Malware Analysis Report

2025-03-15 08:30

Sample ID 250228-2c2k4a1px3
Target ez_cd_audio_converter_setup_x64.exe
SHA256 7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc
Tags
banload defense_evasion discovery downloader dropper persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc

Threat Level: Known bad

The file ez_cd_audio_converter_setup_x64.exe was found to be: Known bad.

Malicious Activity Summary

banload defense_evasion discovery downloader dropper persistence privilege_escalation trojan

Banload

Banload family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Enumerates connected drives

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-28 22:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-28 22:27

Reported

2025-02-28 22:30

Platform

win10ltsc2021-20250217-en

Max time kernel

146s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
File opened (read-only) \??\E: C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000\Control Panel\International\Geo\Nation C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-namedpipe-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_raw.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_am4b.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_xheaac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_w64.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_w64.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\resources.scale-125.pri C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_flac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_ape.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\notify.wav C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_wav.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\vcruntime140_threads.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_tta.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\ezcdshell.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\arabic.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\russian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_thd.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\CoreAudioHelper.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_w64.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-util-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_aiff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\concrt140.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\danish.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\german.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\turkish.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_opus.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\deviceio.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_dff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\resources.scale-400.pri C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\debug.log C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_wav.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_am4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_m4b.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_dtsmka.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\MatroskaMetadata.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_tta.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_wavpack.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_vorbis.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_ac3m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\serbian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\spanish.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\ukrainian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_wavpackdsd.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_wavacm.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\polish.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\EZ CD Audio Converter\register64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\register64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\ = "Burn disc" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\ = "UsersLibraries" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\InProcServer32\ThreadingModel = "Both" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\command C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\SeparatorAfter = "1" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\LocalizedString = "@%SystemRoot%\\system32\\windows.storage.dll,-50691" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\System.IsPinnedToNameSpaceTree = "0" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\Description = "@shell32.dll,-34646" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\SeparatorBefore = "1" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\System.PropList.DetailsPaneNullSelectTitle = "prop:" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801} C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\SortOrderIndex = "84" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\System.PropList.DetailsPaneNullSelect = "prop:" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\DefaultIcon\ = "%SystemRoot%\\system32\\imageres.dll,-1023" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\Programmable C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe

"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"

C:\Program Files\EZ CD Audio Converter\register64.exe

"C:\Program Files\EZ CD Audio Converter\register64.exe" register

C:\Program Files\EZ CD Audio Converter\ezcd.exe

"C:\Program Files\EZ CD Audio Converter\ezcd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.poikosoft.com udp
US 35.227.194.51:443 www.poikosoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\System.dll

MD5 6e55a6e7c3fdbd244042eb15cb1ec739
SHA1 070ea80e2192abc42f358d47b276990b5fa285a9
SHA256 acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA512 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\LangDLL.dll

MD5 08de81a4584f5201086f57a7a93ed83b
SHA1 266a6ecc8fb7dca115e6915cd75e2595816841a8
SHA256 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
SHA512 b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\nsDialogs.dll

MD5 ca5bb0ee2b698869c41c087c9854487c
SHA1 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4
SHA256 c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324
SHA512 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

C:\Program Files\EZ CD Audio Converter\register64.exe

MD5 5872f17645e7ae8436d7607bbbf16cd2
SHA1 767b605431383444afc4d3ca714cc1a9e57f75ff
SHA256 d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d
SHA512 dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326

C:\Program Files\EZ CD Audio Converter\ezcd64.dll

MD5 af4b35101d3f77fae67f9a0fdcc62559
SHA1 3b94904a6565bf46e47baecb5e1ee5d1701a19a6
SHA256 cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455
SHA512 3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15

C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\modern-wizard.bmp

MD5 5dc251b994c2499628eaca24b0ec587f
SHA1 6904b12c39e4765414a4502ca59bd6405e39b364
SHA256 22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1
SHA512 ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1

C:\Program Files\EZ CD Audio Converter\ezcd.exe

MD5 9d261d76035282c574e39f8cab1dcae1
SHA1 9086ade86ad5db6fa13d5717e6457f4eee99bbfb
SHA256 f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa
SHA512 5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6

memory/1976-352-0x0000000004030000-0x0000000004218000-memory.dmp

memory/1976-364-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-365-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-367-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-368-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-369-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-370-0x0000000000400000-0x0000000001D86000-memory.dmp

C:\Program Files\EZ CD Audio Converter\ACDBASE.DLL

MD5 518475fd02ba061f30ac7419c63ec0ec
SHA1 5826f8e6c7486c4893ab3dc8294236f358d49ab0
SHA256 f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1
SHA512 08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006

C:\Program Files\EZ CD Audio Converter\libmmd.dll

MD5 14d1c437d435367d79d9242ab63e4612
SHA1 203b36a74933fcc82bdadae426348c1f6c43f7aa
SHA256 e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa
SHA512 fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63

C:\Program Files\EZ CD Audio Converter\JISO.DLL

MD5 f5afc2baff5e79bc0ac8cb54773573a5
SHA1 3911e55d07b83ce3ee4676fd6e3008705128a079
SHA256 47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4
SHA512 4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d

C:\Program Files\EZ CD Audio Converter\xml.dll

MD5 3b46b8c2dc90471da655378a8fad1d89
SHA1 13f3e2c41af61201579adf66bfc1ea97bf8a528e
SHA256 56e1011249acac6ef464782849ac4c4ede75c5c821f89e8e2adfb6aa8a2c5a1e
SHA512 94d90ebfbeab89d6275aa820202d9f1974077901f8e63240ad3333028a976c3c2a8963f33eb7e2aac52ef6669364c2b3d6db6cc1a13236f32e35fe6a1f5b12f1

memory/1976-389-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-391-0x0000000004030000-0x0000000004218000-memory.dmp

memory/1976-390-0x0000000000400000-0x0000000001D86000-memory.dmp

C:\Program Files\EZ CD Audio Converter\msvcp140.dll

MD5 7acbc57d268a691247b4a94fecfa42b4
SHA1 67bd76111b4ab8f4c0692919153dde2e7c8070f1
SHA256 b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1
SHA512 b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88

C:\Program Files\EZ CD Audio Converter\vcruntime140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

memory/1976-372-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-393-0x0000000004030000-0x0000000004218000-memory.dmp

C:\Program Files\EZ CD Audio Converter\vcruntime140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll

MD5 ffe3e9d3164c6bf14d9eacb31f13fe9b
SHA1 8fb1513242d736160ce3e1749833544fc2c61e4a
SHA256 415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90
SHA512 78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b

C:\Program Files\EZ CD Audio Converter\Language\svenska.uni

MD5 9e912d4208e652612b1cecdbbaf143cb
SHA1 da35fe5d416690826df8f202f8d77f421dc36bbe
SHA256 cd89363504755a0c7473d451c888261e02550fe9450becd9388e4a85f4d6c505
SHA512 ab8427eee4cebb4e87e8e94de72f206de274c317c3e7da5ea78b94aa57a4308c295ac428832f2e41142252ef4df33612c92c65c75e403ca8c1ae333e6a9b77e2

C:\Program Files\EZ CD Audio Converter\Language\spanish.uni

MD5 15b4182806df5969d9d420f07e238e18
SHA1 e6a16903591d882fdc2a8b8a3137e7f70f03e64d
SHA256 329b097a406a6059a8124a870498555896946218d8472afd56c0480f3dec6efc
SHA512 f96ecbc4b33824fd70631014e7da6d168555905b11d0aa65f60b77d30f4c74645fa8f6439e37b648d1f9f324c2bb4dd1df48e98e05cd3a735be7ef9f3b0f314a

C:\Program Files\EZ CD Audio Converter\Language\slovenian.uni

MD5 76f5d7a64a37b0cafcd218d483d44a64
SHA1 d5e495c44d0ba40cc3d31ea4b80094d00b1360cf
SHA256 ecf97d9575b361919e51b4a886c1bb2c78dde2ee35970927f5efc7aafe87a12d
SHA512 9f558f1c93ee22db3003870ee092c176a82c48732abb945faca6b59e844ffbb0bd7dfacf390ef953e966f841919d5bd4a8c35cd772281e6fc3bc5ba21501cbd4

C:\Program Files\EZ CD Audio Converter\Language\slovak.uni

MD5 1747746e061cc56ddd5d134fbc1fb432
SHA1 22d87e5539ac8178aab2d9b8207ab409061d26b6
SHA256 021e0ccc518f5759fb282162f5c93dfcaffb45272764db16033fbd340bbf8788
SHA512 6d5000d498cbda152ed6edf43746f412d20c47ff475952d0e9351470e512d2ca5baf3f128ba70441907fbe6e39ab1f040b55c3a44267bc1e4627bc8ef4f9b53a

