Analysis Overview
SHA256
7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc
Threat Level: Known bad
The file ez_cd_audio_converter_setup_x64.exe was found to be: Known bad.
Malicious Activity Summary
Banload
Banload family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Enumerates connected drives
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Executes dropped EXE
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-28 22:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-02-28 22:27
Reported
2025-02-28 22:30
Platform
win10ltsc2021-20250217-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Banload
Banload family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| File opened (read-only) | \??\E: | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000\Control Panel\International\Geo\Nation | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-namedpipe-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_raw.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_am4b.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_xheaac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_w64.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_w64.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\resources.scale-125.pri | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_flac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_ape.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\notify.wav | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_wav.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\vcruntime140_threads.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_tta.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\ezcdshell.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\arabic.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\russian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_thd.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-150.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-20.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\CoreAudioHelper.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_w64.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-util-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_aiff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\concrt140.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\danish.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\german.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\turkish.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_opus.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\deviceio.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_dff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-localization-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-convert-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\resources.scale-400.pri | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\debug.log | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_wav.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_am4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_m4b.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_dtsmka.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\MatroskaMetadata.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_tta.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_wavpack.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_vorbis.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_ac3m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-400.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\serbian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\spanish.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\ukrainian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_wavpackdsd.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_wavacm.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\polish.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\ = "Burn disc" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\ = "UsersLibraries" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\command | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\SeparatorAfter = "1" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\LocalizedString = "@%SystemRoot%\\system32\\windows.storage.dll,-50691" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\System.IsPinnedToNameSpaceTree = "0" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\Description = "@shell32.dll,-34646" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries\SeparatorBefore = "1" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\System.PropList.DetailsPaneNullSelectTitle = "prop:" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell\restorelibraries | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801} | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\SortOrderIndex = "84" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\System.PropList.DetailsPaneNullSelect = "prop:" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\DefaultIcon\ = "%SystemRoot%\\system32\\imageres.dll,-1023" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CAD2902-7123-C558-78EB-26528080F801}\shell | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\Programmable | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4568 wrote to memory of 4528 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\register64.exe |
| PID 4568 wrote to memory of 4528 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\register64.exe |
| PID 4568 wrote to memory of 1976 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\ezcd.exe |
| PID 4568 wrote to memory of 1976 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\ezcd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"
C:\Program Files\EZ CD Audio Converter\register64.exe
"C:\Program Files\EZ CD Audio Converter\register64.exe" register
C:\Program Files\EZ CD Audio Converter\ezcd.exe
"C:\Program Files\EZ CD Audio Converter\ezcd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.poikosoft.com | udp |
| US | 35.227.194.51:443 | www.poikosoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\System.dll
| MD5 | 6e55a6e7c3fdbd244042eb15cb1ec739 |
| SHA1 | 070ea80e2192abc42f358d47b276990b5fa285a9 |
| SHA256 | acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506 |
| SHA512 | 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35 |
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\LangDLL.dll
| MD5 | 08de81a4584f5201086f57a7a93ed83b |
| SHA1 | 266a6ecc8fb7dca115e6915cd75e2595816841a8 |
| SHA256 | 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6 |
| SHA512 | b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9 |
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\nsDialogs.dll
| MD5 | ca5bb0ee2b698869c41c087c9854487c |
| SHA1 | 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4 |
| SHA256 | c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324 |
| SHA512 | 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770 |
C:\Program Files\EZ CD Audio Converter\register64.exe
| MD5 | 5872f17645e7ae8436d7607bbbf16cd2 |
| SHA1 | 767b605431383444afc4d3ca714cc1a9e57f75ff |
| SHA256 | d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d |
| SHA512 | dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326 |
C:\Program Files\EZ CD Audio Converter\ezcd64.dll
| MD5 | af4b35101d3f77fae67f9a0fdcc62559 |
| SHA1 | 3b94904a6565bf46e47baecb5e1ee5d1701a19a6 |
| SHA256 | cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455 |
| SHA512 | 3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15 |
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\modern-wizard.bmp
| MD5 | 5dc251b994c2499628eaca24b0ec587f |
| SHA1 | 6904b12c39e4765414a4502ca59bd6405e39b364 |
| SHA256 | 22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1 |
| SHA512 | ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1 |
C:\Program Files\EZ CD Audio Converter\ezcd.exe
| MD5 | 9d261d76035282c574e39f8cab1dcae1 |
| SHA1 | 9086ade86ad5db6fa13d5717e6457f4eee99bbfb |
| SHA256 | f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa |
| SHA512 | 5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6 |
memory/1976-352-0x0000000004030000-0x0000000004218000-memory.dmp
memory/1976-364-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-365-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-367-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-368-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-369-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-370-0x0000000000400000-0x0000000001D86000-memory.dmp
