e

Download Submit
C:\Program Files\Video Thumbnails Maker\FFmpeg\x64\swscale-8.dll

Filesize
874KB

MD5
9693f46b34674953835307a3b9b129f5

SHA1
81fc4c3dcd42ecfe9c624036cb45e7ce01351ce9

SHA256
dc03d45747c6900fc3627028ac49f0391b1a2cbd7173eb598ea0c7a32b127a5b

SHA512
98bfda1fc2b6c8e41d970c31709c37283eb52a62e730f9134df47ec122644fc42ccf7c2cdf87dfb2a84df916409345c2020d500549bf56ff1e15395e04cd3f93

Download Submit
C:\Program Files\Video Thumbnails Maker\PicturesThumbnailsViewer.exe

Filesize
1009KB

MD5
bf6aef8de1ae9f5393bf7736beddeddd

SHA1
a640b843bbf4d950ee88fa3dd8356d9a13acfc3b

SHA256
a90e14860740acdee245d9584beaa2a9ca3927c14ce6b9bc3e64129aa5596ed8

SHA512
fbefadc80ab77e716e8e59a4edfd3025e61af3060a3168c512c9e978232b6370c152b49209f1ca90fc06283fab9db173f710d25bc8e8d304924f7190c5759f74

Download Submit
C:\Program Files\Video Thumbnails Maker\VideoThumbnailsMaker.exe

Filesize
3.7MB

MD5
dced938a33439b5e42a3cea767e54085

SHA1
182f398c003ab78adda33e2f8df6e87acc48eb43

SHA256
b1df30dae2829ee8ff1959eb2351b24b3c51242aa0cea5d1d38f06c8d16f7614

SHA512
1465cc568ff79579ac50abc430e1a18387fec030210a79be484f5289fcf49285b139bc00e984dbd5e49188392be0403a8d60e80fe02eaae196a3402695b21b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9694.tmp\DotNetChecker.dll

Filesize
85KB

MD5
7ba49f3f086dc16a2863b0f9e704916c

SHA1
a3045477d3af46e31d12479f02a1b64666ba8be2

SHA256
263fe61f2f50cffa5356af07b027a691c6640a04245e88ea9734dd84bd735289

SHA512
3ea076b68126a7d451703dbb58f616bf272788fcbceb02c6b12855fcd4f204c0a94a4486b73f4daac6002a74f4f0f51f941654ad11af56ec38e5eb6cdd3fcb2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9694.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9694.tmp\nsisStartMenu.dll

Filesize
5KB

MD5
8cc6e3eea71d040f30a3fe34c00b27fe

SHA1
94d06eac6b90a0e70a3dc039233bfbf0bd1f08a4

SHA256
bce8f1df36b787963bddb6496f44a148ba1a7b56d4c2a02f7e059f2258b1dc0c

SHA512
e030918b5660f51b7f77f342bfcb68d5d3749f997e45670558b153ae0cea76c508788edffa555f1a24d6934838db989a8333e76a9869e70a89b0bc2df71c9ce7

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
76B

MD5
e852198309857cb959c3de9590a02a76

SHA1
b897df7b9d971cc92c732a50cf594c95fe9c1b54

SHA256
3bb1e876a3d9d855bd8c99f1893a456d4e9de46a0865034666efafbdb6f59f14

SHA512
89ecb5ac6eb941447d866fa61a0e01558cd72bff2805c36abd9bd1e6a8f86b465d3439292fb1ccc774e079b8163e0824fc697c11db5907ecb6a9f9748e60335a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
534B

MD5
9c3c037c47371aae99aea10921940dac

SHA1
55e7b76d9fa57c9fe911d73bb3adf41258ff6ee6

SHA256
aea85546f345a6b817dd07647501418fad6d83f8be67a312e7b49c843a0917a4

SHA512
03205372241dcfe1238a10000b4c0bfc8d9debe57d2d9823bfe2a536a687f547b277716ba5b08dca8f8a11a863cd30f27873e12da232b2cec24dd25e6dda8432

