banload | 7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc

Analysis

max time kernel
145s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2025, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ez_cd_audio_converter_setup_x64.exe
Size

43.0MB
MD5

ba00fdb5d0a8fdec748833043daae5ed
SHA1

f9ec9d235266519fe802bb7c820eb9510c81e6da
SHA256

7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc
SHA512

c9ef7fecc95f24f8c517bc7529bb70d41f1c1ea75c4e25a1e86c22888a3117923a979eecefe927599a7776a562a06dfc96e0642358f34ed80396a87deb6849d3
SSDEEP

786432:nxy8LH4TmjWNY2Iha+fNuJsNCHYlvSkaU7VZFCUA9tzHhe8xMlOStDJUJh:nQMHUml2DqNuJsdlKSpPlAT7he8xMbta

Score

10^/10

banload defense_evasion discovery downloader dropper persistence privilege_escalation trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ezcd.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ezcd.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	ezcd.exe
File opened (read-only)	\??\D:	ezcd.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\EZ CD Audio Converter\dec_wma.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_wavmp3.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-datetime-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\metm_flac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_ape.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\ucrtbase.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\ezcdshell.appx	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\italiano.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\dec_aac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_eac3m4a.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_m4af.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\greek.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_opus.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_flac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\ezcd64.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16_altform-unplated.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\metm_mpc.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-time-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_alac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_tta.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\metm_aiff.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_eac3.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-math-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\resources.scale-125.pri	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-200.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\german.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_mpc.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_xheaac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-profile-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_w64.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-libraryloader-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\uninstall.exe	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_aiff.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_thd.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_eac3mka.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-32_altform-unplated.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_wav.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_eac3m4a.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_au.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\vcruntime140_threads.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-fibers-l1-1-1.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-125.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-256_altform-unplated.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_wav.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\dec_flac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_aaac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_m4a.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_m4b.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_wma.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\vccorlib140.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\resources.scale-400.pri	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\metm_sacd.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-40_altform-unplated.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\croatian.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\english.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\romana.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_ape.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-stdio-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-150.png	ez_cd_audio_converter_setup_x64.exe

Executes dropped EXE 3 IoCs

pid	Process
4232	registershell.exe
3876	register64.exe
1052	ezcd.exe

Loads dropped DLL 64 IoCs

pid	Process
4532	ez_cd_audio_converter_setup_x64.exe
4532	ez_cd_audio_converter_setup_x64.exe
4532	ez_cd_audio_converter_setup_x64.exe
4232	registershell.exe
4232	registershell.exe
4232	registershell.exe
4232	registershell.exe
4232	registershell.exe
3876	register64.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe
1052	ezcd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ez_cd_audio_converter_setup_x64.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn"	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\VersionIndependentProgID\ = "BDATuner.DigitalCableLocator"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD"	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\TypeLib	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ProgID	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Version\ = "1.0"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32\ThreadingModel = "Both"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn"	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter"	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ProgID\ = "BDATuner.DigitalCableLocator.1"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\ = "Burn disc"	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\VersionIndependentProgID	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Programmable	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32\ = "C:\\Windows\\System32\\msvidctl.dll"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\TypeLib\ = "{9B085638-018E-11D3-9D8E-00C04F72D980}"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Version	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD	ez_cd_audio_converter_setup_x64.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1052	ezcd.exe
Token: SeIncBasePriorityPrivilege	1052	ezcd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1052	ezcd.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4232	4532	ez_cd_audio_converter_setup_x64.exe	81
PID 4532 wrote to memory of 4232	4532	ez_cd_audio_converter_setup_x64.exe	81
PID 4532 wrote to memory of 3876	4532	ez_cd_audio_converter_setup_x64.exe	82
PID 4532 wrote to memory of 3876	4532	ez_cd_audio_converter_setup_x64.exe	82
PID 4532 wrote to memory of 1052	4532	ez_cd_audio_converter_setup_x64.exe	83
PID 4532 wrote to memory of 1052	4532	ez_cd_audio_converter_setup_x64.exe	83