C:\Program Files\EZ CD Audio Converter\ACDBASE.DLL
| MD5 | 518475fd02ba061f30ac7419c63ec0ec |
| SHA1 | 5826f8e6c7486c4893ab3dc8294236f358d49ab0 |
| SHA256 | f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1 |
| SHA512 | 08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006 |
C:\Program Files\EZ CD Audio Converter\libmmd.dll
| MD5 | 14d1c437d435367d79d9242ab63e4612 |
| SHA1 | 203b36a74933fcc82bdadae426348c1f6c43f7aa |
| SHA256 | e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa |
| SHA512 | fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63 |
C:\Program Files\EZ CD Audio Converter\JISO.DLL
| MD5 | f5afc2baff5e79bc0ac8cb54773573a5 |
| SHA1 | 3911e55d07b83ce3ee4676fd6e3008705128a079 |
| SHA256 | 47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4 |
| SHA512 | 4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d |
C:\Program Files\EZ CD Audio Converter\xml.dll
| MD5 | 3b46b8c2dc90471da655378a8fad1d89 |
| SHA1 | 13f3e2c41af61201579adf66bfc1ea97bf8a528e |
| SHA256 | 56e1011249acac6ef464782849ac4c4ede75c5c821f89e8e2adfb6aa8a2c5a1e |
| SHA512 | 94d90ebfbeab89d6275aa820202d9f1974077901f8e63240ad3333028a976c3c2a8963f33eb7e2aac52ef6669364c2b3d6db6cc1a13236f32e35fe6a1f5b12f1 |
memory/1976-389-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-391-0x0000000004030000-0x0000000004218000-memory.dmp
memory/1976-390-0x0000000000400000-0x0000000001D86000-memory.dmp
C:\Program Files\EZ CD Audio Converter\msvcp140.dll
| MD5 | 7acbc57d268a691247b4a94fecfa42b4 |
| SHA1 | 67bd76111b4ab8f4c0692919153dde2e7c8070f1 |
| SHA256 | b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1 |
| SHA512 | b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88 |
C:\Program Files\EZ CD Audio Converter\vcruntime140_1.dll
| MD5 | c0c0b4c611561f94798b62eb43097722 |
| SHA1 | 523f515eed3af6d50e57a3eaeb906f4ccc1865fe |
| SHA256 | 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8 |
| SHA512 | 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0 |
memory/1976-372-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-393-0x0000000004030000-0x0000000004218000-memory.dmp
C:\Program Files\EZ CD Audio Converter\vcruntime140.dll
| MD5 | 32da96115c9d783a0769312c0482a62d |
| SHA1 | 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b |
| SHA256 | 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4 |
| SHA512 | 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087 |
C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll
| MD5 | ffe3e9d3164c6bf14d9eacb31f13fe9b |
| SHA1 | 8fb1513242d736160ce3e1749833544fc2c61e4a |
| SHA256 | 415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90 |
| SHA512 | 78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b |
C:\Program Files\EZ CD Audio Converter\Language\svenska.uni
| MD5 | 9e912d4208e652612b1cecdbbaf143cb |
| SHA1 | da35fe5d416690826df8f202f8d77f421dc36bbe |
| SHA256 | cd89363504755a0c7473d451c888261e02550fe9450becd9388e4a85f4d6c505 |
| SHA512 | ab8427eee4cebb4e87e8e94de72f206de274c317c3e7da5ea78b94aa57a4308c295ac428832f2e41142252ef4df33612c92c65c75e403ca8c1ae333e6a9b77e2 |
C:\Program Files\EZ CD Audio Converter\Language\spanish.uni
| MD5 | 15b4182806df5969d9d420f07e238e18 |
| SHA1 | e6a16903591d882fdc2a8b8a3137e7f70f03e64d |
| SHA256 | 329b097a406a6059a8124a870498555896946218d8472afd56c0480f3dec6efc |
| SHA512 | f96ecbc4b33824fd70631014e7da6d168555905b11d0aa65f60b77d30f4c74645fa8f6439e37b648d1f9f324c2bb4dd1df48e98e05cd3a735be7ef9f3b0f314a |
C:\Program Files\EZ CD Audio Converter\Language\slovenian.uni
| MD5 | 76f5d7a64a37b0cafcd218d483d44a64 |
| SHA1 | d5e495c44d0ba40cc3d31ea4b80094d00b1360cf |
| SHA256 | ecf97d9575b361919e51b4a886c1bb2c78dde2ee35970927f5efc7aafe87a12d |
| SHA512 | 9f558f1c93ee22db3003870ee092c176a82c48732abb945faca6b59e844ffbb0bd7dfacf390ef953e966f841919d5bd4a8c35cd772281e6fc3bc5ba21501cbd4 |
C:\Program Files\EZ CD Audio Converter\Language\slovak.uni
| MD5 | 1747746e061cc56ddd5d134fbc1fb432 |
| SHA1 | 22d87e5539ac8178aab2d9b8207ab409061d26b6 |
| SHA256 | 021e0ccc518f5759fb282162f5c93dfcaffb45272764db16033fbd340bbf8788 |
| SHA512 | 6d5000d498cbda152ed6edf43746f412d20c47ff475952d0e9351470e512d2ca5baf3f128ba70441907fbe6e39ab1f040b55c3a44267bc1e4627bc8ef4f9b53a |
C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni
| MD5 | 2c721380846071732c0683724a8d1462 |
| SHA1 | aa4a5d2f233454f8afe222cdf2a8e65f8b75ed5c |
| SHA256 | bf064ae5468ecfcfc3e1afb34115ac2c0d4d1b8ec6bbe00ba3753b2ac7f51913 |
| SHA512 | ec09a958624f9a989fe945cefa7f7e3f3836eb72b5258a6b0402ee1ea6cfa5b27707c9d27e94a481d2817ff68317303ec024c2301266cd79f00f273f46d69a10 |
C:\Program Files\EZ CD Audio Converter\Language\serbian.uni
| MD5 | f19d25859b6c33e54dd8d800e8ca90c4 |
| SHA1 | cbb1bac8b69f3b1901a39e52eb6f601dd964a513 |
| SHA256 | c2471b3fa616c224a82245c5b78adcffc41dbd6716944676d58769f85e8410c8 |
| SHA512 | c9440d2eb2953c74c8dee493fe7e83ff17c4da34953653cc47a47b3c402209f295d308bb03ca44f76729df011e1c117d4281d9b5a66ffa48e6c514a8be877a21 |
C:\Program Files\EZ CD Audio Converter\Language\russian.uni
| MD5 | 3c6ea4277df7e6651e610497df69ccfd |
| SHA1 | 2b99e51b6dcafdc7ca9d6a322cd92166ddb5c6b9 |
| SHA256 | b1d7c36ae1979216e9ddce04234625f24fd6c9da42c560482073deeb782f0cc0 |
| SHA512 | 9f8f543d05369c072c6703cd15957c58ed2e8cacb3786677819cc175e1c1c6a7c5ddd9bd7ddd940f864130acea59381f058a924e1c1c23edbfec5cfdedacbe9e |
C:\Program Files\EZ CD Audio Converter\Language\romana.uni
| MD5 | 219a0f40a1327d134a0acab5e72cd2b9 |
| SHA1 | 3f6e0ebbb51ec5a8c496304e15ba3ea59b738cf9 |
| SHA256 | 4ade66e433fec96a9a09d0e977a6ffc522bfb97cfffcd9e07e9969364bf679bb |
| SHA512 | e82674877ab71da9548204cf553c04c167b7c1d21388a1ace373e7f4a7c3e49146786729a2b4d5a429569c407eb827b1829cb873f7891edfa1e0192d9516e476 |
C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni
| MD5 | 9bd473902ca5331d846eb55acb505765 |
| SHA1 | 784923bb5fab95c17d82bc1dd0dc5643e5902241 |
| SHA256 | c047a33f32f3fe66610fc6981564c3dd733c6ad7182d4196cdc0c3c61beda480 |
| SHA512 | 4b7d2334c21baa8f0a3f72e460a20bc50bcaa7e0ed3edb5a9a9abe6887ddd6d20e6db0400266eb66e744169b42bc4af44c3e2d566e4e94219293c22127259ce7 |
C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni
| MD5 | a251f6405ed3c939d544a0e6234e2b9f |
| SHA1 | dd428750e3a52f31f81148332ffdd2de493c069a |
| SHA256 | 52ccf4b5bf24c9b2ed7ff81a510e9535c699891777105f1fa265a3e092557ea2 |
| SHA512 | 536ee60e0cc65191a4aab5094d56a9251ca4ab2d32f305eebf057f9be5e3daea06a879cbb1434b0f2351c9e4c9c9cabbdbf91b64c76ff0ce24b9155b0eccb27d |
C:\Program Files\EZ CD Audio Converter\Language\polish.uni
| MD5 | 1eb1138cb6f62fcd8d6bf4fdda99ea29 |
| SHA1 | 19578f77a946a70fa59344cadb7e41e95e9c683a |
| SHA256 | fb440e0cce8b2c6b711202b73ca5145bf51d6b2e0e34c7ee9cbf3a2b2bc0c547 |
| SHA512 | 46626773849e543e336c9a72285cdfc5becf2e2c0ed902d1fabd8942668e320945ad1169bbd992f7296b1abaa7390d008e9bdcc49a0790c4e83b283ee0a7120a |
C:\Program Files\EZ CD Audio Converter\Language\norwegian.uni
| MD5 | e4ff4dde31c1139623f04c2654d67992 |
| SHA1 | afe4226b938e0d023146997ae070ebd2ea30177d |
| SHA256 | ac4b23ea7ec0ea5c47df9eb3bcde31d7877213dbc2b3fc6b519fc9628ef2432a |
| SHA512 | 07e36e979599efd766c37c8f619aa5b99671def047c44bc4a2bc92c3a4b5ba9a94df32a76700fd50585aaf71b15f66872040e30fe25390220e896994a723e38b |
C:\Program Files\EZ CD Audio Converter\Language\macedonian.uni
| MD5 | 182ded886ff1728f8a373e20b62908d7 |
| SHA1 | 289ae7c0cb9f8ae719cd7eae2432b11d4a6a4445 |
| SHA256 | 0234876add47d6c6f08f26008c9b2715aa287f1653ba361e8e690469064251c8 |
| SHA512 | 2e33e04660e1670cb8e06eb1f1a3cf427640070c4a37e3c1d2794114c81cdbcabe46fa1df2096ea114b6e23d28652c9c0ecbd398e7300daa1c3f59a415a8c2a1 |
C:\Program Files\EZ CD Audio Converter\Language\korean.uni
| MD5 | 3c73d8cd6b6ae690b60d3923d6c630b1 |
| SHA1 | aa5cafaf1a4fdb87087b719fb8bdc640f7dff4f0 |
| SHA256 | cbe42126f0295b61f0314370cfd244a05cde77763890c219f54e52e30d8446fa |
| SHA512 | 1a16cc3262b54875047da4a94a3469028ecaf2c52dbcf2c3b0095649a0772153db681f3ebd9d1024647d6988deda460c8e1a2c11b83b5cbd7fd27f130aa08e07 |
C:\Program Files\EZ CD Audio Converter\Language\japanese.uni
| MD5 | db7f63c236638379d4863e84d86b23fd |
| SHA1 | 8f33a6aff4178352e489af9ade390adaabeca01a |
| SHA256 | 76c3a1af9b81f72d53f83ac6ce9c74770d063609b09557f9b8d7023aeeee4a20 |
| SHA512 | 15a5c7c40e22260a1112556ce4962fdb2dddfb3eb7edd2cb5b47dde12e018c47ac1e559b427f00d59533d265facc7759af2e760e5a8521162f7b20467282e443 |
C:\Program Files\EZ CD Audio Converter\Language\italiano.uni
| MD5 | f6ff0c148cff8f09b4c8242d001493d1 |