C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni

MD5 2c721380846071732c0683724a8d1462
SHA1 aa4a5d2f233454f8afe222cdf2a8e65f8b75ed5c
SHA256 bf064ae5468ecfcfc3e1afb34115ac2c0d4d1b8ec6bbe00ba3753b2ac7f51913
SHA512 ec09a958624f9a989fe945cefa7f7e3f3836eb72b5258a6b0402ee1ea6cfa5b27707c9d27e94a481d2817ff68317303ec024c2301266cd79f00f273f46d69a10

C:\Program Files\EZ CD Audio Converter\Language\serbian.uni

MD5 f19d25859b6c33e54dd8d800e8ca90c4
SHA1 cbb1bac8b69f3b1901a39e52eb6f601dd964a513
SHA256 c2471b3fa616c224a82245c5b78adcffc41dbd6716944676d58769f85e8410c8
SHA512 c9440d2eb2953c74c8dee493fe7e83ff17c4da34953653cc47a47b3c402209f295d308bb03ca44f76729df011e1c117d4281d9b5a66ffa48e6c514a8be877a21

C:\Program Files\EZ CD Audio Converter\Language\russian.uni

MD5 3c6ea4277df7e6651e610497df69ccfd
SHA1 2b99e51b6dcafdc7ca9d6a322cd92166ddb5c6b9
SHA256 b1d7c36ae1979216e9ddce04234625f24fd6c9da42c560482073deeb782f0cc0
SHA512 9f8f543d05369c072c6703cd15957c58ed2e8cacb3786677819cc175e1c1c6a7c5ddd9bd7ddd940f864130acea59381f058a924e1c1c23edbfec5cfdedacbe9e

C:\Program Files\EZ CD Audio Converter\Language\romana.uni

MD5 219a0f40a1327d134a0acab5e72cd2b9
SHA1 3f6e0ebbb51ec5a8c496304e15ba3ea59b738cf9
SHA256 4ade66e433fec96a9a09d0e977a6ffc522bfb97cfffcd9e07e9969364bf679bb
SHA512 e82674877ab71da9548204cf553c04c167b7c1d21388a1ace373e7f4a7c3e49146786729a2b4d5a429569c407eb827b1829cb873f7891edfa1e0192d9516e476

C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni

MD5 9bd473902ca5331d846eb55acb505765
SHA1 784923bb5fab95c17d82bc1dd0dc5643e5902241
SHA256 c047a33f32f3fe66610fc6981564c3dd733c6ad7182d4196cdc0c3c61beda480
SHA512 4b7d2334c21baa8f0a3f72e460a20bc50bcaa7e0ed3edb5a9a9abe6887ddd6d20e6db0400266eb66e744169b42bc4af44c3e2d566e4e94219293c22127259ce7

C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni

MD5 a251f6405ed3c939d544a0e6234e2b9f
SHA1 dd428750e3a52f31f81148332ffdd2de493c069a
SHA256 52ccf4b5bf24c9b2ed7ff81a510e9535c699891777105f1fa265a3e092557ea2
SHA512 536ee60e0cc65191a4aab5094d56a9251ca4ab2d32f305eebf057f9be5e3daea06a879cbb1434b0f2351c9e4c9c9cabbdbf91b64c76ff0ce24b9155b0eccb27d

C:\Program Files\EZ CD Audio Converter\Language\polish.uni

MD5 1eb1138cb6f62fcd8d6bf4fdda99ea29
SHA1 19578f77a946a70fa59344cadb7e41e95e9c683a
SHA256 fb440e0cce8b2c6b711202b73ca5145bf51d6b2e0e34c7ee9cbf3a2b2bc0c547
SHA512 46626773849e543e336c9a72285cdfc5becf2e2c0ed902d1fabd8942668e320945ad1169bbd992f7296b1abaa7390d008e9bdcc49a0790c4e83b283ee0a7120a

C:\Program Files\EZ CD Audio Converter\Language\norwegian.uni

MD5 e4ff4dde31c1139623f04c2654d67992
SHA1 afe4226b938e0d023146997ae070ebd2ea30177d
SHA256 ac4b23ea7ec0ea5c47df9eb3bcde31d7877213dbc2b3fc6b519fc9628ef2432a
SHA512 07e36e979599efd766c37c8f619aa5b99671def047c44bc4a2bc92c3a4b5ba9a94df32a76700fd50585aaf71b15f66872040e30fe25390220e896994a723e38b

C:\Program Files\EZ CD Audio Converter\Language\macedonian.uni

MD5 182ded886ff1728f8a373e20b62908d7
SHA1 289ae7c0cb9f8ae719cd7eae2432b11d4a6a4445
SHA256 0234876add47d6c6f08f26008c9b2715aa287f1653ba361e8e690469064251c8
SHA512 2e33e04660e1670cb8e06eb1f1a3cf427640070c4a37e3c1d2794114c81cdbcabe46fa1df2096ea114b6e23d28652c9c0ecbd398e7300daa1c3f59a415a8c2a1

C:\Program Files\EZ CD Audio Converter\Language\korean.uni

MD5 3c73d8cd6b6ae690b60d3923d6c630b1
SHA1 aa5cafaf1a4fdb87087b719fb8bdc640f7dff4f0
SHA256 cbe42126f0295b61f0314370cfd244a05cde77763890c219f54e52e30d8446fa
SHA512 1a16cc3262b54875047da4a94a3469028ecaf2c52dbcf2c3b0095649a0772153db681f3ebd9d1024647d6988deda460c8e1a2c11b83b5cbd7fd27f130aa08e07

C:\Program Files\EZ CD Audio Converter\Language\japanese.uni

MD5 db7f63c236638379d4863e84d86b23fd
SHA1 8f33a6aff4178352e489af9ade390adaabeca01a
SHA256 76c3a1af9b81f72d53f83ac6ce9c74770d063609b09557f9b8d7023aeeee4a20
SHA512 15a5c7c40e22260a1112556ce4962fdb2dddfb3eb7edd2cb5b47dde12e018c47ac1e559b427f00d59533d265facc7759af2e760e5a8521162f7b20467282e443

C:\Program Files\EZ CD Audio Converter\Language\italiano.uni

MD5 f6ff0c148cff8f09b4c8242d001493d1
SHA1 841ff07368a734c89a5fda1e3f170cc1616fb7f0
SHA256 98a7afb435b194b15aa65683f28ac108619b06a634e978e76eb10cfa80fd390d
SHA512 859cd149c8b93d4587a5c8866b8aaf57644f256d5e049bd458aa4b4aae1b1fe4715238103b61d23343f1261c41c73290a98f32e791d35fa02b2f8a22dc918217

C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni

MD5 a46be4f1df1a691f94bab2adbb738b3c
SHA1 bc1bd472f48776f13edf791da8cffd5cadc7d441
SHA256 1a28cb0f4fdfd3a09228ca9c1da9661158d7003fa7dd6288e7d82e3d31513544
SHA512 522138ce3b3df1c089192e20828a8431f22fe2309e0c12112241df83a2e319db1221119ea24b821007ec6b94ccc5170e0262b6de661384b7fc884c632fca5776

C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni

MD5 52f7b58dbfa62a43e6ab86d993ee8595
SHA1 812ba8071c02b10c19a1fd0d41f5876b50783e5b
SHA256 436171f9af16e276683cd34eb67d29ce40db6bd43d216e3ab86370a327e52871
SHA512 ba27a3947b6f39bdd0e2e126ac26b5b0d89dd401fd386aa92270b6008bba58661ffa4e12c46c8850c6030c31b13a2b63d961fffeee6a94c9e3147b3ad6f872da

C:\Program Files\EZ CD Audio Converter\CoreAudioHelper.dll

MD5 2cb3e4b21b39f5a7cae0397168ded6a8
SHA1 f84f26f36ba8a483173d7a288fe18a856ba6f182
SHA256 2608aebd4679dd0f88b0a1e093d5782ca342aa41ddc03a30bdf58e91ed588ef6
SHA512 f97e8349fd9cc73e15ba2a607bb6410f6922fe8c535d0446f2f1682a183dde7c6dca69683db9afce4693d22eb765d3298d6b9006f3067c00e2b200b284129d79

C:\Program Files\EZ CD Audio Converter\enc_aaac.dll

MD5 f149b2b99ce59a004f405cbf48268a7e
SHA1 d8270f0475d86ebc24a9f913e929b2018b31f239
SHA256 8ba5217bb3c7c1536cbff9013e92efd23a945acc6c449ee6b924e0f561a18760
SHA512 a89c2eda66618abba565cfec386eee4792464c9daf5447f260a27c347549c96c88c27d5541ddbc1c24e8e56dcab445f11f2f4301ba846c1434ac889ffbe7bd08