C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files\EZ CD Audio Converter\registershell.exe
  "C:\Program Files\EZ CD Audio Converter\registershell.exe" register
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4232
- C:\Program Files\EZ CD Audio Converter\register64.exe
  "C:\Program Files\EZ CD Audio Converter\register64.exe" register
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:3876
- C:\Program Files\EZ CD Audio Converter\ezcd.exe
  "C:\Program Files\EZ CD Audio Converter\ezcd.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Enumerates connected drives
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\EZ CD Audio Converter\Language\arabic.uni

Filesize
28KB

MD5
09b253aeef15d8d21d8e9a1a9a360b8c

SHA1
305f148c0f37e99a6444cd9cfbce64eadda3475d

SHA256
715d37dffff24b4a377633cc63c3cd961124536a51af852201f20775f83c3ccb

SHA512
3f9eacad2fbcb2995646c475d7fc31a3fe6e5a3ac92074e0619597663b54a815d8f212d4db1f380e92b743169782d12ab1e1b0697a211dc2cf6d5af1512d8eb7

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni

Filesize
54KB

MD5
bf674d7f8180a6b389d0ef8ba295a313

SHA1
eeb6ac6206475be881cfd1ef865e31b72f8e892f

SHA256
973e04c3c5f270ef5726482f18e89918e09c11a061747ef60d708529feec1e62

SHA512
af8542decb1486774a467f414c4e6b54a532b26510b632c7b0594d3639ced13a0c73fbdce3ba54e3f3f850386fa7fab927b1278c861ea159b4dcec9f7cb49557

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\catala.uni

Filesize
55KB

MD5
e7ff135471134df105ec767441b81d98

SHA1
3b31729f341a098c4f818d11edb6df84049eac8c

SHA256
1ffb53cd58b317d98572f6e74e612d73fdf52416c72f0eaaf4670bb62297b09d

SHA512
0332e8633c162311a61214e48c099eebb906b6f82787e5225ad1baea438eabd69099b4218d1212b82ae656ad3649b77873e7be0204c92312822214f3da7aae2e

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\chinese simplified.uni

Filesize
24KB

MD5
783d1f05b80b184ee9fabaa7d1f77d73

SHA1
4ca03e156fe900ea1072f949513996f3f0a0ca96

SHA256
81a0b1956e2887797bf08fe7711557c2d814c15cd2777d0314fe65cf80464d94

SHA512
69f3a5f8fbab494b34297f91dedaaa28272669dc5945545ee2c4dcd0da0c2657abf462a2a6dd744cea0ffb28b9afb0a1a9c318ead8053ea33b061969a94b0835

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni

Filesize
22KB

MD5
6346bc9d97093e742dda80040ee4f622

SHA1
c62471af4d933bf99259cf454ac34a45bc07a11c

SHA256
41e8a38eea1d9709db2f3c97f6e82d04013f695815ccbe4f036d78279d7386e7

SHA512
5172e8eee2f924afefbb760ad4727f0c97c8a3c702946fe1894af078ec353d1c93d992f200d2a180d95308c0bfdc9d74dd285c7a4d1bf32bee8e3d0a43c3088c

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\croatian.uni

Filesize
36KB

MD5
a6e3967e43f2d6b2fc915a6d5a43419a

SHA1
4b67bc5c402bbbeef4a6e5ba9f5384ef17562444

SHA256
4f843a505dff7a247fdc39f7b71a4e4891ac1d4f9ddf8f14cbfcf2313139ca9b

SHA512
32ca334015b9e0657fdb1f99cae4459f3fc7166445b0035cf28800baa71ca3c5242a08ccdd60930e931f69a5d9a4eba6dc09a77bbe5e788559d557ccec724733

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\czech.uni

Filesize
50KB

MD5
57c251ec455363e3e329e6184e63edbc

SHA1
3d8eb9f5b020963306f3440ca36c61a99635beb3

SHA256
6ec94a136e0f07ad1be36b4f17387472487575ca6c81c0e08a1aba18a9d2bd2f

SHA512
6bee4b08b1530461e1ea9b0c19a1ca5c18fbac333f4faa5cdf1601b4e1cfd706d88abe92b0c11f04875bc9c0644116accb6da142c57e2dfcc29d418e9d211942