| SHA1 | 841ff07368a734c89a5fda1e3f170cc1616fb7f0 |
| SHA256 | 98a7afb435b194b15aa65683f28ac108619b06a634e978e76eb10cfa80fd390d |
| SHA512 | 859cd149c8b93d4587a5c8866b8aaf57644f256d5e049bd458aa4b4aae1b1fe4715238103b61d23343f1261c41c73290a98f32e791d35fa02b2f8a22dc918217 |
C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni
| MD5 | a46be4f1df1a691f94bab2adbb738b3c |
| SHA1 | bc1bd472f48776f13edf791da8cffd5cadc7d441 |
| SHA256 | 1a28cb0f4fdfd3a09228ca9c1da9661158d7003fa7dd6288e7d82e3d31513544 |
| SHA512 | 522138ce3b3df1c089192e20828a8431f22fe2309e0c12112241df83a2e319db1221119ea24b821007ec6b94ccc5170e0262b6de661384b7fc884c632fca5776 |
C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni
| MD5 | 52f7b58dbfa62a43e6ab86d993ee8595 |
| SHA1 | 812ba8071c02b10c19a1fd0d41f5876b50783e5b |
| SHA256 | 436171f9af16e276683cd34eb67d29ce40db6bd43d216e3ab86370a327e52871 |
| SHA512 | ba27a3947b6f39bdd0e2e126ac26b5b0d89dd401fd386aa92270b6008bba58661ffa4e12c46c8850c6030c31b13a2b63d961fffeee6a94c9e3147b3ad6f872da |
C:\Program Files\EZ CD Audio Converter\CoreAudioHelper.dll
| MD5 | 2cb3e4b21b39f5a7cae0397168ded6a8 |
| SHA1 | f84f26f36ba8a483173d7a288fe18a856ba6f182 |
| SHA256 | 2608aebd4679dd0f88b0a1e093d5782ca342aa41ddc03a30bdf58e91ed588ef6 |
| SHA512 | f97e8349fd9cc73e15ba2a607bb6410f6922fe8c535d0446f2f1682a183dde7c6dca69683db9afce4693d22eb765d3298d6b9006f3067c00e2b200b284129d79 |
C:\Program Files\EZ CD Audio Converter\enc_aaac.dll
| MD5 | f149b2b99ce59a004f405cbf48268a7e |
| SHA1 | d8270f0475d86ebc24a9f913e929b2018b31f239 |
| SHA256 | 8ba5217bb3c7c1536cbff9013e92efd23a945acc6c449ee6b924e0f561a18760 |
| SHA512 | a89c2eda66618abba565cfec386eee4792464c9daf5447f260a27c347549c96c88c27d5541ddbc1c24e8e56dcab445f11f2f4301ba846c1434ac889ffbe7bd08 |
C:\Program Files\EZ CD Audio Converter\Language\ukrainian.uni
| MD5 | 4c2187ea6bad0998b5d988d7762e0b8d |
| SHA1 | 7c8cef5ed646b113f339fbc4624ed5e1d60decec |
| SHA256 | 3334483ce9ae8a89eace7e36dfd55ae4d940c7439a707ca15512e7a938a1424f |
| SHA512 | 5e597b52e860907ddaa2ded135bc41371b52cbe59e35357840aa5876f527d932086de48f6ee03acdd90faaf8d164f94f3dfbb3f567acccb9fb5569af6b5b1f44 |
C:\Program Files\EZ CD Audio Converter\Language\turkish.uni
| MD5 | fc2da459dfee884ce8c756090b022c7d |
| SHA1 | b192c0d82a203a25e411ad7efc1bc0f7f8ef16a8 |
| SHA256 | dc10986d269f1dffcf26c064b97e641ce593ae375893a773d952b585bc71d42a |
| SHA512 | 55ba0f993d9bf42383e48e57200f37507430f63a2df30f09243e8d4526423e99d169b3a80a3b098699bfb62027bf2c332c65c3868ad01014934426b2eb68fe5b |
C:\Program Files\EZ CD Audio Converter\Language\greek.uni
| MD5 | 14274c057d174ed397f0096ec3a7f4cb |
| SHA1 | 2d8f38d637c959450c97a7bf852a51e83e209ca4 |
| SHA256 | 41cd23a2821d278ccd8b72ab1d2fef34410cc4b2d8d95695e5b3815f5f5e539a |
| SHA512 | 53e41f6e62e8e7ea53e39b1993923909c12b4b68cb837ec62b4bad7bd9ae3c86479ee534ba68ed97bd20cdcc58fe65025d380218ea3c379d732a4a8f7baf49c7 |
C:\Program Files\EZ CD Audio Converter\Language\german.uni
| MD5 | f49b8ffbd1c938d10e0e362a4f20872d |
| SHA1 | b68f7977a3713dce897acd0dfe394958f0e3a08d |
| SHA256 | 32a8dca0e6acef0ea0c9d11991b16ac5abb2481f383a8cb6d7851f3c45ce171a |
| SHA512 | 02f90ed5330a31d6444027c8ee8bdfcb04090efe3e6a2c46d40385b2290057b0044626eacf3db8c8bfd1b83cedd66772ee8940a848500cc411d12d4978e051b2 |
C:\Program Files\EZ CD Audio Converter\Language\francais.uni
| MD5 | 01674fa4659f401cc290942911686af6 |
| SHA1 | b7aaae4e3587c4df47f38586301a1d12053bbe2f |
| SHA256 | 22ec546cee32f9b025b2ae10ec04e2c8a0c19902dd1c175bef4877e5a0c60277 |
| SHA512 | 49fc6a46b147322dd9038648ed9553042fc91f65f60442d3bedd836c89d8f0b6f5d0bda155656bd986d77d2060efd0795cbfd3ed0a5c29e510660ecc5ad57a3d |
C:\Program Files\EZ CD Audio Converter\Language\finnish.uni
| MD5 | 30c946ac93066e442bcc31ac6398ac96 |
| SHA1 | 9513a51990068dca9e03e11a3aa54b7e1e0260d5 |
| SHA256 | 905735eb4eeacb207d34bc9b86926b0be77a9cad0e25541b16879bb6060e8f0b |
| SHA512 | 26c6b49ad32b9f52a803729bcd9b3ecef954f5c7b7890c34db089b80280ff1e4d5543ca0e24e3d1627a334d48672982d07813da31402326c6f4136f21d74a872 |
C:\Program Files\EZ CD Audio Converter\Language\estonian.uni
| MD5 | 9738157a0f5f66693fb2b82f413c0bdb |
| SHA1 | e59bedb8c9bddd4ea879d3c863c9ceb24b608dda |
| SHA256 | 23b61b7be86c306558189288bd02dc3bfc4cca26f5c7704816e3054be941bbb1 |
| SHA512 | fa5811bdecc5713140acd0153fc60f7ae52af62f483ffcba08db36f052d91e2b6a1303531c2b0a328ba56b1b511bc023e64d7b1e389136f8fa0c5b775500c25d |
C:\Program Files\EZ CD Audio Converter\Language\english.uni
| MD5 | 69afd56fea5d69ad2db8f62bc638494b |
| SHA1 | 5859ce23b4fd654c20d36cffa2528dfaacfe07f0 |
| SHA256 | e3126d90bff119edc9b80cb7088864a33f8f8cb786ca0934848e708a49678956 |
| SHA512 | 5efec71843bbe63905d897130f36757b9cfbdc4d3e4b74b3abf4ddc18b29e290185b9a651503da1fd277a04f8680713d20e5785e4b4a6d22c75cd61b438f6378 |
C:\Program Files\EZ CD Audio Converter\Language\dutch.uni
| MD5 | 243a28854df48ad66f9107e457df1745 |
| SHA1 | b353b9a7d54f65a1d37c0a78fd9f3bbad1345b8c |
| SHA256 | 8a826087cb692bf33fe8a964a11b37dda5f575f9b3937ba6fb2f36661d7c9ba6 |
| SHA512 | d55be5fec229a91142b44bfa854f9c78fc0360f94cd0cbf76f44a073faa2118d22347efa655ebcaebcc6d1e788b8b474e4a861ec068bc8c2038a5fa3921a1413 |
C:\Program Files\EZ CD Audio Converter\Language\danish.uni
| MD5 | ef3d6b4d02dc2aefe4eeb11f9dc37b22 |
| SHA1 | 1c7744a1289050b200f9eb2692ba2238dfab5356 |
| SHA256 | d2d03f7ba9138ffc9cad98ac14d65f0f787d82a2f41ba0fc362c02611afc440b |
| SHA512 | 8b65a831b3059cf85e85067d9c7a2530dc9c1aa2e2245c047921d9d4aac8bc06092f4462e27ef5c4b4db488400831263be5b020c16a95cf144c48bd9a83c62fb |
C:\Program Files\EZ CD Audio Converter\Language\czech.uni
| MD5 | 57c251ec455363e3e329e6184e63edbc |
| SHA1 | 3d8eb9f5b020963306f3440ca36c61a99635beb3 |
| SHA256 | 6ec94a136e0f07ad1be36b4f17387472487575ca6c81c0e08a1aba18a9d2bd2f |
| SHA512 | 6bee4b08b1530461e1ea9b0c19a1ca5c18fbac333f4faa5cdf1601b4e1cfd706d88abe92b0c11f04875bc9c0644116accb6da142c57e2dfcc29d418e9d211942 |
C:\Program Files\EZ CD Audio Converter\Language\croatian.uni
| MD5 | a6e3967e43f2d6b2fc915a6d5a43419a |
| SHA1 | 4b67bc5c402bbbeef4a6e5ba9f5384ef17562444 |
| SHA256 | 4f843a505dff7a247fdc39f7b71a4e4891ac1d4f9ddf8f14cbfcf2313139ca9b |
| SHA512 | 32ca334015b9e0657fdb1f99cae4459f3fc7166445b0035cf28800baa71ca3c5242a08ccdd60930e931f69a5d9a4eba6dc09a77bbe5e788559d557ccec724733 |
C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni
| MD5 | 6346bc9d97093e742dda80040ee4f622 |
| SHA1 | c62471af4d933bf99259cf454ac34a45bc07a11c |
| SHA256 | 41e8a38eea1d9709db2f3c97f6e82d04013f695815ccbe4f036d78279d7386e7 |
| SHA512 | 5172e8eee2f924afefbb760ad4727f0c97c8a3c702946fe1894af078ec353d1c93d992f200d2a180d95308c0bfdc9d74dd285c7a4d1bf32bee8e3d0a43c3088c |
C:\Program Files\EZ CD Audio Converter\Language\chinese simplified.uni
| MD5 | 783d1f05b80b184ee9fabaa7d1f77d73 |
| SHA1 | 4ca03e156fe900ea1072f949513996f3f0a0ca96 |
| SHA256 | 81a0b1956e2887797bf08fe7711557c2d814c15cd2777d0314fe65cf80464d94 |
| SHA512 | 69f3a5f8fbab494b34297f91dedaaa28272669dc5945545ee2c4dcd0da0c2657abf462a2a6dd744cea0ffb28b9afb0a1a9c318ead8053ea33b061969a94b0835 |
C:\Program Files\EZ CD Audio Converter\Language\catala.uni
| MD5 | e7ff135471134df105ec767441b81d98 |
| SHA1 | 3b31729f341a098c4f818d11edb6df84049eac8c |
| SHA256 | 1ffb53cd58b317d98572f6e74e612d73fdf52416c72f0eaaf4670bb62297b09d |
| SHA512 | 0332e8633c162311a61214e48c099eebb906b6f82787e5225ad1baea438eabd69099b4218d1212b82ae656ad3649b77873e7be0204c92312822214f3da7aae2e |
C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni
| MD5 | bf674d7f8180a6b389d0ef8ba295a313 |
| SHA1 | eeb6ac6206475be881cfd1ef865e31b72f8e892f |
| SHA256 | 973e04c3c5f270ef5726482f18e89918e09c11a061747ef60d708529feec1e62 |
| SHA512 | af8542decb1486774a467f414c4e6b54a532b26510b632c7b0594d3639ced13a0c73fbdce3ba54e3f3f850386fa7fab927b1278c861ea159b4dcec9f7cb49557 |
C:\Program Files\EZ CD Audio Converter\Language\arabic.uni
| MD5 | 09b253aeef15d8d21d8e9a1a9a360b8c |
| SHA1 | 305f148c0f37e99a6444cd9cfbce64eadda3475d |
| SHA256 | 715d37dffff24b4a377633cc63c3cd961124536a51af852201f20775f83c3ccb |
| SHA512 | 3f9eacad2fbcb2995646c475d7fc31a3fe6e5a3ac92074e0619597663b54a815d8f212d4db1f380e92b743169782d12ab1e1b0697a211dc2cf6d5af1512d8eb7 |
memory/1976-442-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-444-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-445-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-448-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-450-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-451-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-454-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-456-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-457-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-459-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1976-460-0x0000000000400000-0x0000000001D86000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2025-02-28 22:27