C:\Program Files\EZ CD Audio Converter\Language\ukrainian.uni

MD5 4c2187ea6bad0998b5d988d7762e0b8d
SHA1 7c8cef5ed646b113f339fbc4624ed5e1d60decec
SHA256 3334483ce9ae8a89eace7e36dfd55ae4d940c7439a707ca15512e7a938a1424f
SHA512 5e597b52e860907ddaa2ded135bc41371b52cbe59e35357840aa5876f527d932086de48f6ee03acdd90faaf8d164f94f3dfbb3f567acccb9fb5569af6b5b1f44

C:\Program Files\EZ CD Audio Converter\Language\turkish.uni

MD5 fc2da459dfee884ce8c756090b022c7d
SHA1 b192c0d82a203a25e411ad7efc1bc0f7f8ef16a8
SHA256 dc10986d269f1dffcf26c064b97e641ce593ae375893a773d952b585bc71d42a
SHA512 55ba0f993d9bf42383e48e57200f37507430f63a2df30f09243e8d4526423e99d169b3a80a3b098699bfb62027bf2c332c65c3868ad01014934426b2eb68fe5b

C:\Program Files\EZ CD Audio Converter\Language\greek.uni

MD5 14274c057d174ed397f0096ec3a7f4cb
SHA1 2d8f38d637c959450c97a7bf852a51e83e209ca4
SHA256 41cd23a2821d278ccd8b72ab1d2fef34410cc4b2d8d95695e5b3815f5f5e539a
SHA512 53e41f6e62e8e7ea53e39b1993923909c12b4b68cb837ec62b4bad7bd9ae3c86479ee534ba68ed97bd20cdcc58fe65025d380218ea3c379d732a4a8f7baf49c7

C:\Program Files\EZ CD Audio Converter\Language\german.uni

MD5 f49b8ffbd1c938d10e0e362a4f20872d
SHA1 b68f7977a3713dce897acd0dfe394958f0e3a08d
SHA256 32a8dca0e6acef0ea0c9d11991b16ac5abb2481f383a8cb6d7851f3c45ce171a
SHA512 02f90ed5330a31d6444027c8ee8bdfcb04090efe3e6a2c46d40385b2290057b0044626eacf3db8c8bfd1b83cedd66772ee8940a848500cc411d12d4978e051b2

C:\Program Files\EZ CD Audio Converter\Language\francais.uni

MD5 01674fa4659f401cc290942911686af6
SHA1 b7aaae4e3587c4df47f38586301a1d12053bbe2f
SHA256 22ec546cee32f9b025b2ae10ec04e2c8a0c19902dd1c175bef4877e5a0c60277
SHA512 49fc6a46b147322dd9038648ed9553042fc91f65f60442d3bedd836c89d8f0b6f5d0bda155656bd986d77d2060efd0795cbfd3ed0a5c29e510660ecc5ad57a3d

C:\Program Files\EZ CD Audio Converter\Language\finnish.uni

MD5 30c946ac93066e442bcc31ac6398ac96
SHA1 9513a51990068dca9e03e11a3aa54b7e1e0260d5
SHA256 905735eb4eeacb207d34bc9b86926b0be77a9cad0e25541b16879bb6060e8f0b
SHA512 26c6b49ad32b9f52a803729bcd9b3ecef954f5c7b7890c34db089b80280ff1e4d5543ca0e24e3d1627a334d48672982d07813da31402326c6f4136f21d74a872

C:\Program Files\EZ CD Audio Converter\Language\estonian.uni

MD5 9738157a0f5f66693fb2b82f413c0bdb
SHA1 e59bedb8c9bddd4ea879d3c863c9ceb24b608dda
SHA256 23b61b7be86c306558189288bd02dc3bfc4cca26f5c7704816e3054be941bbb1
SHA512 fa5811bdecc5713140acd0153fc60f7ae52af62f483ffcba08db36f052d91e2b6a1303531c2b0a328ba56b1b511bc023e64d7b1e389136f8fa0c5b775500c25d

C:\Program Files\EZ CD Audio Converter\Language\english.uni

MD5 69afd56fea5d69ad2db8f62bc638494b
SHA1 5859ce23b4fd654c20d36cffa2528dfaacfe07f0
SHA256 e3126d90bff119edc9b80cb7088864a33f8f8cb786ca0934848e708a49678956
SHA512 5efec71843bbe63905d897130f36757b9cfbdc4d3e4b74b3abf4ddc18b29e290185b9a651503da1fd277a04f8680713d20e5785e4b4a6d22c75cd61b438f6378

C:\Program Files\EZ CD Audio Converter\Language\dutch.uni

MD5 243a28854df48ad66f9107e457df1745
SHA1 b353b9a7d54f65a1d37c0a78fd9f3bbad1345b8c
SHA256 8a826087cb692bf33fe8a964a11b37dda5f575f9b3937ba6fb2f36661d7c9ba6
SHA512 d55be5fec229a91142b44bfa854f9c78fc0360f94cd0cbf76f44a073faa2118d22347efa655ebcaebcc6d1e788b8b474e4a861ec068bc8c2038a5fa3921a1413

C:\Program Files\EZ CD Audio Converter\Language\danish.uni

MD5 ef3d6b4d02dc2aefe4eeb11f9dc37b22
SHA1 1c7744a1289050b200f9eb2692ba2238dfab5356
SHA256 d2d03f7ba9138ffc9cad98ac14d65f0f787d82a2f41ba0fc362c02611afc440b
SHA512 8b65a831b3059cf85e85067d9c7a2530dc9c1aa2e2245c047921d9d4aac8bc06092f4462e27ef5c4b4db488400831263be5b020c16a95cf144c48bd9a83c62fb

C:\Program Files\EZ CD Audio Converter\Language\czech.uni

MD5 57c251ec455363e3e329e6184e63edbc
SHA1 3d8eb9f5b020963306f3440ca36c61a99635beb3
SHA256 6ec94a136e0f07ad1be36b4f17387472487575ca6c81c0e08a1aba18a9d2bd2f
SHA512 6bee4b08b1530461e1ea9b0c19a1ca5c18fbac333f4faa5cdf1601b4e1cfd706d88abe92b0c11f04875bc9c0644116accb6da142c57e2dfcc29d418e9d211942

C:\Program Files\EZ CD Audio Converter\Language\croatian.uni

MD5 a6e3967e43f2d6b2fc915a6d5a43419a
SHA1 4b67bc5c402bbbeef4a6e5ba9f5384ef17562444
SHA256 4f843a505dff7a247fdc39f7b71a4e4891ac1d4f9ddf8f14cbfcf2313139ca9b
SHA512 32ca334015b9e0657fdb1f99cae4459f3fc7166445b0035cf28800baa71ca3c5242a08ccdd60930e931f69a5d9a4eba6dc09a77bbe5e788559d557ccec724733

C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni

MD5 6346bc9d97093e742dda80040ee4f622
SHA1 c62471af4d933bf99259cf454ac34a45bc07a11c
SHA256 41e8a38eea1d9709db2f3c97f6e82d04013f695815ccbe4f036d78279d7386e7
SHA512 5172e8eee2f924afefbb760ad4727f0c97c8a3c702946fe1894af078ec353d1c93d992f200d2a180d95308c0bfdc9d74dd285c7a4d1bf32bee8e3d0a43c3088c

C:\Program Files\EZ CD Audio Converter\Language\chinese simplified.uni

MD5 783d1f05b80b184ee9fabaa7d1f77d73
SHA1 4ca03e156fe900ea1072f949513996f3f0a0ca96
SHA256 81a0b1956e2887797bf08fe7711557c2d814c15cd2777d0314fe65cf80464d94
SHA512 69f3a5f8fbab494b34297f91dedaaa28272669dc5945545ee2c4dcd0da0c2657abf462a2a6dd744cea0ffb28b9afb0a1a9c318ead8053ea33b061969a94b0835

C:\Program Files\EZ CD Audio Converter\Language\catala.uni

MD5 e7ff135471134df105ec767441b81d98
SHA1 3b31729f341a098c4f818d11edb6df84049eac8c
SHA256 1ffb53cd58b317d98572f6e74e612d73fdf52416c72f0eaaf4670bb62297b09d
SHA512 0332e8633c162311a61214e48c099eebb906b6f82787e5225ad1baea438eabd69099b4218d1212b82ae656ad3649b77873e7be0204c92312822214f3da7aae2e