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\danish.uni

Filesize
31KB

MD5
ef3d6b4d02dc2aefe4eeb11f9dc37b22

SHA1
1c7744a1289050b200f9eb2692ba2238dfab5356

SHA256
d2d03f7ba9138ffc9cad98ac14d65f0f787d82a2f41ba0fc362c02611afc440b

SHA512
8b65a831b3059cf85e85067d9c7a2530dc9c1aa2e2245c047921d9d4aac8bc06092f4462e27ef5c4b4db488400831263be5b020c16a95cf144c48bd9a83c62fb

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\dutch.uni

Filesize
47KB

MD5
243a28854df48ad66f9107e457df1745

SHA1
b353b9a7d54f65a1d37c0a78fd9f3bbad1345b8c

SHA256
8a826087cb692bf33fe8a964a11b37dda5f575f9b3937ba6fb2f36661d7c9ba6

SHA512
d55be5fec229a91142b44bfa854f9c78fc0360f94cd0cbf76f44a073faa2118d22347efa655ebcaebcc6d1e788b8b474e4a861ec068bc8c2038a5fa3921a1413

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\english.uni

Filesize
42KB

MD5
69afd56fea5d69ad2db8f62bc638494b

SHA1
5859ce23b4fd654c20d36cffa2528dfaacfe07f0

SHA256
e3126d90bff119edc9b80cb7088864a33f8f8cb786ca0934848e708a49678956

SHA512
5efec71843bbe63905d897130f36757b9cfbdc4d3e4b74b3abf4ddc18b29e290185b9a651503da1fd277a04f8680713d20e5785e4b4a6d22c75cd61b438f6378

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\estonian.uni

Filesize
50KB

MD5
9738157a0f5f66693fb2b82f413c0bdb

SHA1
e59bedb8c9bddd4ea879d3c863c9ceb24b608dda

SHA256
23b61b7be86c306558189288bd02dc3bfc4cca26f5c7704816e3054be941bbb1

SHA512
fa5811bdecc5713140acd0153fc60f7ae52af62f483ffcba08db36f052d91e2b6a1303531c2b0a328ba56b1b511bc023e64d7b1e389136f8fa0c5b775500c25d

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\finnish.uni

Filesize
47KB

MD5
30c946ac93066e442bcc31ac6398ac96

SHA1
9513a51990068dca9e03e11a3aa54b7e1e0260d5

SHA256
905735eb4eeacb207d34bc9b86926b0be77a9cad0e25541b16879bb6060e8f0b

SHA512
26c6b49ad32b9f52a803729bcd9b3ecef954f5c7b7890c34db089b80280ff1e4d5543ca0e24e3d1627a334d48672982d07813da31402326c6f4136f21d74a872

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\francais.uni

Filesize
56KB

MD5
01674fa4659f401cc290942911686af6

SHA1
b7aaae4e3587c4df47f38586301a1d12053bbe2f

SHA256
22ec546cee32f9b025b2ae10ec04e2c8a0c19902dd1c175bef4877e5a0c60277

SHA512
49fc6a46b147322dd9038648ed9553042fc91f65f60442d3bedd836c89d8f0b6f5d0bda155656bd986d77d2060efd0795cbfd3ed0a5c29e510660ecc5ad57a3d

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\german.uni

Filesize
57KB

MD5
f49b8ffbd1c938d10e0e362a4f20872d

SHA1
b68f7977a3713dce897acd0dfe394958f0e3a08d

SHA256
32a8dca0e6acef0ea0c9d11991b16ac5abb2481f383a8cb6d7851f3c45ce171a

SHA512
02f90ed5330a31d6444027c8ee8bdfcb04090efe3e6a2c46d40385b2290057b0044626eacf3db8c8bfd1b83cedd66772ee8940a848500cc411d12d4978e051b2