Reported
2025-02-28 22:30
Platform
win11-20250217-en
Max time kernel
145s
Max time network
95s
Command Line
Signatures
Banload
Banload family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\EZ CD Audio Converter\dec_wma.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_wavmp3.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-datetime-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_flac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_ape.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\ucrtbase.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\ezcdshell.appx | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\italiano.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_aac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_eac3m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_m4af.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\greek.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_opus.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_flac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\ezcd64.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-16_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_mpc.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-time-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_alac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_tta.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_aiff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_eac3.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-math-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\resources.scale-125.pri | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\german.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_mpc.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_xheaac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-profile-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_w64.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-libraryloader-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\uninstall.exe | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_aiff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_thd.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_eac3mka.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-32_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_wav.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_eac3m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_au.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\vcruntime140_threads.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-fibers-l1-1-1.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square150x150Logo.scale-125.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-256_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_wav.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_flac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_aaac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_m4b.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_wma.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\vccorlib140.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\resources.scale-400.pri | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_sacd.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-40_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\croatian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\english.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\romana.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_ape.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-stdio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-150.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\registershell.exe | N/A |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\VersionIndependentProgID\ = "BDATuner.DigitalCableLocator" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\TypeLib | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B} | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ProgID | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Version\ = "1.0" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ProgID\ = "BDATuner.DigitalCableLocator.1" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\ = "Burn disc" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\VersionIndependentProgID | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Programmable | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32 | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InprocServer32\ = "C:\\Windows\\System32\\msvidctl.dll" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\TypeLib\ = "{9B085638-018E-11D3-9D8E-00C04F72D980}" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\Version | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4532 wrote to memory of 4232 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\registershell.exe |
| PID 4532 wrote to memory of 4232 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\registershell.exe |
| PID 4532 wrote to memory of 3876 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\register64.exe |
| PID 4532 wrote to memory of 3876 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\register64.exe |
| PID 4532 wrote to memory of 1052 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\ezcd.exe |
| PID 4532 wrote to memory of 1052 | N/A | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | C:\Program Files\EZ CD Audio Converter\ezcd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"
C:\Program Files\EZ CD Audio Converter\registershell.exe
"C:\Program Files\EZ CD Audio Converter\registershell.exe" register
C:\Program Files\EZ CD Audio Converter\register64.exe
"C:\Program Files\EZ CD Audio Converter\register64.exe" register
C:\Program Files\EZ CD Audio Converter\ezcd.exe
"C:\Program Files\EZ CD Audio Converter\ezcd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 35.190.31.54:443 | www.poikosoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\System.dll
| MD5 | 6e55a6e7c3fdbd244042eb15cb1ec739 |
| SHA1 | 070ea80e2192abc42f358d47b276990b5fa285a9 |
| SHA256 | acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506 |
| SHA512 | 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35 |
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\LangDLL.dll
| MD5 | 08de81a4584f5201086f57a7a93ed83b |
| SHA1 | 266a6ecc8fb7dca115e6915cd75e2595816841a8 |
| SHA256 | 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6 |
| SHA512 | b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9 |
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\nsDialogs.dll
| MD5 | ca5bb0ee2b698869c41c087c9854487c |
| SHA1 | 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4 |
| SHA256 | c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324 |
| SHA512 | 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770 |
C:\Program Files\EZ CD Audio Converter\registershell.exe
| MD5 | 6d9a803c57ac1b424aa8c6f6bc3556fb |
| SHA1 | c084d1e191598cb6e9c4bbd25a1a73f1252985a1 |
| SHA256 | 08a5240713d54fc34b2b70e67ce6dadc24305f9958707ff07df163729a9de3f0 |
| SHA512 | 2c597404f5e30c7d45d346c8252ba78de61244a794f6b3f5c36ab837f2d041de3c879841ac58743de2a8c7d302091b6fde4a6cc8cdc8d1c18e16c47053ddce17 |
C:\Program Files\EZ CD Audio Converter\register64.exe
| MD5 | 5872f17645e7ae8436d7607bbbf16cd2 |
| SHA1 | 767b605431383444afc4d3ca714cc1a9e57f75ff |
| SHA256 | d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d |
| SHA512 | dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326 |
C:\Program Files\EZ CD Audio Converter\vcruntime140.dll
| MD5 | 32da96115c9d783a0769312c0482a62d |
| SHA1 | 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b |
| SHA256 | 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4 |
| SHA512 | 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087 |
C:\Program Files\EZ CD Audio Converter\ezcd64.dll
| MD5 | af4b35101d3f77fae67f9a0fdcc62559 |
| SHA1 | 3b94904a6565bf46e47baecb5e1ee5d1701a19a6 |
| SHA256 | cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455 |
| SHA512 | 3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15 |
C:\Program Files\EZ CD Audio Converter\msvcp140.dll