C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni

MD5 bf674d7f8180a6b389d0ef8ba295a313
SHA1 eeb6ac6206475be881cfd1ef865e31b72f8e892f
SHA256 973e04c3c5f270ef5726482f18e89918e09c11a061747ef60d708529feec1e62
SHA512 af8542decb1486774a467f414c4e6b54a532b26510b632c7b0594d3639ced13a0c73fbdce3ba54e3f3f850386fa7fab927b1278c861ea159b4dcec9f7cb49557

C:\Program Files\EZ CD Audio Converter\Language\arabic.uni

MD5 09b253aeef15d8d21d8e9a1a9a360b8c
SHA1 305f148c0f37e99a6444cd9cfbce64eadda3475d
SHA256 715d37dffff24b4a377633cc63c3cd961124536a51af852201f20775f83c3ccb
SHA512 3f9eacad2fbcb2995646c475d7fc31a3fe6e5a3ac92074e0619597663b54a815d8f212d4db1f380e92b743169782d12ab1e1b0697a211dc2cf6d5af1512d8eb7

memory/1976-442-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-444-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-445-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-448-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-450-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-451-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-454-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-456-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-457-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-459-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1976-460-0x0000000000400000-0x0000000001D86000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2025-02-28 22:27

Reported

2025-02-28 22:30

Platform

win11-20250217-en

Max time kernel

145s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
File opened (read-only) \??\D: C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\EZ CD Audio Converter\dec_wma.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_wavmp3.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-datetime-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_flac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_ape.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\ezcdshell.appx C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\italiano.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_aac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_eac3m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_m4af.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\greek.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_opus.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_flac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\ezcd64.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_mpc.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-time-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_alac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_tta.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_aiff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_eac3.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-math-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\resources.scale-125.pri C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\german.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_mpc.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_xheaac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-profile-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_w64.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-libraryloader-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\uninstall.exe C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_aiff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_thd.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_eac3mka.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_wav.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_eac3m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_au.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\vcruntime140_threads.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-fibers-l1-1-1.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_wav.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_flac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_aaac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_m4b.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_wma.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\vccorlib140.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\resources.scale-400.pri C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_sacd.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\croatian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\english.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\romana.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_ape.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-stdio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\registershell.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\registershell.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\registershell.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\registershell.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\registershell.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\register64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\VersionIndependentProgID\ = "BDATuner.DigitalCableLocator" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\TypeLib C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B} C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ProgID C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Version\ = "1.0" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32\ThreadingModel = "Both" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ProgID\ = "BDATuner.DigitalCableLocator.1" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\ = "Burn disc" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\VersionIndependentProgID C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Programmable C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32 C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32\ = "C:\\Windows\\System32\\msvidctl.dll" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\TypeLib\ = "{9B085638-018E-11D3-9D8E-00C04F72D980}" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Version C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe

"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"

C:\Program Files\EZ CD Audio Converter\registershell.exe

"C:\Program Files\EZ CD Audio Converter\registershell.exe" register

C:\Program Files\EZ CD Audio Converter\register64.exe

"C:\Program Files\EZ CD Audio Converter\register64.exe" register

C:\Program Files\EZ CD Audio Converter\ezcd.exe

"C:\Program Files\EZ CD Audio Converter\ezcd.exe"

Network

Country Destination Domain Proto
US 35.190.31.54:443 www.poikosoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\System.dll

MD5 6e55a6e7c3fdbd244042eb15cb1ec739
SHA1 070ea80e2192abc42f358d47b276990b5fa285a9
SHA256 acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA512 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\LangDLL.dll

MD5 08de81a4584f5201086f57a7a93ed83b
SHA1 266a6ecc8fb7dca115e6915cd75e2595816841a8
SHA256 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
SHA512 b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\nsDialogs.dll

MD5 ca5bb0ee2b698869c41c087c9854487c
SHA1 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4
SHA256 c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324
SHA512 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

C:\Program Files\EZ CD Audio Converter\registershell.exe

MD5 6d9a803c57ac1b424aa8c6f6bc3556fb
SHA1 c084d1e191598cb6e9c4bbd25a1a73f1252985a1
SHA256 08a5240713d54fc34b2b70e67ce6dadc24305f9958707ff07df163729a9de3f0
SHA512 2c597404f5e30c7d45d346c8252ba78de61244a794f6b3f5c36ab837f2d041de3c879841ac58743de2a8c7d302091b6fde4a6cc8cdc8d1c18e16c47053ddce17

C:\Program Files\EZ CD Audio Converter\register64.exe

MD5 5872f17645e7ae8436d7607bbbf16cd2
SHA1 767b605431383444afc4d3ca714cc1a9e57f75ff
SHA256 d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d
SHA512 dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326

C:\Program Files\EZ CD Audio Converter\vcruntime140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Program Files\EZ CD Audio Converter\ezcd64.dll

MD5 af4b35101d3f77fae67f9a0fdcc62559
SHA1 3b94904a6565bf46e47baecb5e1ee5d1701a19a6
SHA256 cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455
SHA512 3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15

C:\Program Files\EZ CD Audio Converter\msvcp140.dll

MD5 7acbc57d268a691247b4a94fecfa42b4
SHA1 67bd76111b4ab8f4c0692919153dde2e7c8070f1
SHA256 b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1
SHA512 b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88

C:\Program Files\EZ CD Audio Converter\vcruntime140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\modern-wizard.bmp

MD5 5dc251b994c2499628eaca24b0ec587f
SHA1 6904b12c39e4765414a4502ca59bd6405e39b364
SHA256 22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1
SHA512 ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1

C:\Program Files\EZ CD Audio Converter\ezcd.exe

MD5 9d261d76035282c574e39f8cab1dcae1
SHA1 9086ade86ad5db6fa13d5717e6457f4eee99bbfb
SHA256 f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa
SHA512 5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6

memory/1052-363-0x0000000004050000-0x0000000004238000-memory.dmp

memory/1052-372-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-374-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-377-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-376-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-378-0x0000000000400000-0x0000000001D86000-memory.dmp

C:\Program Files\EZ CD Audio Converter\acdbase.dll

MD5 518475fd02ba061f30ac7419c63ec0ec
SHA1 5826f8e6c7486c4893ab3dc8294236f358d49ab0
SHA256 f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1
SHA512 08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006

C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll

MD5 ffe3e9d3164c6bf14d9eacb31f13fe9b
SHA1 8fb1513242d736160ce3e1749833544fc2c61e4a
SHA256 415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90
SHA512 78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b

C:\Program Files\EZ CD Audio Converter\xml.dll

MD5 3b46b8c2dc90471da655378a8fad1d89
SHA1 13f3e2c41af61201579adf66bfc1ea97bf8a528e
SHA256 56e1011249acac6ef464782849ac4c4ede75c5c821f89e8e2adfb6aa8a2c5a1e
SHA512 94d90ebfbeab89d6275aa820202d9f1974077901f8e63240ad3333028a976c3c2a8963f33eb7e2aac52ef6669364c2b3d6db6cc1a13236f32e35fe6a1f5b12f1

memory/1052-396-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-397-0x0000000004050000-0x0000000004238000-memory.dmp

memory/1052-395-0x0000000000400000-0x0000000001D86000-memory.dmp

C:\Program Files\EZ CD Audio Converter\jiso.dll

MD5 f5afc2baff5e79bc0ac8cb54773573a5
SHA1 3911e55d07b83ce3ee4676fd6e3008705128a079
SHA256 47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4
SHA512 4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d

C:\Program Files\EZ CD Audio Converter\Language\spanish.uni

MD5 15b4182806df5969d9d420f07e238e18
SHA1 e6a16903591d882fdc2a8b8a3137e7f70f03e64d
SHA256 329b097a406a6059a8124a870498555896946218d8472afd56c0480f3dec6efc
SHA512 f96ecbc4b33824fd70631014e7da6d168555905b11d0aa65f60b77d30f4c74645fa8f6439e37b648d1f9f324c2bb4dd1df48e98e05cd3a735be7ef9f3b0f314a

C:\Program Files\EZ CD Audio Converter\Language\slovenian.uni

MD5 76f5d7a64a37b0cafcd218d483d44a64
SHA1 d5e495c44d0ba40cc3d31ea4b80094d00b1360cf
SHA256 ecf97d9575b361919e51b4a886c1bb2c78dde2ee35970927f5efc7aafe87a12d
SHA512 9f558f1c93ee22db3003870ee092c176a82c48732abb945faca6b59e844ffbb0bd7dfacf390ef953e966f841919d5bd4a8c35cd772281e6fc3bc5ba21501cbd4