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\greek.uni

Filesize
44KB

MD5
14274c057d174ed397f0096ec3a7f4cb

SHA1
2d8f38d637c959450c97a7bf852a51e83e209ca4

SHA256
41cd23a2821d278ccd8b72ab1d2fef34410cc4b2d8d95695e5b3815f5f5e539a

SHA512
53e41f6e62e8e7ea53e39b1993923909c12b4b68cb837ec62b4bad7bd9ae3c86479ee534ba68ed97bd20cdcc58fe65025d380218ea3c379d732a4a8f7baf49c7

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni

Filesize
52KB

MD5
52f7b58dbfa62a43e6ab86d993ee8595

SHA1
812ba8071c02b10c19a1fd0d41f5876b50783e5b

SHA256
436171f9af16e276683cd34eb67d29ce40db6bd43d216e3ab86370a327e52871

SHA512
ba27a3947b6f39bdd0e2e126ac26b5b0d89dd401fd386aa92270b6008bba58661ffa4e12c46c8850c6030c31b13a2b63d961fffeee6a94c9e3147b3ad6f872da

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni

Filesize
29KB

MD5
a46be4f1df1a691f94bab2adbb738b3c

SHA1
bc1bd472f48776f13edf791da8cffd5cadc7d441

SHA256
1a28cb0f4fdfd3a09228ca9c1da9661158d7003fa7dd6288e7d82e3d31513544

SHA512
522138ce3b3df1c089192e20828a8431f22fe2309e0c12112241df83a2e319db1221119ea24b821007ec6b94ccc5170e0262b6de661384b7fc884c632fca5776

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\italiano.uni

Filesize
53KB

MD5
f6ff0c148cff8f09b4c8242d001493d1

SHA1
841ff07368a734c89a5fda1e3f170cc1616fb7f0

SHA256
98a7afb435b194b15aa65683f28ac108619b06a634e978e76eb10cfa80fd390d

SHA512
859cd149c8b93d4587a5c8866b8aaf57644f256d5e049bd458aa4b4aae1b1fe4715238103b61d23343f1261c41c73290a98f32e791d35fa02b2f8a22dc918217

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\japanese.uni

Filesize
27KB

MD5
db7f63c236638379d4863e84d86b23fd

SHA1
8f33a6aff4178352e489af9ade390adaabeca01a

SHA256
76c3a1af9b81f72d53f83ac6ce9c74770d063609b09557f9b8d7023aeeee4a20

SHA512
15a5c7c40e22260a1112556ce4962fdb2dddfb3eb7edd2cb5b47dde12e018c47ac1e559b427f00d59533d265facc7759af2e760e5a8521162f7b20467282e443

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\korean.uni

Filesize
32KB

MD5
3c73d8cd6b6ae690b60d3923d6c630b1

SHA1
aa5cafaf1a4fdb87087b719fb8bdc640f7dff4f0

SHA256
cbe42126f0295b61f0314370cfd244a05cde77763890c219f54e52e30d8446fa

SHA512
1a16cc3262b54875047da4a94a3469028ecaf2c52dbcf2c3b0095649a0772153db681f3ebd9d1024647d6988deda460c8e1a2c11b83b5cbd7fd27f130aa08e07

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\macedonian.uni

Filesize
31KB

MD5
182ded886ff1728f8a373e20b62908d7

SHA1
289ae7c0cb9f8ae719cd7eae2432b11d4a6a4445

SHA256
0234876add47d6c6f08f26008c9b2715aa287f1653ba361e8e690469064251c8

SHA512
2e33e04660e1670cb8e06eb1f1a3cf427640070c4a37e3c1d2794114c81cdbcabe46fa1df2096ea114b6e23d28652c9c0ecbd398e7300daa1c3f59a415a8c2a1