| MD5 | 7acbc57d268a691247b4a94fecfa42b4 |
| SHA1 | 67bd76111b4ab8f4c0692919153dde2e7c8070f1 |
| SHA256 | b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1 |
| SHA512 | b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88 |
C:\Program Files\EZ CD Audio Converter\vcruntime140_1.dll
| MD5 | c0c0b4c611561f94798b62eb43097722 |
| SHA1 | 523f515eed3af6d50e57a3eaeb906f4ccc1865fe |
| SHA256 | 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8 |
| SHA512 | 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0 |
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\modern-wizard.bmp
| MD5 | 5dc251b994c2499628eaca24b0ec587f |
| SHA1 | 6904b12c39e4765414a4502ca59bd6405e39b364 |
| SHA256 | 22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1 |
| SHA512 | ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1 |
C:\Program Files\EZ CD Audio Converter\ezcd.exe
| MD5 | 9d261d76035282c574e39f8cab1dcae1 |
| SHA1 | 9086ade86ad5db6fa13d5717e6457f4eee99bbfb |
| SHA256 | f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa |
| SHA512 | 5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6 |
memory/1052-363-0x0000000004050000-0x0000000004238000-memory.dmp
memory/1052-372-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-374-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-377-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-376-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-378-0x0000000000400000-0x0000000001D86000-memory.dmp
C:\Program Files\EZ CD Audio Converter\acdbase.dll
| MD5 | 518475fd02ba061f30ac7419c63ec0ec |
| SHA1 | 5826f8e6c7486c4893ab3dc8294236f358d49ab0 |
| SHA256 | f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1 |
| SHA512 | 08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006 |
C:\Program Files\EZ CD Audio Converter\svml_dispmd.dll
| MD5 | ffe3e9d3164c6bf14d9eacb31f13fe9b |
| SHA1 | 8fb1513242d736160ce3e1749833544fc2c61e4a |
| SHA256 | 415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90 |
| SHA512 | 78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b |
C:\Program Files\EZ CD Audio Converter\xml.dll
| MD5 | 3b46b8c2dc90471da655378a8fad1d89 |
| SHA1 | 13f3e2c41af61201579adf66bfc1ea97bf8a528e |
| SHA256 | 56e1011249acac6ef464782849ac4c4ede75c5c821f89e8e2adfb6aa8a2c5a1e |
| SHA512 | 94d90ebfbeab89d6275aa820202d9f1974077901f8e63240ad3333028a976c3c2a8963f33eb7e2aac52ef6669364c2b3d6db6cc1a13236f32e35fe6a1f5b12f1 |
memory/1052-396-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-397-0x0000000004050000-0x0000000004238000-memory.dmp
memory/1052-395-0x0000000000400000-0x0000000001D86000-memory.dmp
C:\Program Files\EZ CD Audio Converter\jiso.dll
| MD5 | f5afc2baff5e79bc0ac8cb54773573a5 |
| SHA1 | 3911e55d07b83ce3ee4676fd6e3008705128a079 |
| SHA256 | 47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4 |
| SHA512 | 4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d |
C:\Program Files\EZ CD Audio Converter\Language\spanish.uni
| MD5 | 15b4182806df5969d9d420f07e238e18 |
| SHA1 | e6a16903591d882fdc2a8b8a3137e7f70f03e64d |
| SHA256 | 329b097a406a6059a8124a870498555896946218d8472afd56c0480f3dec6efc |
| SHA512 | f96ecbc4b33824fd70631014e7da6d168555905b11d0aa65f60b77d30f4c74645fa8f6439e37b648d1f9f324c2bb4dd1df48e98e05cd3a735be7ef9f3b0f314a |
C:\Program Files\EZ CD Audio Converter\Language\slovenian.uni
| MD5 | 76f5d7a64a37b0cafcd218d483d44a64 |
| SHA1 | d5e495c44d0ba40cc3d31ea4b80094d00b1360cf |
| SHA256 | ecf97d9575b361919e51b4a886c1bb2c78dde2ee35970927f5efc7aafe87a12d |
| SHA512 | 9f558f1c93ee22db3003870ee092c176a82c48732abb945faca6b59e844ffbb0bd7dfacf390ef953e966f841919d5bd4a8c35cd772281e6fc3bc5ba21501cbd4 |
C:\Program Files\EZ CD Audio Converter\Language\slovak.uni
| MD5 | 1747746e061cc56ddd5d134fbc1fb432 |
| SHA1 | 22d87e5539ac8178aab2d9b8207ab409061d26b6 |
| SHA256 | 021e0ccc518f5759fb282162f5c93dfcaffb45272764db16033fbd340bbf8788 |
| SHA512 | 6d5000d498cbda152ed6edf43746f412d20c47ff475952d0e9351470e512d2ca5baf3f128ba70441907fbe6e39ab1f040b55c3a44267bc1e4627bc8ef4f9b53a |
C:\Program Files\EZ CD Audio Converter\Language\serbianc.uni
| MD5 | 2c721380846071732c0683724a8d1462 |
| SHA1 | aa4a5d2f233454f8afe222cdf2a8e65f8b75ed5c |
| SHA256 | bf064ae5468ecfcfc3e1afb34115ac2c0d4d1b8ec6bbe00ba3753b2ac7f51913 |
| SHA512 | ec09a958624f9a989fe945cefa7f7e3f3836eb72b5258a6b0402ee1ea6cfa5b27707c9d27e94a481d2817ff68317303ec024c2301266cd79f00f273f46d69a10 |
memory/1052-433-0x0000000004050000-0x0000000004238000-memory.dmp
C:\Program Files\EZ CD Audio Converter\Language\serbian.uni
| MD5 | f19d25859b6c33e54dd8d800e8ca90c4 |
| SHA1 | cbb1bac8b69f3b1901a39e52eb6f601dd964a513 |
| SHA256 | c2471b3fa616c224a82245c5b78adcffc41dbd6716944676d58769f85e8410c8 |
| SHA512 | c9440d2eb2953c74c8dee493fe7e83ff17c4da34953653cc47a47b3c402209f295d308bb03ca44f76729df011e1c117d4281d9b5a66ffa48e6c514a8be877a21 |
C:\Program Files\EZ CD Audio Converter\Language\russian.uni
| MD5 | 3c6ea4277df7e6651e610497df69ccfd |
| SHA1 | 2b99e51b6dcafdc7ca9d6a322cd92166ddb5c6b9 |
| SHA256 | b1d7c36ae1979216e9ddce04234625f24fd6c9da42c560482073deeb782f0cc0 |
| SHA512 | 9f8f543d05369c072c6703cd15957c58ed2e8cacb3786677819cc175e1c1c6a7c5ddd9bd7ddd940f864130acea59381f058a924e1c1c23edbfec5cfdedacbe9e |
C:\Program Files\EZ CD Audio Converter\Language\romana.uni
| MD5 | 219a0f40a1327d134a0acab5e72cd2b9 |
| SHA1 | 3f6e0ebbb51ec5a8c496304e15ba3ea59b738cf9 |
| SHA256 | 4ade66e433fec96a9a09d0e977a6ffc522bfb97cfffcd9e07e9969364bf679bb |
| SHA512 | e82674877ab71da9548204cf553c04c167b7c1d21388a1ace373e7f4a7c3e49146786729a2b4d5a429569c407eb827b1829cb873f7891edfa1e0192d9516e476 |
C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni
| MD5 | 9bd473902ca5331d846eb55acb505765 |
| SHA1 | 784923bb5fab95c17d82bc1dd0dc5643e5902241 |
| SHA256 | c047a33f32f3fe66610fc6981564c3dd733c6ad7182d4196cdc0c3c61beda480 |
| SHA512 | 4b7d2334c21baa8f0a3f72e460a20bc50bcaa7e0ed3edb5a9a9abe6887ddd6d20e6db0400266eb66e744169b42bc4af44c3e2d566e4e94219293c22127259ce7 |
C:\Program Files\EZ CD Audio Converter\Language\portugues (brasileiro).uni
| MD5 | a251f6405ed3c939d544a0e6234e2b9f |
| SHA1 | dd428750e3a52f31f81148332ffdd2de493c069a |
| SHA256 | 52ccf4b5bf24c9b2ed7ff81a510e9535c699891777105f1fa265a3e092557ea2 |
| SHA512 | 536ee60e0cc65191a4aab5094d56a9251ca4ab2d32f305eebf057f9be5e3daea06a879cbb1434b0f2351c9e4c9c9cabbdbf91b64c76ff0ce24b9155b0eccb27d |
C:\Program Files\EZ CD Audio Converter\Language\polish.uni
| MD5 | 1eb1138cb6f62fcd8d6bf4fdda99ea29 |
| SHA1 | 19578f77a946a70fa59344cadb7e41e95e9c683a |
| SHA256 | fb440e0cce8b2c6b711202b73ca5145bf51d6b2e0e34c7ee9cbf3a2b2bc0c547 |
| SHA512 | 46626773849e543e336c9a72285cdfc5becf2e2c0ed902d1fabd8942668e320945ad1169bbd992f7296b1abaa7390d008e9bdcc49a0790c4e83b283ee0a7120a |
C:\Program Files\EZ CD Audio Converter\Language\norwegian.uni
| MD5 | e4ff4dde31c1139623f04c2654d67992 |
| SHA1 | afe4226b938e0d023146997ae070ebd2ea30177d |
| SHA256 | ac4b23ea7ec0ea5c47df9eb3bcde31d7877213dbc2b3fc6b519fc9628ef2432a |
| SHA512 | 07e36e979599efd766c37c8f619aa5b99671def047c44bc4a2bc92c3a4b5ba9a94df32a76700fd50585aaf71b15f66872040e30fe25390220e896994a723e38b |
C:\Program Files\EZ CD Audio Converter\Language\macedonian.uni
| MD5 | 182ded886ff1728f8a373e20b62908d7 |
| SHA1 | 289ae7c0cb9f8ae719cd7eae2432b11d4a6a4445 |
| SHA256 | 0234876add47d6c6f08f26008c9b2715aa287f1653ba361e8e690469064251c8 |
| SHA512 | 2e33e04660e1670cb8e06eb1f1a3cf427640070c4a37e3c1d2794114c81cdbcabe46fa1df2096ea114b6e23d28652c9c0ecbd398e7300daa1c3f59a415a8c2a1 |
C:\Program Files\EZ CD Audio Converter\Language\korean.uni
| MD5 | 3c73d8cd6b6ae690b60d3923d6c630b1 |
| SHA1 | aa5cafaf1a4fdb87087b719fb8bdc640f7dff4f0 |
| SHA256 | cbe42126f0295b61f0314370cfd244a05cde77763890c219f54e52e30d8446fa |
| SHA512 | 1a16cc3262b54875047da4a94a3469028ecaf2c52dbcf2c3b0095649a0772153db681f3ebd9d1024647d6988deda460c8e1a2c11b83b5cbd7fd27f130aa08e07 |
C:\Program Files\EZ CD Audio Converter\Language\japanese.uni
| MD5 | db7f63c236638379d4863e84d86b23fd |
| SHA1 | 8f33a6aff4178352e489af9ade390adaabeca01a |
| SHA256 | 76c3a1af9b81f72d53f83ac6ce9c74770d063609b09557f9b8d7023aeeee4a20 |
| SHA512 | 15a5c7c40e22260a1112556ce4962fdb2dddfb3eb7edd2cb5b47dde12e018c47ac1e559b427f00d59533d265facc7759af2e760e5a8521162f7b20467282e443 |
C:\Program Files\EZ CD Audio Converter\Language\italiano.uni
| MD5 | f6ff0c148cff8f09b4c8242d001493d1 |
| SHA1 | 841ff07368a734c89a5fda1e3f170cc1616fb7f0 |
| SHA256 | 98a7afb435b194b15aa65683f28ac108619b06a634e978e76eb10cfa80fd390d |
| SHA512 | 859cd149c8b93d4587a5c8866b8aaf57644f256d5e049bd458aa4b4aae1b1fe4715238103b61d23343f1261c41c73290a98f32e791d35fa02b2f8a22dc918217 |
C:\Program Files\EZ CD Audio Converter\Language\indonesian.uni
| MD5 | a46be4f1df1a691f94bab2adbb738b3c |
| SHA1 | bc1bd472f48776f13edf791da8cffd5cadc7d441 |
| SHA256 | 1a28cb0f4fdfd3a09228ca9c1da9661158d7003fa7dd6288e7d82e3d31513544 |
| SHA512 | 522138ce3b3df1c089192e20828a8431f22fe2309e0c12112241df83a2e319db1221119ea24b821007ec6b94ccc5170e0262b6de661384b7fc884c632fca5776 |
C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni
| MD5 | 52f7b58dbfa62a43e6ab86d993ee8595 |
| SHA1 | 812ba8071c02b10c19a1fd0d41f5876b50783e5b |
| SHA256 | 436171f9af16e276683cd34eb67d29ce40db6bd43d216e3ab86370a327e52871 |
| SHA512 | ba27a3947b6f39bdd0e2e126ac26b5b0d89dd401fd386aa92270b6008bba58661ffa4e12c46c8850c6030c31b13a2b63d961fffeee6a94c9e3147b3ad6f872da |
C:\Program Files\EZ CD Audio Converter\Language\greek.uni
| MD5 | 14274c057d174ed397f0096ec3a7f4cb |
| SHA1 | 2d8f38d637c959450c97a7bf852a51e83e209ca4 |
| SHA256 | 41cd23a2821d278ccd8b72ab1d2fef34410cc4b2d8d95695e5b3815f5f5e539a |
| SHA512 | 53e41f6e62e8e7ea53e39b1993923909c12b4b68cb837ec62b4bad7bd9ae3c86479ee534ba68ed97bd20cdcc58fe65025d380218ea3c379d732a4a8f7baf49c7 |
C:\Program Files\EZ CD Audio Converter\Language\german.uni
| MD5 | f49b8ffbd1c938d10e0e362a4f20872d |
| SHA1 | b68f7977a3713dce897acd0dfe394958f0e3a08d |
| SHA256 | 32a8dca0e6acef0ea0c9d11991b16ac5abb2481f383a8cb6d7851f3c45ce171a |
| SHA512 | 02f90ed5330a31d6444027c8ee8bdfcb04090efe3e6a2c46d40385b2290057b0044626eacf3db8c8bfd1b83cedd66772ee8940a848500cc411d12d4978e051b2 |
C:\Program Files\EZ CD Audio Converter\Language\francais.uni
| MD5 | 01674fa4659f401cc290942911686af6 |
| SHA1 | b7aaae4e3587c4df47f38586301a1d12053bbe2f |
| SHA256 | 22ec546cee32f9b025b2ae10ec04e2c8a0c19902dd1c175bef4877e5a0c60277 |
| SHA512 | 49fc6a46b147322dd9038648ed9553042fc91f65f60442d3bedd836c89d8f0b6f5d0bda155656bd986d77d2060efd0795cbfd3ed0a5c29e510660ecc5ad57a3d |
C:\Program Files\EZ CD Audio Converter\Language\finnish.uni
| MD5 | 30c946ac93066e442bcc31ac6398ac96 |
| SHA1 | 9513a51990068dca9e03e11a3aa54b7e1e0260d5 |
| SHA256 | 905735eb4eeacb207d34bc9b86926b0be77a9cad0e25541b16879bb6060e8f0b |
| SHA512 | 26c6b49ad32b9f52a803729bcd9b3ecef954f5c7b7890c34db089b80280ff1e4d5543ca0e24e3d1627a334d48672982d07813da31402326c6f4136f21d74a872 |
C:\Program Files\EZ CD Audio Converter\Language\estonian.uni
| MD5 | 9738157a0f5f66693fb2b82f413c0bdb |
| SHA1 | e59bedb8c9bddd4ea879d3c863c9ceb24b608dda |
| SHA256 | 23b61b7be86c306558189288bd02dc3bfc4cca26f5c7704816e3054be941bbb1 |
| SHA512 | fa5811bdecc5713140acd0153fc60f7ae52af62f483ffcba08db36f052d91e2b6a1303531c2b0a328ba56b1b511bc023e64d7b1e389136f8fa0c5b775500c25d |
C:\Program Files\EZ CD Audio Converter\Language\english.uni
| MD5 | 69afd56fea5d69ad2db8f62bc638494b |
| SHA1 | 5859ce23b4fd654c20d36cffa2528dfaacfe07f0 |
| SHA256 | e3126d90bff119edc9b80cb7088864a33f8f8cb786ca0934848e708a49678956 |
| SHA512 | 5efec71843bbe63905d897130f36757b9cfbdc4d3e4b74b3abf4ddc18b29e290185b9a651503da1fd277a04f8680713d20e5785e4b4a6d22c75cd61b438f6378 |
C:\Program Files\EZ CD Audio Converter\Language\dutch.uni
| MD5 | 243a28854df48ad66f9107e457df1745 |
| SHA1 | b353b9a7d54f65a1d37c0a78fd9f3bbad1345b8c |
| SHA256 | 8a826087cb692bf33fe8a964a11b37dda5f575f9b3937ba6fb2f36661d7c9ba6 |
| SHA512 | d55be5fec229a91142b44bfa854f9c78fc0360f94cd0cbf76f44a073faa2118d22347efa655ebcaebcc6d1e788b8b474e4a861ec068bc8c2038a5fa3921a1413 |
C:\Program Files\EZ CD Audio Converter\Language\danish.uni
| MD5 | ef3d6b4d02dc2aefe4eeb11f9dc37b22 |
| SHA1 | 1c7744a1289050b200f9eb2692ba2238dfab5356 |
| SHA256 | d2d03f7ba9138ffc9cad98ac14d65f0f787d82a2f41ba0fc362c02611afc440b |
| SHA512 | 8b65a831b3059cf85e85067d9c7a2530dc9c1aa2e2245c047921d9d4aac8bc06092f4462e27ef5c4b4db488400831263be5b020c16a95cf144c48bd9a83c62fb |
C:\Program Files\EZ CD Audio Converter\Language\czech.uni
| MD5 | 57c251ec455363e3e329e6184e63edbc |
| SHA1 | 3d8eb9f5b020963306f3440ca36c61a99635beb3 |
| SHA256 | 6ec94a136e0f07ad1be36b4f17387472487575ca6c81c0e08a1aba18a9d2bd2f |
| SHA512 | 6bee4b08b1530461e1ea9b0c19a1ca5c18fbac333f4faa5cdf1601b4e1cfd706d88abe92b0c11f04875bc9c0644116accb6da142c57e2dfcc29d418e9d211942 |
C:\Program Files\EZ CD Audio Converter\Language\croatian.uni
| MD5 | a6e3967e43f2d6b2fc915a6d5a43419a |
| SHA1 | 4b67bc5c402bbbeef4a6e5ba9f5384ef17562444 |
| SHA256 | 4f843a505dff7a247fdc39f7b71a4e4891ac1d4f9ddf8f14cbfcf2313139ca9b |
| SHA512 | 32ca334015b9e0657fdb1f99cae4459f3fc7166445b0035cf28800baa71ca3c5242a08ccdd60930e931f69a5d9a4eba6dc09a77bbe5e788559d557ccec724733 |
C:\Program Files\EZ CD Audio Converter\Language\chinese traditional.uni
| MD5 | 6346bc9d97093e742dda80040ee4f622 |
| SHA1 | c62471af4d933bf99259cf454ac34a45bc07a11c |
| SHA256 | 41e8a38eea1d9709db2f3c97f6e82d04013f695815ccbe4f036d78279d7386e7 |
| SHA512 | 5172e8eee2f924afefbb760ad4727f0c97c8a3c702946fe1894af078ec353d1c93d992f200d2a180d95308c0bfdc9d74dd285c7a4d1bf32bee8e3d0a43c3088c |
C:\Program Files\EZ CD Audio Converter\Language\chinese simplified.uni
| MD5 | 783d1f05b80b184ee9fabaa7d1f77d73 |
| SHA1 | 4ca03e156fe900ea1072f949513996f3f0a0ca96 |
| SHA256 | 81a0b1956e2887797bf08fe7711557c2d814c15cd2777d0314fe65cf80464d94 |
| SHA512 | 69f3a5f8fbab494b34297f91dedaaa28272669dc5945545ee2c4dcd0da0c2657abf462a2a6dd744cea0ffb28b9afb0a1a9c318ead8053ea33b061969a94b0835 |
C:\Program Files\EZ CD Audio Converter\Language\catala.uni
| MD5 | e7ff135471134df105ec767441b81d98 |
| SHA1 | 3b31729f341a098c4f818d11edb6df84049eac8c |
| SHA256 | 1ffb53cd58b317d98572f6e74e612d73fdf52416c72f0eaaf4670bb62297b09d |
| SHA512 | 0332e8633c162311a61214e48c099eebb906b6f82787e5225ad1baea438eabd69099b4218d1212b82ae656ad3649b77873e7be0204c92312822214f3da7aae2e |
C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni
| MD5 | bf674d7f8180a6b389d0ef8ba295a313 |
| SHA1 | eeb6ac6206475be881cfd1ef865e31b72f8e892f |
| SHA256 | 973e04c3c5f270ef5726482f18e89918e09c11a061747ef60d708529feec1e62 |
| SHA512 | af8542decb1486774a467f414c4e6b54a532b26510b632c7b0594d3639ced13a0c73fbdce3ba54e3f3f850386fa7fab927b1278c861ea159b4dcec9f7cb49557 |
C:\Program Files\EZ CD Audio Converter\Language\arabic.uni
| MD5 | 09b253aeef15d8d21d8e9a1a9a360b8c |
| SHA1 | 305f148c0f37e99a6444cd9cfbce64eadda3475d |
| SHA256 | 715d37dffff24b4a377633cc63c3cd961124536a51af852201f20775f83c3ccb |
| SHA512 | 3f9eacad2fbcb2995646c475d7fc31a3fe6e5a3ac92074e0619597663b54a815d8f212d4db1f380e92b743169782d12ab1e1b0697a211dc2cf6d5af1512d8eb7 |
memory/1052-381-0x0000000000400000-0x0000000001D86000-memory.dmp
C:\Program Files\EZ CD Audio Converter\libmmd.dll
| MD5 | 14d1c437d435367d79d9242ab63e4612 |
| SHA1 | 203b36a74933fcc82bdadae426348c1f6c43f7aa |
| SHA256 | e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa |
| SHA512 | fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63 |
memory/1052-379-0x0000000000400000-0x0000000001D86000-memory.dmp
C:\Users\Admin\AppData\Local\EZ CD Audio Converter\converter_normal.txt
| MD5 | 5fe1e6f8fb8ac21f63049cf39089f53a |
| SHA1 | 3176505294c2b2022fbcd227a2493b2a20fb2533 |
| SHA256 | b4e717f9ef7af9ba991f9c36b56cb9b4f51fe3b8f29b738496f3af4dcb48d47e |
| SHA512 | a9668866637c6f5e22ea0bcaf2fa56d81beb78540b419ef8ce41118d0cf7cbf766f38b8c0d6ab72839f2874075aa1e8526a815d95d9f05e4a2a59d00e9640ce8 |
memory/1052-445-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-447-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-451-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-455-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-461-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-466-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-474-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-477-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-483-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-487-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/1052-492-0x0000000000400000-0x0000000001D86000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-28 22:27
Reported
2025-02-28 22:30
Platform
win7-20241023-en
Max time kernel
148s
Max time network
121s
Command Line
Signatures
Banload
Banload family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\EZ CD Audio Converter\dec_opus.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_aaac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_aiff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_raw.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_aac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\deviceio.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\mp4v2.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-environment-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\debug.log | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_dsf.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_dtsmka.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_xheaacf.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-150.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_dff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_ac3.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_wavacm.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-40.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-64_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\croatian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_opus.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_flac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\met_ffmpeg.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_au.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_aacf.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\concrt140.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\russian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-math-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-150.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\avutil-59.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\serbian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_aac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\dec_wav.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\ezcd.exe | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_xheaac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_dts.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\ezcdshell.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\japanese.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_ape.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\decm_wma.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_aiff.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_ac3m4a.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_w64.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_aaac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\czech.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\encm_ape.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_ffmpeg.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\msvcp140_1.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\vccorlib140.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\swresample-5.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_wma.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\Language\greek.uni | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\enc_alac.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| File created | C:\Program Files\EZ CD Audio Converter\metm_wav.dll | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR\ = "C:\\Program Files\\EZ CD Audio Converter" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ = "Device Center Print Status Extension" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\Programmable | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32 | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID\ = "EzCd.EzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B} | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0 | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\",0" | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD | C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32\ = "%SystemRoot%\\system32\\fdprint.dll" | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92} | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd" | C:\Program Files\EZ CD Audio Converter\register64.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EZ CD Audio Converter\ezcd.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"
C:\Program Files\EZ CD Audio Converter\register64.exe
"C:\Program Files\EZ CD Audio Converter\register64.exe" register
C:\Program Files\EZ CD Audio Converter\ezcd.exe
"C:\Program Files\EZ CD Audio Converter\ezcd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.poikosoft.com | udp |
| US | 35.227.194.51:443 | www.poikosoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\System.dll
| MD5 | 6e55a6e7c3fdbd244042eb15cb1ec739 |
| SHA1 | 070ea80e2192abc42f358d47b276990b5fa285a9 |
| SHA256 | acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506 |
| SHA512 | 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35 |
\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\LangDLL.dll
| MD5 | 08de81a4584f5201086f57a7a93ed83b |
| SHA1 | 266a6ecc8fb7dca115e6915cd75e2595816841a8 |
| SHA256 | 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6 |
| SHA512 | b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9 |
\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\nsDialogs.dll
| MD5 | ca5bb0ee2b698869c41c087c9854487c |
| SHA1 | 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4 |
| SHA256 | c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324 |
| SHA512 | 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770 |
C:\Program Files\EZ CD Audio Converter\register64.exe
| MD5 | 5872f17645e7ae8436d7607bbbf16cd2 |
| SHA1 | 767b605431383444afc4d3ca714cc1a9e57f75ff |
| SHA256 | d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d |
| SHA512 | dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326 |
\Program Files\EZ CD Audio Converter\ezcd64.dll
| MD5 | af4b35101d3f77fae67f9a0fdcc62559 |
| SHA1 | 3b94904a6565bf46e47baecb5e1ee5d1701a19a6 |
| SHA256 | cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455 |
| SHA512 | 3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15 |
\Program Files\EZ CD Audio Converter\ezcd.exe
| MD5 | 9d261d76035282c574e39f8cab1dcae1 |
| SHA1 | 9086ade86ad5db6fa13d5717e6457f4eee99bbfb |
| SHA256 | f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa |
| SHA512 | 5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6 |
memory/2740-362-0x0000000003D50000-0x0000000003F38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\modern-wizard.bmp
| MD5 | 5dc251b994c2499628eaca24b0ec587f |
| SHA1 | 6904b12c39e4765414a4502ca59bd6405e39b364 |
| SHA256 | 22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1 |
| SHA512 | ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1 |
memory/2740-373-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-371-0x0000000000400000-0x0000000001D86000-memory.dmp
\Program Files\EZ CD Audio Converter\msvcp140.dll
| MD5 | 7acbc57d268a691247b4a94fecfa42b4 |
| SHA1 | 67bd76111b4ab8f4c0692919153dde2e7c8070f1 |
| SHA256 | b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1 |
| SHA512 | b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88 |
\Program Files\EZ CD Audio Converter\jiso.dll
| MD5 | f5afc2baff5e79bc0ac8cb54773573a5 |
| SHA1 | 3911e55d07b83ce3ee4676fd6e3008705128a079 |
| SHA256 | 47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4 |
| SHA512 | 4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 4b2639aa215141a968dddefb30e5e21d |
| SHA1 | 10680e48e128b348bcf22ec87de68acb36749def |
| SHA256 | 1884872dbbe89023100d7f15e7b3a3eac16c3c8e3c103016c87c223bdc60ba7a |
| SHA512 | 5c66fa31a7959581cb7967a33627de42c88e919ce6ac2ab56b74e8cc81c9e082fd407cdd08fd235f5c29cffd15b4fa07531e0f8456925b8293de39b713a1c3d8 |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | cc741d481aea80559546da3464b01ce0 |
| SHA1 | a8dbc99d525b71ca53860991fba3fe10f67343de |
| SHA256 | 3fc3564e2276e8149856e74f59f594549d017a3a967ea66450e1c04af8768bc8 |
| SHA512 | 600afbc7ff488291ff06c677dfba3db96d65b43d1c3f834e94bf1de225a940f8c8049cedb082d665758f22aacf2808d2915c18793bf11fd0d17cdff8150880e3 |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-time-l1-1-0.dll
| MD5 | d709d32a2744df53af5fb8a50c85a32f |
| SHA1 | a326f3ce8542f65e58b1c154af9bc5ba232a26fb |
| SHA256 | ac90c44b194135bf555ac7df2405d443da87e1374e5b5bb408a2761a9bc63e3d |
| SHA512 | ca973ab3d503bd818448fa874ba9640299e0d0d7b8b2e82a801ab39d961c22f9bff4def1eaff4d7fc5052af27a1fbfa6d52706311e21da37f8a8df3db2838bdd |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 10586394ea9480d896dc90cb41fbb349 |
| SHA1 | b7572485a312ba7a228d0a3c1ad118a6187f88e6 |
| SHA256 | 81f4b3cd11611aeaa94171ebc1079e501ec247e8da6c113e6c81a3877acca15d |
| SHA512 | 45824a49a13bec16961ff56a402b5cbbbfda4639a15fb48061f86d16995fa49ff7901e9e339a873135822756a7a1b7a69b2f0499e4568cb334bcac04a425a3ec |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 38f92437d012a0f6ad6e435dfaed6cea |
| SHA1 | b361369f57086675d5481a93dfde65c971aafa13 |
| SHA256 | 265c87b9a63420de788ba7855e847b4eb794c4256080eeacf64b81e70af889cd |
| SHA512 | 36f71ebcefba9a762c0773c89f2dc674cc7d5ecfd6156f882e646554a68cc6a6ebf8d28554b66fa8f7b57ab6be29b06a42cfddbb7847bbc42bb7de09851a79a3 |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 011cf908bfb96ebe4f6dae19820b1c9f |
| SHA1 | 266511422f8d52a6fee8d40c7e9436ce2bebbde8 |
| SHA256 | 0d69f5d5720655dd15172949e379dce5dc364e1920f6fcab8f809aed7ed2ce9c |
| SHA512 | c299cdd3bfc892f8348b811d2c25a6d9d74b42b4d3f5eace7c947ea3c5a34f1aab786d9b7a041aa97a6c0e03117540378c9ada51118912194ef17ac52274c0f9 |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 7307d9479d874ec7df299f497c0b03f3 |
| SHA1 | ade7ffa3482e68127d1d8494e11337088a0616e4 |
| SHA256 | 09b320d575b456b1199e4e2b09d34d4200fb8146b297ca78d06d80e9158a45e0 |
| SHA512 | f945ac79a99c72e4a26461e19aba66adbfc31b60a26b6d9338f6667a3795bafb4941a7b446a67a433308254fb112242886be34dea466c639bf5dcbc075a88d4f |
\Program Files\EZ CD Audio Converter\vcruntime140.dll
| MD5 | 32da96115c9d783a0769312c0482a62d |
| SHA1 | 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b |
| SHA256 | 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4 |
| SHA512 | 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087 |
\Program Files\EZ CD Audio Converter\libmmd.dll
| MD5 | 14d1c437d435367d79d9242ab63e4612 |
| SHA1 | 203b36a74933fcc82bdadae426348c1f6c43f7aa |
| SHA256 | e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa |
| SHA512 | fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63 |
\Program Files\EZ CD Audio Converter\svml_dispmd.dll
| MD5 | ffe3e9d3164c6bf14d9eacb31f13fe9b |
| SHA1 | 8fb1513242d736160ce3e1749833544fc2c61e4a |
| SHA256 | 415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90 |
| SHA512 | 78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b |
\Program Files\EZ CD Audio Converter\acdbase.dll
| MD5 | 518475fd02ba061f30ac7419c63ec0ec |
| SHA1 | 5826f8e6c7486c4893ab3dc8294236f358d49ab0 |
| SHA256 | f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1 |
| SHA512 | 08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-synch-l1-2-0.dll
| MD5 | d9a8a89d917760865d76766eb737c4a7 |
| SHA1 | 6fe438d4718762b039042d6d061a88b09ba8d265 |
| SHA256 | 7bd60aee2db91901c5804c6c69f9d877727bd8cddec30bcd047bc3afec5d8852 |
| SHA512 | 514e6450eaebf38879da0f83632700473f6a34ffe8e872e2549105d2c989764f57a9208aee77b1701206891c3e397d91fefbe7836e6240af5781c5f7c4e70218 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l2-1-0.dll
| MD5 | 9ae6d3043815d2cad7f1aeb38c6d82ef |
| SHA1 | d57d80b9377fc522e326b4c8a3b819fba3d6396d |
| SHA256 | cf9bbd97661a1bafe171e5f9fc1edf7f172da0bc6424e1b68550455196a0a049 |
| SHA512 | a2229f677b9db677a5f336d500022a083d319add8d3016ed0e0ba3c9dc026b25069b0b1ca01d101ff4a5410101bb1fc167f289000200f5970b747fa4d01ee515 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | c0246065b2a0ae2d49b2907aef284db8 |
| SHA1 | 5dfdce8c77dee9755a67d25c1b58583333a93475 |
| SHA256 | ef80d454da25256a4c5af5322ced313867576978e8201ec0946eac21d44fe637 |
| SHA512 | 299e54b4c6a9ab8d29de7310e9023f74e6fde748b30cd7476f8d8ed77a2d8867c46fc3252665f02807df92f774c67fbfdbd56e7969a780ff25d57bbf8566ef78 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | b7a16442965c65d7d75ff8e2b61c2f79 |
| SHA1 | e03e80eac8c6c1dfe47a909d3568768b4e71c4e9 |
| SHA256 | 0203d7ebe58d19216f53812a8944044c663df83ad118fc3e308dfe8a694774fe |
| SHA512 | 9e88bd48a54d461593b3d925c954bc93d49f960f21cd251906140deae72d8642e2ca0dc461b880f24cce96eb897e9e7d22ef02ef017f12044316a650964c9b11 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-fibers-l1-1-1.dll
| MD5 | ad951158527940bac000e0baf0c73d63 |
| SHA1 | 6b6ee384a4d7df4eb8e9ab60dfea1d4b62bea922 |
| SHA256 | 0456c30ee2124ebe7788cd7c41a96a8ce8f5c18e4f28c782e1be4b9852c5b0b0 |
| SHA512 | 56104592b857df6c07e673136f762a56faa4f9e93702411a8ab2109f739a0605c36f1d298c6047a8860ab130a6ec2231c52cb8a9ea8ce5462c98991029a7699f |
\Program Files\EZ CD Audio Converter\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 776fb42f857d54989b2697b34ccc6e03 |
| SHA1 | abdb792e85a0f29b9a2dec0b56e32aa023c363ad |
| SHA256 | 058a3bcb3c1e463bce5c1990c369600dcca924f1b0aac87dde15f10c00fb4aaf |
| SHA512 | 1ed6bc1a9bb046339f5c04a46a7f0778a27bddfe0aea924c80b298cfb10f8bcd9e1fba82a4535b9f90acb516bc92a1475047f858f3bf474b5225ea257bb44918 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-2-0.dll
| MD5 | b0a23a59470d0d05f65e68b34cc3151d |
| SHA1 | fb847743919b14904144b463cba1700d14d60b8c |
| SHA256 | b2c7cb7d8cc4d78d3aeaa33be5f37fa72c8dacdafb9259e2ab9c633eb4523221 |
| SHA512 | 91a4743187b8fe97d3a72ab132b0f995529ff490919ddb779df2e5f700e72c32d6de3ec574d6a4f02531252731790b720af3c27eee6889c397933c9b3de8f164 |
\Program Files\EZ CD Audio Converter\api-ms-win-core-kernel32-legacy-l1-1-1.dll
| MD5 | ec9ea954d82514e4a1df8a2825d7ae94 |
| SHA1 | 0f43a140ac8b95a061c30c0698328f8888e5447c |
| SHA256 | d3667ed353e1548c8833280e50834b634b9775d15d25ce0511d2b385d7a607a8 |
| SHA512 | 47d7fd7207822324bbf4f2ca6e321451137a584e735c02640ec63ed32275a26ee0312409c77433491c0f900667d36bea4d987f8509301987129cb6ccaa132b4e |
\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll
| MD5 | c04a8cd941b3d85c19ed30d3f99b6c83 |
| SHA1 | d07029d9b05eb89c9e3b12215f64d5d7e811eb0d |
| SHA256 | f03792b75b79cd3ed91953c2960019e5b5d331dd5bad713b617cd3ec8d3150fb |
| SHA512 | a88674e11fe827f2da8845b6f1255703cf8de80e6103cca70365efbc8c9e5298cc59e1ee534e0335693feac2127c1137531a7c6656ebef577f695f2f7b3d9418 |
\Program Files\EZ CD Audio Converter\ucrtbase.dll
| MD5 | 04e1eb90abb78c5fa6b440a6f17ddddb |
| SHA1 | aef1c0b9fdf7aaa115e3c0a285c8ca8603f3852d |
| SHA256 | 3088326cb0fe5b5646e02c7b2de71ae363fcd26a0000cf32209c8bed05a7a866 |
| SHA512 | d9ba76a2bec20eba80481ecdb5616061a45f689d41cfdd8957287675a30a60ca3e997589d4312aba7c148735477a0b432f42fe7f7b8d2f7c2cb1d3aea8f56d86 |
\Program Files\EZ CD Audio Converter\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | a3ac58404a0ceed624f9a18d0a65852b |
| SHA1 | c77396fc5c699c2fd22e586e28a99e2cacbf0bed |
| SHA256 | 4e72f645f47abae98427b4ce8c510f96112c16e640721ce3f82d3619eb3961a8 |
| SHA512 | 73663e1f7af32b806189a8b3feac672344cbc2cd383f26eb59d911f03491a8e3aa3c2c14801e6bc99888d1b45fa171e2dac574c6c901ff37d16cfd674db4d7a9 |
memory/2740-380-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-378-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-377-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-376-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-375-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-431-0x0000000003D50000-0x0000000003F38000-memory.dmp
memory/2740-430-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-429-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-435-0x0000000003D50000-0x0000000003F38000-memory.dmp
memory/2740-436-0x0000000003D50000-0x0000000003F38000-memory.dmp
C:\Users\Admin\AppData\Local\EZ CD Audio Converter\converter_normal.txt
| MD5 | 5fe1e6f8fb8ac21f63049cf39089f53a |
| SHA1 | 3176505294c2b2022fbcd227a2493b2a20fb2533 |
| SHA256 | b4e717f9ef7af9ba991f9c36b56cb9b4f51fe3b8f29b738496f3af4dcb48d47e |
| SHA512 | a9668866637c6f5e22ea0bcaf2fa56d81beb78540b419ef8ce41118d0cf7cbf766f38b8c0d6ab72839f2874075aa1e8526a815d95d9f05e4a2a59d00e9640ce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 83142242e97b8953c386f988aa694e4a |
| SHA1 | 833ed12fc15b356136dcdd27c61a50f59c5c7d50 |
| SHA256 | d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755 |
| SHA512 | bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10 |
C:\Users\Admin\AppData\Local\Temp\Tar177E.tmp
| MD5 | 109cab5505f5e065b63d01361467a83b |
| SHA1 | 4ed78955b9272a9ed689b51bf2bf4a86a25e53fc |
| SHA256 | ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673 |
| SHA512 | 753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc |
memory/2740-501-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-505-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-510-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-514-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-520-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-523-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-531-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-537-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-540-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-546-0x0000000000400000-0x0000000001D86000-memory.dmp
memory/2740-550-0x0000000000400000-0x0000000001D86000-memory.dmp