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
788B

MD5
f7bd58be22fdfb1ea577a8777115c731

SHA1
596b51809947befee29ae0bf9ab600d1e7b3f048

SHA256
ecfad19c1add7c336fc515282af7943a41d7b5e47fffe14dd17d184d7d7f7aaf

SHA512
46327c8f8cc40ec1785462561078c7f1d7ab84617698d78e178b63dfe2937c6baca9b8d72393461af68771305a3a4d9ca70682fa82cb8f243b0ba6e7a6ab9e20

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
840B

MD5
d087fe458af93bfcda5fc088b0725131

SHA1
90928d989268d087c72afd1a8933d2775370a25e

SHA256
6086d037a5a91bca4fee5bb0ca928e0756b50d7c694f9cfa7e739ee8dffe636e

SHA512
f7c4ea7d1c058548fe737d782e8a5e3daa4530ea28b920d9d62881705bd8a997b5e330979f7898c321ffdd31ffd4449886594a110d23bfe33bcdb914874b441a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
4f3aede44ba5464f70073ec0a478cb67

SHA1
07beb6c1de4cd14946355276931e8c8cf613d844

SHA256
064e6bb1bc1328f90c652856beb4c283ce85c73124c27873ca43c450fdad8d1e

SHA512
3623e264d53b30b34418ec787a9609192a8eb2e7d20b7062c07c2391358385785fa8f17f67317ca86cb171b9e9a72846f83819c1e1f3d50eb9f7aed3b65e3f80

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
memory/2712-214-0x00007FF8DEEA0000-0x00007FF8DEFAE000-memory.dmp

Filesize
1.1MB

Download
memory/2712-211-0x00007FF7EA650000-0x00007FF7EA748000-memory.dmp

Filesize
992KB

Download
memory/2712-213-0x00007FF8DF570000-0x00007FF8DF826000-memory.dmp

Filesize
2.7MB

Download
memory/2712-212-0x00007FF8F9770000-0x00007FF8F97A4000-memory.dmp

Filesize
208KB

Download
memory/3428-187-0x00007FF8F9770000-0x00007FF8F97A4000-memory.dmp

Filesize
208KB

Download
memory/3428-186-0x00007FF7EA650000-0x00007FF7EA748000-memory.dmp

Filesize
992KB

Download
memory/3428-188-0x00007FF8DF570000-0x00007FF8DF826000-memory.dmp

Filesize
2.7MB

Download
memory/3428-189-0x00007FF8D9630000-0x00007FF8DA6E0000-memory.dmp

Filesize
16.7MB

Download
memory/4692-92-0x00000289D68B0000-0x00000289D6950000-memory.dmp

Filesize
640KB

Download
memory/4692-107-0x00007FF8E1210000-0x00007FF8E3643000-memory.dmp

Filesize
36.2MB

Download
memory/4692-109-0x00007FF8ECA50000-0x00007FF8ED512000-memory.dmp

Filesize
10.8MB

Download
memory/4692-108-0x00007FF8E6010000-0x00007FF8E63F9000-memory.dmp

Filesize
3.9MB

Download
memory/4692-105-0x00007FF8E6400000-0x00007FF8E759A000-memory.dmp

Filesize
17.6MB

Download
memory/4692-106-0x00007FF901AD0000-0x00007FF901B0C000-memory.dmp

Filesize
240KB

Download
memory/4692-104-0x00007FF8ECA53000-0x00007FF8ECA55000-memory.dmp

Filesize
8KB

Download
memory/4692-101-0x00000289FC7A0000-0x00000289FC7C2000-memory.dmp

Filesize
136KB

Download
memory/4692-86-0x00007FF8ECA50000-0x00007FF8ED512000-memory.dmp

Filesize
10.8MB

Download
memory/4692-85-0x00000289D3ED0000-0x00000289D3F18000-memory.dmp

Filesize
288KB

Download
memory/4692-83-0x00000289D41E0000-0x00000289D448E000-memory.dmp

Filesize
2.7MB

Download
memory/4692-82-0x00000289B9670000-0x00000289B9A2A000-memory.dmp

Filesize
3.7MB

Download
memory/4692-81-0x00007FF8ECA53000-0x00007FF8ECA55000-memory.dmp

Filesize
8KB

Download
memory/4692-386-0x00007FF8ECA50000-0x00007FF8ED512000-memory.dmp

Filesize
10.8MB

Download