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\norwegian.uni

Filesize
22KB

MD5
e4ff4dde31c1139623f04c2654d67992

SHA1
afe4226b938e0d023146997ae070ebd2ea30177d

SHA256
ac4b23ea7ec0ea5c47df9eb3bcde31d7877213dbc2b3fc6b519fc9628ef2432a

SHA512
07e36e979599efd766c37c8f619aa5b99671def047c44bc4a2bc92c3a4b5ba9a94df32a76700fd50585aaf71b15f66872040e30fe25390220e896994a723e38b

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\polish.uni

Filesize
45KB

MD5
1eb1138cb6f62fcd8d6bf4fdda99ea29

SHA1
19578f77a946a70fa59344cadb7e41e95e9c683a

SHA256
fb440e0cce8b2c6b711202b73ca5145bf51d6b2e0e34c7ee9cbf3a2b2bc0c547

SHA512
46626773849e543e336c9a72285cdfc5becf2e2c0ed902d1fabd8942668e320945ad1169bbd992f7296b1abaa7390d008e9bdcc49a0790c4e83b283ee0a7120a

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni

Filesize
54KB

MD5
a251f6405ed3c939d544a0e6234e2b9f

SHA1
dd428750e3a52f31f81148332ffdd2de493c069a

SHA256
52ccf4b5bf24c9b2ed7ff81a510e9535c699891777105f1fa265a3e092557ea2

SHA512
536ee60e0cc65191a4aab5094d56a9251ca4ab2d32f305eebf057f9be5e3daea06a879cbb1434b0f2351c9e4c9c9cabbdbf91b64c76ff0ce24b9155b0eccb27d

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni

Filesize
41KB

MD5
9bd473902ca5331d846eb55acb505765

SHA1
784923bb5fab95c17d82bc1dd0dc5643e5902241

SHA256
c047a33f32f3fe66610fc6981564c3dd733c6ad7182d4196cdc0c3c61beda480

SHA512
4b7d2334c21baa8f0a3f72e460a20bc50bcaa7e0ed3edb5a9a9abe6887ddd6d20e6db0400266eb66e744169b42bc4af44c3e2d566e4e94219293c22127259ce7

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\romana.uni

Filesize
51KB

MD5
219a0f40a1327d134a0acab5e72cd2b9

SHA1
3f6e0ebbb51ec5a8c496304e15ba3ea59b738cf9

SHA256
4ade66e433fec96a9a09d0e977a6ffc522bfb97cfffcd9e07e9969364bf679bb

SHA512
e82674877ab71da9548204cf553c04c167b7c1d21388a1ace373e7f4a7c3e49146786729a2b4d5a429569c407eb827b1829cb873f7891edfa1e0192d9516e476

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\russian.uni

Filesize
55KB

MD5
3c6ea4277df7e6651e610497df69ccfd

SHA1
2b99e51b6dcafdc7ca9d6a322cd92166ddb5c6b9

SHA256
b1d7c36ae1979216e9ddce04234625f24fd6c9da42c560482073deeb782f0cc0

SHA512
9f8f543d05369c072c6703cd15957c58ed2e8cacb3786677819cc175e1c1c6a7c5ddd9bd7ddd940f864130acea59381f058a924e1c1c23edbfec5cfdedacbe9e

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\serbian.uni

Filesize
25KB

MD5
f19d25859b6c33e54dd8d800e8ca90c4

SHA1
cbb1bac8b69f3b1901a39e52eb6f601dd964a513

SHA256
c2471b3fa616c224a82245c5b78adcffc41dbd6716944676d58769f85e8410c8

SHA512
c9440d2eb2953c74c8dee493fe7e83ff17c4da34953653cc47a47b3c402209f295d308bb03ca44f76729df011e1c117d4281d9b5a66ffa48e6c514a8be877a21

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni

Filesize
24KB

MD5
2c721380846071732c0683724a8d1462

SHA1
aa4a5d2f233454f8afe222cdf2a8e65f8b75ed5c

SHA256
bf064ae5468ecfcfc3e1afb34115ac2c0d4d1b8ec6bbe00ba3753b2ac7f51913

SHA512
ec09a958624f9a989fe945cefa7f7e3f3836eb72b5258a6b0402ee1ea6cfa5b27707c9d27e94a481d2817ff68317303ec024c2301266cd79f00f273f46d69a10