C:\Program Files\EZ CD Audio Converter\Language\slovak.uni

MD5 1747746e061cc56ddd5d134fbc1fb432
SHA1 22d87e5539ac8178aab2d9b8207ab409061d26b6
SHA256 021e0ccc518f5759fb282162f5c93dfcaffb45272764db16033fbd340bbf8788
SHA512 6d5000d498cbda152ed6edf43746f412d20c47ff475952d0e9351470e512d2ca5baf3f128ba70441907fbe6e39ab1f040b55c3a44267bc1e4627bc8ef4f9b53a

C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni

MD5 2c721380846071732c0683724a8d1462
SHA1 aa4a5d2f233454f8afe222cdf2a8e65f8b75ed5c
SHA256 bf064ae5468ecfcfc3e1afb34115ac2c0d4d1b8ec6bbe00ba3753b2ac7f51913
SHA512 ec09a958624f9a989fe945cefa7f7e3f3836eb72b5258a6b0402ee1ea6cfa5b27707c9d27e94a481d2817ff68317303ec024c2301266cd79f00f273f46d69a10

memory/1052-433-0x0000000004050000-0x0000000004238000-memory.dmp

C:\Program Files\EZ CD Audio Converter\Language\serbian.uni

MD5 f19d25859b6c33e54dd8d800e8ca90c4
SHA1 cbb1bac8b69f3b1901a39e52eb6f601dd964a513
SHA256 c2471b3fa616c224a82245c5b78adcffc41dbd6716944676d58769f85e8410c8
SHA512 c9440d2eb2953c74c8dee493fe7e83ff17c4da34953653cc47a47b3c402209f295d308bb03ca44f76729df011e1c117d4281d9b5a66ffa48e6c514a8be877a21

C:\Program Files\EZ CD Audio Converter\Language\russian.uni

MD5 3c6ea4277df7e6651e610497df69ccfd
SHA1 2b99e51b6dcafdc7ca9d6a322cd92166ddb5c6b9
SHA256 b1d7c36ae1979216e9ddce04234625f24fd6c9da42c560482073deeb782f0cc0
SHA512 9f8f543d05369c072c6703cd15957c58ed2e8cacb3786677819cc175e1c1c6a7c5ddd9bd7ddd940f864130acea59381f058a924e1c1c23edbfec5cfdedacbe9e

C:\Program Files\EZ CD Audio Converter\Language\romana.uni

MD5 219a0f40a1327d134a0acab5e72cd2b9
SHA1 3f6e0ebbb51ec5a8c496304e15ba3ea59b738cf9
SHA256 4ade66e433fec96a9a09d0e977a6ffc522bfb97cfffcd9e07e9969364bf679bb
SHA512 e82674877ab71da9548204cf553c04c167b7c1d21388a1ace373e7f4a7c3e49146786729a2b4d5a429569c407eb827b1829cb873f7891edfa1e0192d9516e476

C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni

MD5 9bd473902ca5331d846eb55acb505765
SHA1 784923bb5fab95c17d82bc1dd0dc5643e5902241
SHA256 c047a33f32f3fe66610fc6981564c3dd733c6ad7182d4196cdc0c3c61beda480
SHA512 4b7d2334c21baa8f0a3f72e460a20bc50bcaa7e0ed3edb5a9a9abe6887ddd6d20e6db0400266eb66e744169b42bc4af44c3e2d566e4e94219293c22127259ce7

C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni

MD5 a251f6405ed3c939d544a0e6234e2b9f
SHA1 dd428750e3a52f31f81148332ffdd2de493c069a
SHA256 52ccf4b5bf24c9b2ed7ff81a510e9535c699891777105f1fa265a3e092557ea2
SHA512 536ee60e0cc65191a4aab5094d56a9251ca4ab2d32f305eebf057f9be5e3daea06a879cbb1434b0f2351c9e4c9c9cabbdbf91b64c76ff0ce24b9155b0eccb27d

C:\Program Files\EZ CD Audio Converter\Language\polish.uni

MD5 1eb1138cb6f62fcd8d6bf4fdda99ea29
SHA1 19578f77a946a70fa59344cadb7e41e95e9c683a
SHA256 fb440e0cce8b2c6b711202b73ca5145bf51d6b2e0e34c7ee9cbf3a2b2bc0c547
SHA512 46626773849e543e336c9a72285cdfc5becf2e2c0ed902d1fabd8942668e320945ad1169bbd992f7296b1abaa7390d008e9bdcc49a0790c4e83b283ee0a7120a

C:\Program Files\EZ CD Audio Converter\Language\norwegian.uni

MD5 e4ff4dde31c1139623f04c2654d67992
SHA1 afe4226b938e0d023146997ae070ebd2ea30177d
SHA256 ac4b23ea7ec0ea5c47df9eb3bcde31d7877213dbc2b3fc6b519fc9628ef2432a
SHA512 07e36e979599efd766c37c8f619aa5b99671def047c44bc4a2bc92c3a4b5ba9a94df32a76700fd50585aaf71b15f66872040e30fe25390220e896994a723e38b

C:\Program Files\EZ CD Audio Converter\Language\macedonian.uni

MD5 182ded886ff1728f8a373e20b62908d7
SHA1 289ae7c0cb9f8ae719cd7eae2432b11d4a6a4445
SHA256 0234876add47d6c6f08f26008c9b2715aa287f1653ba361e8e690469064251c8
SHA512 2e33e04660e1670cb8e06eb1f1a3cf427640070c4a37e3c1d2794114c81cdbcabe46fa1df2096ea114b6e23d28652c9c0ecbd398e7300daa1c3f59a415a8c2a1

C:\Program Files\EZ CD Audio Converter\Language\korean.uni

MD5 3c73d8cd6b6ae690b60d3923d6c630b1
SHA1 aa5cafaf1a4fdb87087b719fb8bdc640f7dff4f0
SHA256 cbe42126f0295b61f0314370cfd244a05cde77763890c219f54e52e30d8446fa
SHA512 1a16cc3262b54875047da4a94a3469028ecaf2c52dbcf2c3b0095649a0772153db681f3ebd9d1024647d6988deda460c8e1a2c11b83b5cbd7fd27f130aa08e07

C:\Program Files\EZ CD Audio Converter\Language\japanese.uni

MD5 db7f63c236638379d4863e84d86b23fd
SHA1 8f33a6aff4178352e489af9ade390adaabeca01a
SHA256 76c3a1af9b81f72d53f83ac6ce9c74770d063609b09557f9b8d7023aeeee4a20
SHA512 15a5c7c40e22260a1112556ce4962fdb2dddfb3eb7edd2cb5b47dde12e018c47ac1e559b427f00d59533d265facc7759af2e760e5a8521162f7b20467282e443

C:\Program Files\EZ CD Audio Converter\Language\italiano.uni

MD5 f6ff0c148cff8f09b4c8242d001493d1
SHA1 841ff07368a734c89a5fda1e3f170cc1616fb7f0
SHA256 98a7afb435b194b15aa65683f28ac108619b06a634e978e76eb10cfa80fd390d
SHA512 859cd149c8b93d4587a5c8866b8aaf57644f256d5e049bd458aa4b4aae1b1fe4715238103b61d23343f1261c41c73290a98f32e791d35fa02b2f8a22dc918217

C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni

MD5 a46be4f1df1a691f94bab2adbb738b3c
SHA1 bc1bd472f48776f13edf791da8cffd5cadc7d441
SHA256 1a28cb0f4fdfd3a09228ca9c1da9661158d7003fa7dd6288e7d82e3d31513544
SHA512 522138ce3b3df1c089192e20828a8431f22fe2309e0c12112241df83a2e319db1221119ea24b821007ec6b94ccc5170e0262b6de661384b7fc884c632fca5776

C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni

MD5 52f7b58dbfa62a43e6ab86d993ee8595
SHA1 812ba8071c02b10c19a1fd0d41f5876b50783e5b
SHA256 436171f9af16e276683cd34eb67d29ce40db6bd43d216e3ab86370a327e52871
SHA512 ba27a3947b6f39bdd0e2e126ac26b5b0d89dd401fd386aa92270b6008bba58661ffa4e12c46c8850c6030c31b13a2b63d961fffeee6a94c9e3147b3ad6f872da

C:\Program Files\EZ CD Audio Converter\Language\greek.uni

MD5 14274c057d174ed397f0096ec3a7f4cb
SHA1 2d8f38d637c959450c97a7bf852a51e83e209ca4
SHA256 41cd23a2821d278ccd8b72ab1d2fef34410cc4b2d8d95695e5b3815f5f5e539a
SHA512 53e41f6e62e8e7ea53e39b1993923909c12b4b68cb837ec62b4bad7bd9ae3c86479ee534ba68ed97bd20cdcc58fe65025d380218ea3c379d732a4a8f7baf49c7

C:\Program Files\EZ CD Audio Converter\Language\german.uni

MD5 f49b8ffbd1c938d10e0e362a4f20872d
SHA1 b68f7977a3713dce897acd0dfe394958f0e3a08d
SHA256 32a8dca0e6acef0ea0c9d11991b16ac5abb2481f383a8cb6d7851f3c45ce171a
SHA512 02f90ed5330a31d6444027c8ee8bdfcb04090efe3e6a2c46d40385b2290057b0044626eacf3db8c8bfd1b83cedd66772ee8940a848500cc411d12d4978e051b2

C:\Program Files\EZ CD Audio Converter\Language\francais.uni

MD5 01674fa4659f401cc290942911686af6
SHA1 b7aaae4e3587c4df47f38586301a1d12053bbe2f
SHA256 22ec546cee32f9b025b2ae10ec04e2c8a0c19902dd1c175bef4877e5a0c60277
SHA512 49fc6a46b147322dd9038648ed9553042fc91f65f60442d3bedd836c89d8f0b6f5d0bda155656bd986d77d2060efd0795cbfd3ed0a5c29e510660ecc5ad57a3d

C:\Program Files\EZ CD Audio Converter\Language\finnish.uni

MD5 30c946ac93066e442bcc31ac6398ac96
SHA1 9513a51990068dca9e03e11a3aa54b7e1e0260d5
SHA256 905735eb4eeacb207d34bc9b86926b0be77a9cad0e25541b16879bb6060e8f0b
SHA512 26c6b49ad32b9f52a803729bcd9b3ecef954f5c7b7890c34db089b80280ff1e4d5543ca0e24e3d1627a334d48672982d07813da31402326c6f4136f21d74a872

C:\Program Files\EZ CD Audio Converter\Language\estonian.uni

MD5 9738157a0f5f66693fb2b82f413c0bdb
SHA1 e59bedb8c9bddd4ea879d3c863c9ceb24b608dda
SHA256 23b61b7be86c306558189288bd02dc3bfc4cca26f5c7704816e3054be941bbb1
SHA512 fa5811bdecc5713140acd0153fc60f7ae52af62f483ffcba08db36f052d91e2b6a1303531c2b0a328ba56b1b511bc023e64d7b1e389136f8fa0c5b775500c25d

C:\Program Files\EZ CD Audio Converter\Language\english.uni

MD5 69afd56fea5d69ad2db8f62bc638494b
SHA1 5859ce23b4fd654c20d36cffa2528dfaacfe07f0
SHA256 e3126d90bff119edc9b80cb7088864a33f8f8cb786ca0934848e708a49678956
SHA512 5efec71843bbe63905d897130f36757b9cfbdc4d3e4b74b3abf4ddc18b29e290185b9a651503da1fd277a04f8680713d20e5785e4b4a6d22c75cd61b438f6378

C:\Program Files\EZ CD Audio Converter\Language\dutch.uni

MD5 243a28854df48ad66f9107e457df1745
SHA1 b353b9a7d54f65a1d37c0a78fd9f3bbad1345b8c
SHA256 8a826087cb692bf33fe8a964a11b37dda5f575f9b3937ba6fb2f36661d7c9ba6
SHA512 d55be5fec229a91142b44bfa854f9c78fc0360f94cd0cbf76f44a073faa2118d22347efa655ebcaebcc6d1e788b8b474e4a861ec068bc8c2038a5fa3921a1413

C:\Program Files\EZ CD Audio Converter\Language\danish.uni

MD5 ef3d6b4d02dc2aefe4eeb11f9dc37b22
SHA1 1c7744a1289050b200f9eb2692ba2238dfab5356
SHA256 d2d03f7ba9138ffc9cad98ac14d65f0f787d82a2f41ba0fc362c02611afc440b
SHA512 8b65a831b3059cf85e85067d9c7a2530dc9c1aa2e2245c047921d9d4aac8bc06092f4462e27ef5c4b4db488400831263be5b020c16a95cf144c48bd9a83c62fb

C:\Program Files\EZ CD Audio Converter\Language\czech.uni

MD5 57c251ec455363e3e329e6184e63edbc
SHA1 3d8eb9f5b020963306f3440ca36c61a99635beb3
SHA256 6ec94a136e0f07ad1be36b4f17387472487575ca6c81c0e08a1aba18a9d2bd2f
SHA512 6bee4b08b1530461e1ea9b0c19a1ca5c18fbac333f4faa5cdf1601b4e1cfd706d88abe92b0c11f04875bc9c0644116accb6da142c57e2dfcc29d418e9d211942

C:\Program Files\EZ CD Audio Converter\Language\croatian.uni

MD5 a6e3967e43f2d6b2fc915a6d5a43419a
SHA1 4b67bc5c402bbbeef4a6e5ba9f5384ef17562444
SHA256 4f843a505dff7a247fdc39f7b71a4e4891ac1d4f9ddf8f14cbfcf2313139ca9b
SHA512 32ca334015b9e0657fdb1f99cae4459f3fc7166445b0035cf28800baa71ca3c5242a08ccdd60930e931f69a5d9a4eba6dc09a77bbe5e788559d557ccec724733

C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni

MD5 6346bc9d97093e742dda80040ee4f622
SHA1 c62471af4d933bf99259cf454ac34a45bc07a11c
SHA256 41e8a38eea1d9709db2f3c97f6e82d04013f695815ccbe4f036d78279d7386e7
SHA512 5172e8eee2f924afefbb760ad4727f0c97c8a3c702946fe1894af078ec353d1c93d992f200d2a180d95308c0bfdc9d74dd285c7a4d1bf32bee8e3d0a43c3088c

C:\Program Files\EZ CD Audio Converter\Language\chinese simplified.uni

MD5 783d1f05b80b184ee9fabaa7d1f77d73
SHA1 4ca03e156fe900ea1072f949513996f3f0a0ca96
SHA256 81a0b1956e2887797bf08fe7711557c2d814c15cd2777d0314fe65cf80464d94
SHA512 69f3a5f8fbab494b34297f91dedaaa28272669dc5945545ee2c4dcd0da0c2657abf462a2a6dd744cea0ffb28b9afb0a1a9c318ead8053ea33b061969a94b0835

C:\Program Files\EZ CD Audio Converter\Language\catala.uni

MD5 e7ff135471134df105ec767441b81d98
SHA1 3b31729f341a098c4f818d11edb6df84049eac8c
SHA256 1ffb53cd58b317d98572f6e74e612d73fdf52416c72f0eaaf4670bb62297b09d
SHA512 0332e8633c162311a61214e48c099eebb906b6f82787e5225ad1baea438eabd69099b4218d1212b82ae656ad3649b77873e7be0204c92312822214f3da7aae2e

C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni

MD5 bf674d7f8180a6b389d0ef8ba295a313
SHA1 eeb6ac6206475be881cfd1ef865e31b72f8e892f
SHA256 973e04c3c5f270ef5726482f18e89918e09c11a061747ef60d708529feec1e62
SHA512 af8542decb1486774a467f414c4e6b54a532b26510b632c7b0594d3639ced13a0c73fbdce3ba54e3f3f850386fa7fab927b1278c861ea159b4dcec9f7cb49557

C:\Program Files\EZ CD Audio Converter\Language\arabic.uni

MD5 09b253aeef15d8d21d8e9a1a9a360b8c
SHA1 305f148c0f37e99a6444cd9cfbce64eadda3475d
SHA256 715d37dffff24b4a377633cc63c3cd961124536a51af852201f20775f83c3ccb
SHA512 3f9eacad2fbcb2995646c475d7fc31a3fe6e5a3ac92074e0619597663b54a815d8f212d4db1f380e92b743169782d12ab1e1b0697a211dc2cf6d5af1512d8eb7

memory/1052-381-0x0000000000400000-0x0000000001D86000-memory.dmp

C:\Program Files\EZ CD Audio Converter\libmmd.dll

MD5 14d1c437d435367d79d9242ab63e4612
SHA1 203b36a74933fcc82bdadae426348c1f6c43f7aa
SHA256 e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa
SHA512 fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63

memory/1052-379-0x0000000000400000-0x0000000001D86000-memory.dmp

C:\Users\Admin\AppData\Local\EZ CD Audio Converter\converter_normal.txt

MD5 5fe1e6f8fb8ac21f63049cf39089f53a
SHA1 3176505294c2b2022fbcd227a2493b2a20fb2533
SHA256 b4e717f9ef7af9ba991f9c36b56cb9b4f51fe3b8f29b738496f3af4dcb48d47e
SHA512 a9668866637c6f5e22ea0bcaf2fa56d81beb78540b419ef8ce41118d0cf7cbf766f38b8c0d6ab72839f2874075aa1e8526a815d95d9f05e4a2a59d00e9640ce8

memory/1052-445-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-447-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-451-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-455-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-461-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-466-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-474-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-477-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-483-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-487-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/1052-492-0x0000000000400000-0x0000000001D86000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-28 22:27

Reported

2025-02-28 22:30

Platform

win7-20241023-en

Max time kernel

148s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
File opened (read-only) \??\D: C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\EZ CD Audio Converter\dec_opus.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_aaac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_aiff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_raw.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_aac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\deviceio.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\mp4v2.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-environment-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\debug.log C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_dsf.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_dtsmka.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_xheaacf.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_dff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_ac3.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_wavacm.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\croatian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_opus.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_flac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\met_ffmpeg.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_au.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_aacf.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\concrt140.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\russian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-math-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\avutil-59.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\serbian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_aac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\dec_wav.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\ezcd.exe C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_xheaac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_dts.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\ezcdshell.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\japanese.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_ape.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\decm_wma.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_aiff.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_ac3m4a.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_w64.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_aaac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\czech.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\encm_ape.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_ffmpeg.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\msvcp140_1.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\vccorlib140.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\swresample-5.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_wma.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\Language\greek.uni C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\enc_alac.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
File created C:\Program Files\EZ CD Audio Converter\metm_wav.dll C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\EZ CD Audio Converter\register64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\register64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR\ = "C:\\Program Files\\EZ CD Audio Converter" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32\ThreadingModel = "Both" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ = "Device Center Print Status Extension" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\Programmable C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32 C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID\ = "EzCd.EzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B} C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0 C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\",0" C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32\ = "%SystemRoot%\\system32\\fdprint.dll" C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} C:\Program Files\EZ CD Audio Converter\register64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" C:\Program Files\EZ CD Audio Converter\register64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\EZ CD Audio Converter\ezcd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe

"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"

C:\Program Files\EZ CD Audio Converter\register64.exe

"C:\Program Files\EZ CD Audio Converter\register64.exe" register

C:\Program Files\EZ CD Audio Converter\ezcd.exe

"C:\Program Files\EZ CD Audio Converter\ezcd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.poikosoft.com udp
US 35.227.194.51:443 www.poikosoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\System.dll

MD5 6e55a6e7c3fdbd244042eb15cb1ec739
SHA1 070ea80e2192abc42f358d47b276990b5fa285a9
SHA256 acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA512 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\LangDLL.dll

MD5 08de81a4584f5201086f57a7a93ed83b
SHA1 266a6ecc8fb7dca115e6915cd75e2595816841a8
SHA256 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
SHA512 b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\nsDialogs.dll

MD5 ca5bb0ee2b698869c41c087c9854487c
SHA1 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4
SHA256 c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324
SHA512 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

C:\Program Files\EZ CD Audio Converter\register64.exe

MD5 5872f17645e7ae8436d7607bbbf16cd2
SHA1 767b605431383444afc4d3ca714cc1a9e57f75ff
SHA256 d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d
SHA512 dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326

\Program Files\EZ CD Audio Converter\ezcd64.dll

MD5 af4b35101d3f77fae67f9a0fdcc62559
SHA1 3b94904a6565bf46e47baecb5e1ee5d1701a19a6
SHA256 cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455
SHA512 3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15

\Program Files\EZ CD Audio Converter\ezcd.exe

MD5 9d261d76035282c574e39f8cab1dcae1
SHA1 9086ade86ad5db6fa13d5717e6457f4eee99bbfb
SHA256 f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa
SHA512 5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6

memory/2740-362-0x0000000003D50000-0x0000000003F38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\modern-wizard.bmp

MD5 5dc251b994c2499628eaca24b0ec587f
SHA1 6904b12c39e4765414a4502ca59bd6405e39b364
SHA256 22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1
SHA512 ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1

memory/2740-373-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-371-0x0000000000400000-0x0000000001D86000-memory.dmp

\Program Files\EZ CD Audio Converter\msvcp140.dll

MD5 7acbc57d268a691247b4a94fecfa42b4
SHA1 67bd76111b4ab8f4c0692919153dde2e7c8070f1
SHA256 b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1
SHA512 b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88

\Program Files\EZ CD Audio Converter\jiso.dll

MD5 f5afc2baff5e79bc0ac8cb54773573a5
SHA1 3911e55d07b83ce3ee4676fd6e3008705128a079
SHA256 47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4
SHA512 4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d

\Program Files\EZ CD Audio Converter\api-ms-win-crt-environment-l1-1-0.dll

MD5 4b2639aa215141a968dddefb30e5e21d
SHA1 10680e48e128b348bcf22ec87de68acb36749def
SHA256 1884872dbbe89023100d7f15e7b3a3eac16c3c8e3c103016c87c223bdc60ba7a
SHA512 5c66fa31a7959581cb7967a33627de42c88e919ce6ac2ab56b74e8cc81c9e082fd407cdd08fd235f5c29cffd15b4fa07531e0f8456925b8293de39b713a1c3d8

\Program Files\EZ CD Audio Converter\api-ms-win-crt-utility-l1-1-0.dll

MD5 cc741d481aea80559546da3464b01ce0
SHA1 a8dbc99d525b71ca53860991fba3fe10f67343de
SHA256 3fc3564e2276e8149856e74f59f594549d017a3a967ea66450e1c04af8768bc8
SHA512 600afbc7ff488291ff06c677dfba3db96d65b43d1c3f834e94bf1de225a940f8c8049cedb082d665758f22aacf2808d2915c18793bf11fd0d17cdff8150880e3

\Program Files\EZ CD Audio Converter\api-ms-win-crt-time-l1-1-0.dll

MD5 d709d32a2744df53af5fb8a50c85a32f
SHA1 a326f3ce8542f65e58b1c154af9bc5ba232a26fb
SHA256 ac90c44b194135bf555ac7df2405d443da87e1374e5b5bb408a2761a9bc63e3d
SHA512 ca973ab3d503bd818448fa874ba9640299e0d0d7b8b2e82a801ab39d961c22f9bff4def1eaff4d7fc5052af27a1fbfa6d52706311e21da37f8a8df3db2838bdd

\Program Files\EZ CD Audio Converter\api-ms-win-crt-convert-l1-1-0.dll

MD5 10586394ea9480d896dc90cb41fbb349
SHA1 b7572485a312ba7a228d0a3c1ad118a6187f88e6
SHA256 81f4b3cd11611aeaa94171ebc1079e501ec247e8da6c113e6c81a3877acca15d
SHA512 45824a49a13bec16961ff56a402b5cbbbfda4639a15fb48061f86d16995fa49ff7901e9e339a873135822756a7a1b7a69b2f0499e4568cb334bcac04a425a3ec

\Program Files\EZ CD Audio Converter\api-ms-win-crt-string-l1-1-0.dll

MD5 38f92437d012a0f6ad6e435dfaed6cea
SHA1 b361369f57086675d5481a93dfde65c971aafa13
SHA256 265c87b9a63420de788ba7855e847b4eb794c4256080eeacf64b81e70af889cd
SHA512 36f71ebcefba9a762c0773c89f2dc674cc7d5ecfd6156f882e646554a68cc6a6ebf8d28554b66fa8f7b57ab6be29b06a42cfddbb7847bbc42bb7de09851a79a3

\Program Files\EZ CD Audio Converter\api-ms-win-crt-heap-l1-1-0.dll

MD5 011cf908bfb96ebe4f6dae19820b1c9f
SHA1 266511422f8d52a6fee8d40c7e9436ce2bebbde8
SHA256 0d69f5d5720655dd15172949e379dce5dc364e1920f6fcab8f809aed7ed2ce9c
SHA512 c299cdd3bfc892f8348b811d2c25a6d9d74b42b4d3f5eace7c947ea3c5a34f1aab786d9b7a041aa97a6c0e03117540378c9ada51118912194ef17ac52274c0f9

\Program Files\EZ CD Audio Converter\api-ms-win-crt-runtime-l1-1-0.dll

MD5 7307d9479d874ec7df299f497c0b03f3
SHA1 ade7ffa3482e68127d1d8494e11337088a0616e4
SHA256 09b320d575b456b1199e4e2b09d34d4200fb8146b297ca78d06d80e9158a45e0
SHA512 f945ac79a99c72e4a26461e19aba66adbfc31b60a26b6d9338f6667a3795bafb4941a7b446a67a433308254fb112242886be34dea466c639bf5dcbc075a88d4f

\Program Files\EZ CD Audio Converter\vcruntime140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

\Program Files\EZ CD Audio Converter\libmmd.dll

MD5 14d1c437d435367d79d9242ab63e4612
SHA1 203b36a74933fcc82bdadae426348c1f6c43f7aa
SHA256 e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa
SHA512 fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63

\Program Files\EZ CD Audio Converter\svml_dispmd.dll

MD5 ffe3e9d3164c6bf14d9eacb31f13fe9b
SHA1 8fb1513242d736160ce3e1749833544fc2c61e4a
SHA256 415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90
SHA512 78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b

\Program Files\EZ CD Audio Converter\acdbase.dll

MD5 518475fd02ba061f30ac7419c63ec0ec
SHA1 5826f8e6c7486c4893ab3dc8294236f358d49ab0
SHA256 f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1
SHA512 08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006

\Program Files\EZ CD Audio Converter\api-ms-win-core-synch-l1-2-0.dll

MD5 d9a8a89d917760865d76766eb737c4a7
SHA1 6fe438d4718762b039042d6d061a88b09ba8d265
SHA256 7bd60aee2db91901c5804c6c69f9d877727bd8cddec30bcd047bc3afec5d8852
SHA512 514e6450eaebf38879da0f83632700473f6a34ffe8e872e2549105d2c989764f57a9208aee77b1701206891c3e397d91fefbe7836e6240af5781c5f7c4e70218

\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l2-1-0.dll

MD5 9ae6d3043815d2cad7f1aeb38c6d82ef
SHA1 d57d80b9377fc522e326b4c8a3b819fba3d6396d
SHA256 cf9bbd97661a1bafe171e5f9fc1edf7f172da0bc6424e1b68550455196a0a049
SHA512 a2229f677b9db677a5f336d500022a083d319add8d3016ed0e0ba3c9dc026b25069b0b1ca01d101ff4a5410101bb1fc167f289000200f5970b747fa4d01ee515

\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll

MD5 c0246065b2a0ae2d49b2907aef284db8
SHA1 5dfdce8c77dee9755a67d25c1b58583333a93475
SHA256 ef80d454da25256a4c5af5322ced313867576978e8201ec0946eac21d44fe637
SHA512 299e54b4c6a9ab8d29de7310e9023f74e6fde748b30cd7476f8d8ed77a2d8867c46fc3252665f02807df92f774c67fbfdbd56e7969a780ff25d57bbf8566ef78

\Program Files\EZ CD Audio Converter\api-ms-win-core-processthreads-l1-1-1.dll

MD5 b7a16442965c65d7d75ff8e2b61c2f79
SHA1 e03e80eac8c6c1dfe47a909d3568768b4e71c4e9
SHA256 0203d7ebe58d19216f53812a8944044c663df83ad118fc3e308dfe8a694774fe
SHA512 9e88bd48a54d461593b3d925c954bc93d49f960f21cd251906140deae72d8642e2ca0dc461b880f24cce96eb897e9e7d22ef02ef017f12044316a650964c9b11

\Program Files\EZ CD Audio Converter\api-ms-win-core-fibers-l1-1-1.dll

MD5 ad951158527940bac000e0baf0c73d63
SHA1 6b6ee384a4d7df4eb8e9ab60dfea1d4b62bea922
SHA256 0456c30ee2124ebe7788cd7c41a96a8ce8f5c18e4f28c782e1be4b9852c5b0b0
SHA512 56104592b857df6c07e673136f762a56faa4f9e93702411a8ab2109f739a0605c36f1d298c6047a8860ab130a6ec2231c52cb8a9ea8ce5462c98991029a7699f

\Program Files\EZ CD Audio Converter\api-ms-win-core-localization-l1-2-0.dll

MD5 776fb42f857d54989b2697b34ccc6e03
SHA1 abdb792e85a0f29b9a2dec0b56e32aa023c363ad
SHA256 058a3bcb3c1e463bce5c1990c369600dcca924f1b0aac87dde15f10c00fb4aaf
SHA512 1ed6bc1a9bb046339f5c04a46a7f0778a27bddfe0aea924c80b298cfb10f8bcd9e1fba82a4535b9f90acb516bc92a1475047f858f3bf474b5225ea257bb44918

\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-2-0.dll

MD5 b0a23a59470d0d05f65e68b34cc3151d
SHA1 fb847743919b14904144b463cba1700d14d60b8c
SHA256 b2c7cb7d8cc4d78d3aeaa33be5f37fa72c8dacdafb9259e2ab9c633eb4523221
SHA512 91a4743187b8fe97d3a72ab132b0f995529ff490919ddb779df2e5f700e72c32d6de3ec574d6a4f02531252731790b720af3c27eee6889c397933c9b3de8f164

\Program Files\EZ CD Audio Converter\api-ms-win-core-kernel32-legacy-l1-1-1.dll

MD5 ec9ea954d82514e4a1df8a2825d7ae94
SHA1 0f43a140ac8b95a061c30c0698328f8888e5447c
SHA256 d3667ed353e1548c8833280e50834b634b9775d15d25ce0511d2b385d7a607a8
SHA512 47d7fd7207822324bbf4f2ca6e321451137a584e735c02640ec63ed32275a26ee0312409c77433491c0f900667d36bea4d987f8509301987129cb6ccaa132b4e

\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll

MD5 c04a8cd941b3d85c19ed30d3f99b6c83
SHA1 d07029d9b05eb89c9e3b12215f64d5d7e811eb0d
SHA256 f03792b75b79cd3ed91953c2960019e5b5d331dd5bad713b617cd3ec8d3150fb
SHA512 a88674e11fe827f2da8845b6f1255703cf8de80e6103cca70365efbc8c9e5298cc59e1ee534e0335693feac2127c1137531a7c6656ebef577f695f2f7b3d9418

\Program Files\EZ CD Audio Converter\ucrtbase.dll

MD5 04e1eb90abb78c5fa6b440a6f17ddddb
SHA1 aef1c0b9fdf7aaa115e3c0a285c8ca8603f3852d
SHA256 3088326cb0fe5b5646e02c7b2de71ae363fcd26a0000cf32209c8bed05a7a866
SHA512 d9ba76a2bec20eba80481ecdb5616061a45f689d41cfdd8957287675a30a60ca3e997589d4312aba7c148735477a0b432f42fe7f7b8d2f7c2cb1d3aea8f56d86

\Program Files\EZ CD Audio Converter\api-ms-win-crt-stdio-l1-1-0.dll

MD5 a3ac58404a0ceed624f9a18d0a65852b
SHA1 c77396fc5c699c2fd22e586e28a99e2cacbf0bed
SHA256 4e72f645f47abae98427b4ce8c510f96112c16e640721ce3f82d3619eb3961a8
SHA512 73663e1f7af32b806189a8b3feac672344cbc2cd383f26eb59d911f03491a8e3aa3c2c14801e6bc99888d1b45fa171e2dac574c6c901ff37d16cfd674db4d7a9

memory/2740-380-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-378-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-377-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-376-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-375-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-431-0x0000000003D50000-0x0000000003F38000-memory.dmp

memory/2740-430-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-429-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-435-0x0000000003D50000-0x0000000003F38000-memory.dmp

memory/2740-436-0x0000000003D50000-0x0000000003F38000-memory.dmp

C:\Users\Admin\AppData\Local\EZ CD Audio Converter\converter_normal.txt

MD5 5fe1e6f8fb8ac21f63049cf39089f53a
SHA1 3176505294c2b2022fbcd227a2493b2a20fb2533
SHA256 b4e717f9ef7af9ba991f9c36b56cb9b4f51fe3b8f29b738496f3af4dcb48d47e
SHA512 a9668866637c6f5e22ea0bcaf2fa56d81beb78540b419ef8ce41118d0cf7cbf766f38b8c0d6ab72839f2874075aa1e8526a815d95d9f05e4a2a59d00e9640ce8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 83142242e97b8953c386f988aa694e4a
SHA1 833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256 d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512 bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

C:\Users\Admin\AppData\Local\Temp\Tar177E.tmp

MD5 109cab5505f5e065b63d01361467a83b
SHA1 4ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256 ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512 753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

memory/2740-501-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-505-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-510-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-514-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-520-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-523-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-531-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-537-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-540-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-546-0x0000000000400000-0x0000000001D86000-memory.dmp

memory/2740-550-0x0000000000400000-0x0000000001D86000-memory.dmp