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\slovak.uni

Filesize
51KB

MD5
1747746e061cc56ddd5d134fbc1fb432

SHA1
22d87e5539ac8178aab2d9b8207ab409061d26b6

SHA256
021e0ccc518f5759fb282162f5c93dfcaffb45272764db16033fbd340bbf8788

SHA512
6d5000d498cbda152ed6edf43746f412d20c47ff475952d0e9351470e512d2ca5baf3f128ba70441907fbe6e39ab1f040b55c3a44267bc1e4627bc8ef4f9b53a

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\slovenian.uni

Filesize
51KB

MD5
76f5d7a64a37b0cafcd218d483d44a64

SHA1
d5e495c44d0ba40cc3d31ea4b80094d00b1360cf

SHA256
ecf97d9575b361919e51b4a886c1bb2c78dde2ee35970927f5efc7aafe87a12d

SHA512
9f558f1c93ee22db3003870ee092c176a82c48732abb945faca6b59e844ffbb0bd7dfacf390ef953e966f841919d5bd4a8c35cd772281e6fc3bc5ba21501cbd4

Download Submit
C:\Program Files\EZ CD Audio Converter\Language\spanish.uni

Filesize
57KB

MD5
15b4182806df5969d9d420f07e238e18

SHA1
e6a16903591d882fdc2a8b8a3137e7f70f03e64d

SHA256
329b097a406a6059a8124a870498555896946218d8472afd56c0480f3dec6efc

SHA512
f96ecbc4b33824fd70631014e7da6d168555905b11d0aa65f60b77d30f4c74645fa8f6439e37b648d1f9f324c2bb4dd1df48e98e05cd3a735be7ef9f3b0f314a

Download Submit
C:\Program Files\EZ CD Audio Converter\acdbase.dll

Filesize
4.9MB

MD5
518475fd02ba061f30ac7419c63ec0ec

SHA1
5826f8e6c7486c4893ab3dc8294236f358d49ab0

SHA256
f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1

SHA512
08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006

Download Submit
C:\Program Files\EZ CD Audio Converter\ezcd.exe

Filesize
8.9MB

MD5
9d261d76035282c574e39f8cab1dcae1

SHA1
9086ade86ad5db6fa13d5717e6457f4eee99bbfb

SHA256
f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa

SHA512
5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6

Download Submit
C:\Program Files\EZ CD Audio Converter\ezcd64.dll

Filesize
692KB

MD5
af4b35101d3f77fae67f9a0fdcc62559

SHA1
3b94904a6565bf46e47baecb5e1ee5d1701a19a6

SHA256
cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455

SHA512
3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15

Download Submit
C:\Program Files\EZ CD Audio Converter\jiso.dll

Filesize
80KB

MD5
f5afc2baff5e79bc0ac8cb54773573a5

SHA1
3911e55d07b83ce3ee4676fd6e3008705128a079

SHA256
47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4

SHA512
4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d

Download Submit
C:\Program Files\EZ CD Audio Converter\libmmd.dll

Filesize
3.9MB

MD5
14d1c437d435367d79d9242ab63e4612

SHA1
203b36a74933fcc82bdadae426348c1f6c43f7aa

SHA256
e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa

SHA512
fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63

Download Submit
C:\Program Files\EZ CD Audio Converter\msvcp140.dll

Filesize
562KB

MD5
7acbc57d268a691247b4a94fecfa42b4

SHA1
67bd76111b4ab8f4c0692919153dde2e7c8070f1

SHA256
b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1

SHA512
b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88

Download Submit
C:\Program Files\EZ CD Audio Converter\register64.exe

Filesize
148KB

MD5
5872f17645e7ae8436d7607bbbf16cd2

SHA1
767b605431383444afc4d3ca714cc1a9e57f75ff

SHA256
d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d

SHA512
dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326

Download Submit
C:\Program Files\EZ CD Audio Converter\registershell.exe

Filesize
180KB

MD5
6d9a803c57ac1b424aa8c6f6bc3556fb

SHA1
c084d1e191598cb6e9c4bbd25a1a73f1252985a1

SHA256
08a5240713d54fc34b2b70e67ce6dadc24305f9958707ff07df163729a9de3f0

SHA512
2c597404f5e30c7d45d346c8252ba78de61244a794f6b3f5c36ab837f2d041de3c879841ac58743de2a8c7d302091b6fde4a6cc8cdc8d1c18e16c47053ddce17

Download Submit
C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll

Filesize
17.4MB

MD5
ffe3e9d3164c6bf14d9eacb31f13fe9b

SHA1
8fb1513242d736160ce3e1749833544fc2c61e4a

SHA256
415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90

SHA512
78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b

Download Submit
C:\Program Files\EZ CD Audio Converter\vcruntime140.dll

Filesize
117KB

MD5
32da96115c9d783a0769312c0482a62d

SHA1
2ea840a5faa87a2fe8d7e5cb4367f2418077d66b

SHA256
052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4

SHA512
616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

Download Submit
C:\Program Files\EZ CD Audio Converter\vcruntime140_1.dll

Filesize
48KB

MD5
c0c0b4c611561f94798b62eb43097722

SHA1
523f515eed3af6d50e57a3eaeb906f4ccc1865fe

SHA256
6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8

SHA512
35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

Download Submit
C:\Program Files\EZ CD Audio Converter\xml.dll

Filesize
304KB

MD5
3b46b8c2dc90471da655378a8fad1d89

SHA1
13f3e2c41af61201579adf66bfc1ea97bf8a528e

SHA256
56e1011249acac6ef464782849ac4c4ede75c5c821f89e8e2adfb6aa8a2c5a1e

SHA512
94d90ebfbeab89d6275aa820202d9f1974077901f8e63240ad3333028a976c3c2a8963f33eb7e2aac52ef6669364c2b3d6db6cc1a13236f32e35fe6a1f5b12f1

Download Submit
C:\Users\Admin\AppData\Local\EZ CD Audio Converter\converter_normal.txt

Filesize
682B

MD5
5fe1e6f8fb8ac21f63049cf39089f53a

SHA1
3176505294c2b2022fbcd227a2493b2a20fb2533

SHA256
b4e717f9ef7af9ba991f9c36b56cb9b4f51fe3b8f29b738496f3af4dcb48d47e

SHA512
a9668866637c6f5e22ea0bcaf2fa56d81beb78540b419ef8ce41118d0cf7cbf766f38b8c0d6ab72839f2874075aa1e8526a815d95d9f05e4a2a59d00e9640ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\LangDLL.dll

Filesize
5KB

MD5
08de81a4584f5201086f57a7a93ed83b

SHA1
266a6ecc8fb7dca115e6915cd75e2595816841a8

SHA256
4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

SHA512
b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\modern-wizard.bmp

Filesize
150KB

MD5
5dc251b994c2499628eaca24b0ec587f

SHA1
6904b12c39e4765414a4502ca59bd6405e39b364

SHA256
22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1

SHA512
ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\nsDialogs.dll

Filesize
9KB

MD5
ca5bb0ee2b698869c41c087c9854487c

SHA1
4a8abbb2544f1a9555e57a142a147dfeb40c4ca4

SHA256
c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324

SHA512
363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

Download Submit
memory/1052-433-0x0000000004050000-0x0000000004238000-memory.dmp

Filesize
1.9MB

Download
memory/1052-395-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-376-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-378-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-396-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-374-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-372-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-397-0x0000000004050000-0x0000000004238000-memory.dmp

Filesize
1.9MB

Download
memory/1052-381-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-363-0x0000000004050000-0x0000000004238000-memory.dmp

Filesize
1.9MB

Download
memory/1052-379-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-377-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-445-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-447-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-451-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-455-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-461-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-466-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-474-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-477-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-483-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-487-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/1052-492-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads