eeb186dec0228846271ca3fc21633cf84e0786310a694d31229223399f89bb05

Analysis

max time kernel
152s
max time network
162s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06/03/2023, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jalinga_studio.4.0.2040.0.exe
Size

170.1MB
MD5

948d7987d54a4726f3478445f6f90b35
SHA1

063678240fd304421339faa6198f2b9c9b29694a
SHA256

eeb186dec0228846271ca3fc21633cf84e0786310a694d31229223399f89bb05
SHA512

5e30ee2e321d66354e745456a070e3a981d2932c10d6eb7c4c0865600a4b8a33e5eb30570793069231a46012221069af79058c9cdc29aa61c8182ad9764a69ed
SSDEEP

3145728:lKINS65gwGtO22RM7Yz+invDgfZsY+RdjKJSPCQuKErDOZX9R9lw/vDLgqLFK82/:o/65gwGf26Yz+irgf6TjKJSPCQxkyZ9r

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	1632	msiexec.exe

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Modify Existing Service

T1031

pid	Process
1636	netsh.exe

Executes dropped EXE 14 IoCs

pid	Process
1056	LAVFilters-0.73-Installer.exe
1628	LAVFilters-0.73-Installer.tmp
1656	vc_redist.x86.2010.exe
1952	Setup.exe
1440	vc_redist.x86.2019.exe
1856	vc_redist.x86.2019.exe
1384	vc_redist.x64.2010.exe
1436	Setup.exe
1644	vc_redist.x64.2019.exe
2028	vc_redist.x64.2019.exe
760	MWCaptureRT.exe
2028	MWCaptureRT.tmp
1588	JalingaStudio.exe
392	JalingaStudio.exe

Loads dropped DLL 64 IoCs

pid	Process
1696	jalinga_studio.4.0.2040.0.exe
1696	jalinga_studio.4.0.2040.0.exe
1696	jalinga_studio.4.0.2040.0.exe
1056	LAVFilters-0.73-Installer.exe
1628	LAVFilters-0.73-Installer.tmp
1628	LAVFilters-0.73-Installer.tmp
844	regsvr32.exe
844	regsvr32.exe
844	regsvr32.exe
844	regsvr32.exe
844	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1704	regsvr32.exe
1704	regsvr32.exe
1704	regsvr32.exe
1704	regsvr32.exe
1704	regsvr32.exe
1704	regsvr32.exe
1972	regsvr32.exe
1392	regsvr32.exe
1392	regsvr32.exe
1392	regsvr32.exe
1392	regsvr32.exe
1392	regsvr32.exe
1668	regsvr32.exe
2004	regsvr32.exe
2004	regsvr32.exe
2004	regsvr32.exe
2004	regsvr32.exe
2004	regsvr32.exe
2004	regsvr32.exe
2016	regsvr32.exe
1288	regsvr32.exe
1288	regsvr32.exe
1288	regsvr32.exe
1288	regsvr32.exe
1288	regsvr32.exe
1288	regsvr32.exe
1696	jalinga_studio.4.0.2040.0.exe
1656	vc_redist.x86.2010.exe
1952	Setup.exe
1952	Setup.exe
1696	jalinga_studio.4.0.2040.0.exe
1440	vc_redist.x86.2019.exe
1856	vc_redist.x86.2019.exe
1696	jalinga_studio.4.0.2040.0.exe
1384	vc_redist.x64.2010.exe
1436	Setup.exe
1436	Setup.exe
1696	jalinga_studio.4.0.2040.0.exe
1644	vc_redist.x64.2019.exe
2028	vc_redist.x64.2019.exe
860	MsiExec.exe
860	MsiExec.exe
860	MsiExec.exe
860	MsiExec.exe
860	MsiExec.exe
860	MsiExec.exe
1692	MsiExec.exe

Registers COM server for autorun 1 TTPs 51 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7690CA55-2542-4BB5-A133-5A2FABBEA36A}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E146464-DB61-4309-AFA1-3578E927E935}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E146464-DB61-4309-AFA1-3578E927E935}\InprocServer32\ = "C:\\Program Files\\Jalinga Studio\\x64\\audio_sniffer-x64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B61E6F-BCED-4A97-8A86-49AE91025B65}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B61E6F-BCED-4A97-8A86-49AE91025B65}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E146464-DB61-4309-AFA1-3578E927E935}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B61E6F-BCED-4A97-8A86-49AE91025B65}\InprocServer32\ = "C:\\Program Files\\Jalinga Studio\\x64\\JalingaVC2.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7690CA55-2542-4BB5-A133-5A2FABBEA36A}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF837162-B42B-4C4D-818E-2DE668276845}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33D77054-603D-4E87-ACB3-6438863818C1}\InprocServer32\ = "C:\\Program Files\\Jalinga Studio\\x64\\JalingaVC2.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33D77054-603D-4E87-ACB3-6438863818C1}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF837162-B42B-4C4D-818E-2DE668276845}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7690CA55-2542-4BB5-A133-5A2FABBEA36A}\InprocServer32\ = "C:\\Windows\\system32\\mw_cc708_dshow_decoder.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF837162-B42B-4C4D-818E-2DE668276845}\InprocServer32\ = "C:\\Windows\\system32\\mw_cc708_dshow_decoder.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33D77054-603D-4E87-ACB3-6438863818C1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in System32 directory 62 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\is-C8Q14.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\is-SSKO2.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\perfc00A.dat	MsiExec.exe
File created	C:\Windows\system32\perfc010.dat	MsiExec.exe
File opened for modification	C:\Windows\system32\LibXIPropertyA.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\perfh007.dat	MsiExec.exe
File created	C:\Windows\SysWOW64\is-16C3E.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-FFPE5.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-RAUO2.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\mw_cc708_decoder.dll	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-4306L.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\LibXIStream2.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\LibXIProperty.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\LibXIStreamA2.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\perfc009.dat	MsiExec.exe
File created	C:\Windows\system32\perfh009.dat	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\LibMWMedia.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\is-AOJ8J.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\is-1V0KL.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\is-IS4MG.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\perfh011.dat	MsiExec.exe
File opened for modification	C:\Windows\system32\mw_cc708_decoder.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\is-V65TR.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-TRU6G.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\LibMWCapture.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\mw_cc708_render.dll	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-3FF1P.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\LibXIStreamA2.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	MsiExec.exe
File created	C:\Windows\system32\perfh00C.dat	MsiExec.exe
File created	C:\Windows\system32\perfh010.dat	MsiExec.exe
File created	C:\Windows\system32\perfc00C.dat	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\LibXIProtocol.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\LibMWMedia.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\is-K8TE5.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\LibXIPropertyA.dll	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-MBTDD.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\mw_cc708_dshow_decoder.dll	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-PAFMU.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-70D8G.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-BR12U.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\LibXIStream2.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\mw_venc.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\mw_cc708_dshow_decoder.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\is-R89ON.tmp	MWCaptureRT.tmp
File created	C:\Windows\SysWOW64\is-B8PTQ.tmp	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\LibXIProtocol.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\LibMWCapture.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\system32\freetype271MT.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\is-0ER07.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\is-B2GJH.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\is-LGBI1.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\perfh00A.dat	MsiExec.exe
File opened for modification	C:\Windows\system32\mw_cc708_render.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\is-DH108.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\is-I27CM.tmp	MWCaptureRT.tmp
File created	C:\Windows\system32\perfc011.dat	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\LibXIProperty.dll	MWCaptureRT.tmp
File opened for modification	C:\Windows\SysWOW64\freetype271MT.dll	MWCaptureRT.tmp
File created	C:\Windows\system32\perfc007.dat	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\mw_venc.dll	MWCaptureRT.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files\MWCaptureRT 3.3.1.1303\Uninstall\is-HD298.tmp	MWCaptureRT.tmp
File created	C:\Program Files\Jalinga Studio\JalingaStudio.exe	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\mr.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Obfuscator_Output\JalingaStudio.pdb	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\el.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\sw.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\ru-RU\Jalinga.Educulus.Core.resources.dll	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\unins000.dat	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\GalaSoft.MvvmLight.Platform.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\SharpVectors.Dom.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\he.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\LAV Filters\x64\is-R0KU0.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\CefSharp.Core.xml	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Licenses\Apache2.txt	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Licenses\pdfium.txt	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\de.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\fa.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\fi.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\pl-PL\Jalinga.Educulus.MightyComma.resources.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\web-viewer\viewer.bundle.js	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\Jalinga.Educulus.DesktopCapture.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\JalingaVCReg.bat	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\MahApps.Metro.IconPacks.Microns.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\SharpDX.Direct3D11.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\SharpVectors.Runtime.Wpf.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Licenses\WPFMediaKit.txt	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Obfuscator_Output\JalingaStudio.exe	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\da.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\fr.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\pt-BR.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\MWCaptureRT 3.3.1.1303\is-K58KP.tmp	MWCaptureRT.tmp
File created	C:\Program Files\Jalinga Studio\Jalinga.Educulus.DesktopCapture.dll.config	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\System.Threading.Tasks.Extensions.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Titanium.Web.Proxy.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\kn.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\zh-TW.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man.dll	msiexec.exe
File opened for modification	C:\Program Files\Jalinga Studio\x64\audio_sniffer-x64.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\ReactiveUI.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Licenses\SharpVectors.txt	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\ml.pak	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\EVRPresenter64.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Microsoft.Kinect.dll	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\swscale-lav-5.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-PTH09.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man.dll	msiexec.exe
File created	C:\Program Files\Jalinga Studio\System.Runtime.CompilerServices.Unsafe.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Licenses\Gong-WPF-DragDrop.txt	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\bn.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\et.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\LAV Filters\unins000.dat	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man	msiexec.exe
File created	C:\Program Files\Jalinga Studio\SharpDX.Direct3D9.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\x64\D3Dcompiler_47.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\MahApps.Metro.IconPacks.Zondicons.dll	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\Licenses\cefsharp.txt	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files\Jalinga Studio\locales\it.pak	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\LAV Filters\x86\is-1637A.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-1A8NJ.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-J91C4.tmp	LAVFilters-0.73-Installer.tmp

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\Segoe360-Italic.ttf	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Fonts\Segoe360-Regular.ttf	msiexec.exe
File created	C:\Windows\assembly\tmp\FZCJ8R1L\Microsoft.Surface.NativeWrappers.dll	msiexec.exe
File opened for modification	C:\Windows\inf\Microsoft Surface Presentation\wixperf.h	MsiExec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\assembly\tmp\PRPC0Y9B\Microsoft.Surface.Presentation.dll	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	ngen.exe
File opened for modification	C:\Windows\Installer\MSID28A.tmp	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Installer\MSIB39C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB47A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBB7E.tmp	msiexec.exe
File created	C:\Windows\Installer\6ca94b.msi	msiexec.exe
File created	C:\Windows\Fonts\Segoe360-Bold.ttf	msiexec.exe
File created	C:\Windows\inf\Microsoft Surface Presentation\wixperf.h	MsiExec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Installer\MSIB41B.tmp	msiexec.exe
File created	C:\Windows\assembly\tmp\B4PPYOCY\Microsoft.Surface.HidSupport.dll	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Fonts\Segoe-Regular.Otf	msiexec.exe
File created	C:\Windows\assembly\tmp\D0AQTUF2\Microsoft.Surface.Core.dll	msiexec.exe
File created	C:\Windows\inf\Microsoft Surface Presentation\0009\wixperf.ini	MsiExec.exe
File created	C:\Windows\inf\Microsoft Surface Core\0009\wixperf.ini	MsiExec.exe
File created	C:\Windows\Installer\{69C2B39D-F060-49AD-8877-01C4144A8424}\surface.ico	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File opened for modification	C:\Windows\Installer\MSIBFC3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC2D0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{69C2B39D-F060-49AD-8877-01C4144A8424}\surface.ico	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\assembly\GACLock.dat	msiexec.exe
File created	C:\Windows\assembly\tmp\SYHZKH16\Microsoft.Surface.dll	msiexec.exe
File created	C:\Windows\Installer\6ca94f.msi	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Installer\6ca94b.msi	msiexec.exe
File created	C:\Windows\Fonts\Segoe-SemiBold.Otf	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mkv\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mks	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{08E22ADA-B715-45ed-9D20-7B87750301D4}\3 = "4,4,,736b6970"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.rm\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.rmvb	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D93B2C96060FDA948877104C41A44842\RuntimeProductFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jalinga Studio presentation\shell\open	jalinga_studio.4.0.2040.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.avi\SubType = "{e436eb88-524f-11ce-9f53-0020af0ba770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mov\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.evo\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{F2FAC0F1-3852-4670-AAC0-9051D400AC54}	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{D2855FA9-61A7-4db0-B979-71F297C17A04}\Source Filter = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\ = "LAV Video Format Settings"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.webm\SubType = "{1AC0BEBD-4D2B-45ad-BCEB-F2C41C5E3788}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.tp\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.asf	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dvr-ms	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.divx\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.3ga	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.vob\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mks\SubType = "{1AC0BEBD-4D2B-45ad-BCEB-F2C41C5E3788}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.ts\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.mts\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.vp6\SubType = "{e436eb88-524f-11ce-9f53-0020af0ba770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.mov\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m2ts	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.wmv\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10B61E6F-BCED-4A97-8A86-49AE91025B65}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93B2C96060FDA948877104C41A44842\ProductName = "Microsoft Surface 2.0 Runtime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E14549B-DB61-4309-AFA1-3578E927E935}\InprocServer32\ = "C:\\Program Files\\Jalinga Studio\\x86\\audio_sniffer.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.avi\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.qt	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.bdmv\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.rmvb\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mp3	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.mpeg\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{D2855FA9-61A7-4db0-B979-71F297C17A04}\Source Filter = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.ogm\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\ = "LAV Audio Properties"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\ = "LAV Audio Decoder"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.amv	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.rm\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mmst\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.evo\SubType = "{e06d8022-db46-11cf-b4d1-00805f6cbbea}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.bdmv\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.ogv\SubType = "{D2855FA9-61A7-4db0-B979-71F297C17A04}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rtspt	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{33D77054-603D-4E87-ACB3-6438863818C1}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.ogm\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dtshd\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.aac\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mkv\SubType = "{1AC0BEBD-4D2B-45ad-BCEB-F2C41C5E3788}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.webm\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.bdmv	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.flv\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{10B61E6F-BCED-4A97-8A86-49AE91025B65}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	JalingaStudio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	JalingaStudio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	JalingaStudio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	JalingaStudio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	JalingaStudio.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1696	jalinga_studio.4.0.2040.0.exe
1628	LAVFilters-0.73-Installer.tmp
1628	LAVFilters-0.73-Installer.tmp
1952	Setup.exe
1952	Setup.exe
1952	Setup.exe
1952	Setup.exe
1436	Setup.exe
1436	Setup.exe
1436	Setup.exe
1436	Setup.exe
1632	msiexec.exe
1632	msiexec.exe
2028	MWCaptureRT.tmp
2028	MWCaptureRT.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1424	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1424	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeSecurityPrivilege	1632	msiexec.exe
Token: SeCreateTokenPrivilege	1424	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1424	msiexec.exe
Token: SeLockMemoryPrivilege	1424	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1424	msiexec.exe
Token: SeMachineAccountPrivilege	1424	msiexec.exe
Token: SeTcbPrivilege	1424	msiexec.exe
Token: SeSecurityPrivilege	1424	msiexec.exe
Token: SeTakeOwnershipPrivilege	1424	msiexec.exe
Token: SeLoadDriverPrivilege	1424	msiexec.exe
Token: SeSystemProfilePrivilege	1424	msiexec.exe
Token: SeSystemtimePrivilege	1424	msiexec.exe
Token: SeProfSingleProcessPrivilege	1424	msiexec.exe
Token: SeIncBasePriorityPrivilege	1424	msiexec.exe
Token: SeCreatePagefilePrivilege	1424	msiexec.exe
Token: SeCreatePermanentPrivilege	1424	msiexec.exe
Token: SeBackupPrivilege	1424	msiexec.exe
Token: SeRestorePrivilege	1424	msiexec.exe
Token: SeShutdownPrivilege	1424	msiexec.exe
Token: SeDebugPrivilege	1424	msiexec.exe
Token: SeAuditPrivilege	1424	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1424	msiexec.exe
Token: SeChangeNotifyPrivilege	1424	msiexec.exe
Token: SeRemoteShutdownPrivilege	1424	msiexec.exe
Token: SeUndockPrivilege	1424	msiexec.exe
Token: SeSyncAgentPrivilege	1424	msiexec.exe
Token: SeEnableDelegationPrivilege	1424	msiexec.exe
Token: SeManageVolumePrivilege	1424	msiexec.exe
Token: SeImpersonatePrivilege	1424	msiexec.exe
Token: SeCreateGlobalPrivilege	1424	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeSecurityPrivilege	2040	wevtutil.exe
Token: SeBackupPrivilege	2040	wevtutil.exe
Token: SeSecurityPrivilege	1592	wevtutil.exe
Token: SeBackupPrivilege	1592	wevtutil.exe
Token: SeRestorePrivilege	1632	msiexec.exe
Token: SeTakeOwnershipPrivilege	1632	msiexec.exe
Token: SeSecurityPrivilege	1536	wevtutil.exe
Token: SeBackupPrivilege	1536	wevtutil.exe
Token: SeSecurityPrivilege	1952	wevtutil.exe
Token: SeBackupPrivilege	1952	wevtutil.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1628	LAVFilters-0.73-Installer.tmp
2028	MWCaptureRT.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1696 wrote to memory of 1056	1696	jalinga_studio.4.0.2040.0.exe	28
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1056 wrote to memory of 1628	1056	LAVFilters-0.73-Installer.exe	29
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 844	1628	LAVFilters-0.73-Installer.tmp	30
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1772	1628	LAVFilters-0.73-Installer.tmp	31
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1704	1628	LAVFilters-0.73-Installer.tmp	32
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1628 wrote to memory of 1972	1628	LAVFilters-0.73-Installer.tmp	33
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1972 wrote to memory of 1392	1972	regsvr32.exe	34
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1628 wrote to memory of 1668	1628	LAVFilters-0.73-Installer.tmp	35
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1668 wrote to memory of 2004	1668	regsvr32.exe	36
PID 1628 wrote to memory of 2016	1628	LAVFilters-0.73-Installer.tmp	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\jalinga_studio.4.0.2040.0.exe
"C:\Users\Admin\AppData\Local\Temp\jalinga_studio.4.0.2040.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe
  "C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe" /verysilent /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\is-CVH9F.tmp\LAVFilters-0.73-Installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-CVH9F.tmp\LAVFilters-0.73-Installer.tmp" /SL5="$40172,11719530,57856,C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe" /verysilent /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x86\LAVAudio.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:844
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x86\LAVSplitter.ax"
      4⤵
      Loads dropped DLL
      PID:1772
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x86\LAVVideo.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1704
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1392
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1668
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2004
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax"
      4⤵
      Loads dropped DLL
      PID:2016
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1288
- C:\Program Files\Jalinga Studio\vc_redist.x86.2010.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x86.2010.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1656
- - \??\c:\039108be30438214f9c17221\Setup.exe
    c:\039108be30438214f9c17221\Setup.exe /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:1952
- C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1440
- - C:\Windows\Temp\{A9BFC1F9-5BD6-4691-8539-9D7A70A9C165}\.cr\vc_redist.x86.2019.exe
    "C:\Windows\Temp\{A9BFC1F9-5BD6-4691-8539-9D7A70A9C165}\.cr\vc_redist.x86.2019.exe" -burn.clean.room="C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1856
- C:\Program Files\Jalinga Studio\vc_redist.x64.2010.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x64.2010.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1384
- - \??\c:\4031175841a6e42d36\Setup.exe
    c:\4031175841a6e42d36\Setup.exe /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:1436
- C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1644
- - C:\Windows\Temp\{040DE57F-D424-461F-A9AA-E8884D8D44F1}\.cr\vc_redist.x64.2019.exe
    "C:\Windows\Temp\{040DE57F-D424-461F-A9AA-E8884D8D44F1}\.cr\vc_redist.x64.2019.exe" -burn.clean.room="C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2028
- C:\Windows\SysWOW64\msiexec.exe
  msiexec /i "C:\Program Files\Jalinga Studio\SurfaceRuntime.msi" /quiet /qn /norestart
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1424
- C:\Program Files\Jalinga Studio\MWCaptureRT.exe
  "C:\Program Files\Jalinga Studio\MWCaptureRT.exe" /verysilent /norestart
  2⤵
  - Executes dropped EXE
  PID:760
- - C:\Users\Admin\AppData\Local\Temp\is-5KBN0.tmp\MWCaptureRT.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-5KBN0.tmp\MWCaptureRT.tmp" /SL5="$501F6,2593677,58368,C:\Program Files\Jalinga Studio\MWCaptureRT.exe" /verysilent /norestart
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2028
  - - C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\SysWOW64\mw_cc708_dshow_decoder.dll"
      4⤵
      PID:608
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Windows\SysWOW64\mw_cc708_dshow_decoder.dll"
        5⤵
        
        PID:1504
  - - C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\mw_cc708_dshow_decoder.dll"
      4⤵
      Registers COM server for autorun
      PID:568
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Program Files\Jalinga Studio\x86\JalingaVC2.dll"
  2⤵
  - Modifies registry class
  PID:2028
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Program Files\Jalinga Studio\x86\audio_sniffer.dll"
  2⤵
  - Modifies registry class
  PID:1532
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Program Files\Jalinga Studio\x64\JalingaVC2.dll"
  2⤵
  PID:856
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files\Jalinga Studio\x64\JalingaVC2.dll"
    3⤵
    - Registers COM server for autorun
    - Modifies registry class
    PID:1524
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Program Files\Jalinga Studio\x64\audio_sniffer-x64.dll"
  2⤵
  PID:1288
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files\Jalinga Studio\x64\audio_sniffer-x64.dll"
    3⤵
    - Registers COM server for autorun
    PID:268
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="Jalinga Studio" dir=in action=allow program="C:\Program Files\Jalinga Studio\JalingaStudio.exe" enable=yes profile=private,public
  2⤵
  - Modifies Windows Firewall
  PID:1636

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1632
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 53D0AADC571927E9815CFC29A359D0F5
  2⤵
  - Loads dropped DLL
  PID:860
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8CA4E9D97081C438C2765232C120A796 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  PID:1692
- - C:\Windows\syswow64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2040
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1592
- - C:\Windows\syswow64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1536
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1952
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Surface.Core, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:1272
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Surface.Core, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:1544
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Surface, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:684
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Surface, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:1144
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Surface.Presentation, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:564
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Surface.Presentation, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:1440
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Surface.Presentation.Generic, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:1196
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Surface.Presentation.Generic, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3
    3⤵
    - Drops file in Windows directory
    PID:1956
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Surface.HidSupport, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3 /AppBase:"C:\Program Files (x86)\Microsoft Surface\v2.0\\"
    3⤵
    - Drops file in Windows directory
    PID:1392
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Surface.HidSupport, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3 /AppBase:"C:\Program Files (x86)\Microsoft Surface\v2.0\\"
    3⤵
    - Drops file in Windows directory
    PID:1972
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Surface.NativeWrappers, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3 /AppBase:"C:\Program Files (x86)\Microsoft Surface\v2.0\\"
    3⤵
    - Drops file in Windows directory
    PID:1656
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Surface.NativeWrappers, Version=2.0.0.00000, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /queue:3 /AppBase:"C:\Program Files (x86)\Microsoft Surface\v2.0\\"
    3⤵
    - Drops file in Windows directory
    PID:1536
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    3⤵
    - Drops file in Windows directory
    PID:276
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
    3⤵
    - Drops file in Windows directory
    PID:928

C:\Program Files\Jalinga Studio\JalingaStudio.exe
"C:\Program Files\Jalinga Studio\JalingaStudio.exe" 2040.0
1⤵
- Executes dropped EXE
- Modifies system certificate store
PID:1588

C:\Program Files\Jalinga Studio\JalingaStudio.exe
"C:\Program Files\Jalinga Studio\JalingaStudio.exe"
1⤵
- Executes dropped EXE
- Modifies system certificate store
PID:392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x548
1⤵
PID:1332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\4031175841a6e42d36\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
C:\Config.Msi\6ca94e.rbs

Filesize
666KB

MD5
07d53fe0966fda36be457bb7d81ca00c

SHA1
3ec97fe846fef4847bc1a84006783eb4c849d303

SHA256
63e966b5e5c3a64ddf306e47f71e85a02cbce4dee0bcc3af1dbd818913081061

SHA512
2db733b8c861354addd373d7a24a677ead3c2dce42592dd417895a2c4c312ee28beb18a3a7c82e369a7c28f84b84b0df303b39aaddf777a1c5be01b5e50bb458

Download Submit
C:\Program Files (x86)\LAV Filters\unins000.exe

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax

Filesize
301KB

MD5
5fc0485fc0af5e830394925d0dd2e64e

SHA1
15bf82543b318a142f1f2d5956dfc691d38da01d

SHA256
0756a983da10579c2dc08e9be7696c031d9a457ab2c75204cb0b11bff79976fb

SHA512
3d5472b96046262ace855e33d8f84335678ef9b0ffa33731360685ae74030874155e9f873e56b69e248ee9c9fa3286319bf5e5413253718f682e085e0f2d3ef4

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax

Filesize
655KB

MD5
211edfde91c97a547ea0dc2de161476d

SHA1
9ccd350682c9a7f7e0597c0bed7f44f1b5082c44

SHA256
59ffb8f14919fcf9a5881326edab0a83fd8ef612f22f1bb884f52c0ad15d8745

SHA512
3c69af1a56fa638ecd773452e67938940d5b56d13c7903dcfe1beace13bdb396a82cbac7aa2d7cd98a104c94269bf0ba826425af732557aa892c6e9d3e4b30af

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax

Filesize
1.2MB

MD5
9e5c7abf08e968c16d19b3e3c8b5b2d3

SHA1
98d1e61096722284a33cbbf75006c88dd9532c48

SHA256
aed745551ce887199dcedcdd633a08f8a7ae0c96d60e6353d8f42157b5074801

SHA512
4ac7f8fd1df73e1d6afc83c54c6e6f45813f9094a34c322f71a5f324ab5a5a24635104a579b1504b48a7d9a733ce399919fea2ffd42b13e780a34d974f7bb57e

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll

Filesize
1.6MB

MD5
7dba10836cc3290d96e5eaf12bb7756e

SHA1
a428bc404f7534a56837835535fe796282e08fd8

SHA256
b93454722bb4cc56767bc9c636fac60b8594511e28f00a6a47467d069a256072

SHA512
91e45f7cbf736b81324b5833c3210840a0fd065ff6666a4521423094266c351985d008d04dbb41ec495f6620035ff96d0ae08a6b16b4a7a4e76238843803c83c

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
C:\Program Files (x86)\LAV Filters\x64\libbluray.dll

Filesize
334KB

MD5
c00c82ad564d121426b29ca836c0a065

SHA1
fed5cf0fa3e1277c4f73ed2b1da7cfceea350cc8

SHA256
f24ef8dd55955a1c9cfc699cc98b7231161de6a7c84be6a4637f08bed05c9e9c

SHA512
47a43a59cc331ee9f2d339eb5b20005f36c2ccfeff9dc3c813943ee9a01e8f47870564036947b584a788492a0d13f06cd740985b633a9b67e70e10e379f00b67

Download Submit
C:\Program Files (x86)\LAV Filters\x64\swscale-lav-5.dll

Filesize
536KB

MD5
fc988a11bb057b35d694e9ebcdec7110

SHA1
ddd4c5f1ea71626c2cb556b0f02d71f819e5666c

SHA256
3138475cfeba34282b1d3de1b5b324cf2bd61a7212fab19abfa6ba0a09f9a936

SHA512
c781b64458609f0ebda88d5f3445fd0ea50cd4db10afb5b49b7057f31a118d4d94911085ad5be7ff33ed563b607384f5c42b6373d931cfd036ec5b5cde1e0522

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVAudio.ax

Filesize
259KB

MD5
8c7d3a2dd89c717f8a8deda045e9dc50

SHA1
fc96eed22a6e17249f7be1e93015db8ceae5737e

SHA256
002d5bfa19a4fd3e924c4b2907afca1b788d57cae0d839db63693e88ea2130e8

SHA512
55663a60ae57a08d6bd31b705c26af7e99e77bacc3785d827fbcd479700493bcbcb37cf680515fd47fb6906d506d5dca96a4590a57c94c37b08a41a4d4de335e

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVSplitter.ax

Filesize
538KB

MD5
317312557542f2e6c86c753e97739a82

SHA1
ba48bc0f0e961460cfd233f11c59182c6a24e1d0

SHA256
c78ca50629505e365c4214618575401efd302a4c53b0f3f4a64b08b7461fdff3

SHA512
7c0d25e3692297c7176dac52913b0a4f84ba362e88e36eef05c17c16c7721ad99543e08f74be95c47cabb8be3c489061564d8159eb8d27124e614a7eb233afc7

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVVideo.ax

Filesize
1018KB

MD5
4578a1854d3d81273fa864d023608cd1

SHA1
db72f387e095a2baf0cd5767020ab0c0ac51d7b8

SHA256
3cc4b020e39217a1ccf55f9efa14c802082d6b83b5617af179956be71b3978d1

SHA512
cdc8304ba408723f79a5b85090e0859cd918367db877af4152526fa1acb9be7ac41c7b58e9e342c9f019abfea230293da72b37c162362d68d51a55c80874158b

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avfilter-lav-7.dll

Filesize
199KB

MD5
a8f17210ce3efaca99a414fdc7ce4fbb

SHA1
d14c8fbcbd69efe1ed48f30a20e29b5fa09792e8

SHA256
19419924fbc077cea05e6b83c101326d9b0239cce9d01511e3c723aa172395ba

SHA512
4efc7be3c7ad95f25944c03187b158f9086d6c1c9b7c22ddafd2869acfcff4e886138e72253b3a669eeb9b96aed508ec1f3adc3c0a12afc60763f026ead0a437

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll

Filesize
1.8MB

MD5
490bff67b49428b054964e2a03c4fcdf

SHA1
3e25f235b706ab8ff23e72e4b322d78f681839f8

SHA256
4acbb05e602a874db0e13e9d75efb0939aac149aba5aea58b656965a324157a0

SHA512
11d1b54a432390143df7d01a366eefae525605b91c4d3f5f0fcc401c3dd0e7c6960a3a09e38d162027a4802226df7539073c4619f7f57940f05ae70a52d174b4

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\libbluray.dll

Filesize
280KB

MD5
beec0ed19b1336dd0e5fab430ca9e3b9

SHA1
81c2e9877b89a9c0525535854afdd2355d6a2066

SHA256
f9784b4d47d4453e709bff8e656995ead1341aad63201c2fb62ebed51d3d6167

SHA512
1c7ecac550694b0ac6c1b2aaa291bc4dfb2468704a9076e43fba09a47517255866588ed261d23ed54b7b88849bee5d5ca85b80563491a3fd0e591c3a1b3c7dad

Download Submit
C:\Program Files (x86)\LAV Filters\x86\swscale-lav-5.dll

Filesize
534KB

MD5
2041c494ef4b8a1b3744a346a092edb3

SHA1
a84873405c8d195f9a4b9b1ef1128bafb690707c

SHA256
b9614a1d14f53c71af486d170f2dfbf592dbdbcfd48f72932524c771c8bd1d77

SHA512
242ca54bc234092af6ab6a4d05aa138ad301df7f3bfd5565d98a2b8814645ba9496239e4f5d4c7541c7dfedc5a6c89752bac63c030b673018e7276c4a252b29f

Download Submit
C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe

Filesize
11.4MB

MD5
44c38392c32d058beda9f410f0366a9e

SHA1
3c5572035de70810821b1bd3695766c8b4e4ecac

SHA256
9e75f3ed760d54b1e8134072971b724b4707e3eca14a90ed233ac71ab51f94ee

SHA512
69da99543dd7a65d714e5b13cd5d8d7e3d5dbd190516e4abf731b8141c6eda3204401f2c48819f2156ef7a3536cd76c06bffb507816e4870ba8f7244e801bd11

Download Submit
C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe

Filesize
11.4MB

MD5
44c38392c32d058beda9f410f0366a9e

SHA1
3c5572035de70810821b1bd3695766c8b4e4ecac

SHA256
9e75f3ed760d54b1e8134072971b724b4707e3eca14a90ed233ac71ab51f94ee

SHA512
69da99543dd7a65d714e5b13cd5d8d7e3d5dbd190516e4abf731b8141c6eda3204401f2c48819f2156ef7a3536cd76c06bffb507816e4870ba8f7244e801bd11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\Local\OOO_Laboratoriya_Cifra\JalingaStudio.exe_Url_wzypm32bayqtsxsaj5dlzozahzsbenvv\4.0.0.0\fklr3syu.newcfg

Filesize
16KB

MD5
497a87ac47a391bfd639c1be264fd82c

SHA1
8a621ede4ba1bc02e998347be36d4d5e05f5ff48

SHA256
ecfeb924815ea02009681839368b059d2e8f13fa308d5b506393227f95d40a36

SHA512
a2cac3bf858c6b219d4cca34a4fca7571e7ee5037d2fba19d23bfb0446f0fb4e724bae34dadb2022a3ca0d77c17eeb9042fc9b261aac8268df7e681b1c25c420

Download Submit
C:\Users\Admin\AppData\Local\OOO_Laboratoriya_Cifra\JalingaStudio.exe_Url_wzypm32bayqtsxsaj5dlzozahzsbenvv\4.0.0.0\user.config

Filesize
15KB

MD5
40ab9c4acba35d55832551ffa3216196

SHA1
9900ad0e778be5dc0b382b1d9ee7825ee3566315

SHA256
78365f2d7f2929e0a74f16075f51b2f54b412bc346cf47415e68c5cad5f84a75

SHA512
b762b522ad7801b68f85cf317caff5aace4932d79bccab5c8ae9c23a12a835caeffe41bbe94342cb930f13e36ab9096721c1d80143012cd8d854a59c4637a4b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C5F.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI8DC0.tmp.html

Filesize
16KB

MD5
79061b433fde549de8e11741e2c4c525

SHA1
10fb898bd3a2573f0243db69a10ae265875d3d96

SHA256
d689e9e98ba3a4ed599e10f9b295868253bf30408936f6a586a7e44e4fad7c0b

SHA512
89a737a83f87942fcdbdc7b1b802bfc73ac7d9b8003e7a564361fdc77d68046a51febf5737dd1926ea8dd45493b2c5f1a6d13924a26f867827a62c2cac272fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C81.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F85.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp65DD.tmp

Filesize
2KB

MD5
cb90b7f25159e394a5cbc8c8a7fb414f

SHA1
249d36da21283d3241cd330bb45340ceafe3745b

SHA256
367c37095462c02068aafe88fc70961a797cb1f8cc6c412740d4731fa44ced30

SHA512
b37ec17b636d612acccde642b53891a966decb2582b7d16eb5ed7996f774e9291ba972f16c069490a89c0151701e3158c6ae8b066c1afb78a1c4ca9eb0860418

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIXPF001\wixperf.ini

Filesize
1KB

MD5
7ab63ec67d5e9c77b257e510447c5e99

SHA1
7ea462dc1891709c0732f83d6b5775b1876af0a9

SHA256
7be590c1fe806c04ac6bac4a793a6996dba5a966618e445ec0bae1e2b7296886

SHA512
9b08698cd84908a5a3e2f9566039a8d47e37e5016e9681f6bfa4b0eb1837b604ec057c8c0416126cbf1c200f7b1f5e70ab17631a761980e17e4af83987c25ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIXPF002\wixperf.ini

Filesize
959B

MD5
dac80a1d9acefe074c6016a74769dd3e

SHA1
548efeb0aae55bfa557834ce51a6ae283b6bc936

SHA256
48216a25af5b734f47d8c6358ca01d04af78221eec9076502f64729bfada1223

SHA512
7e4931473a0d7a24dd96f8b12d71109d3fc826c5a7a756bbd23e3ccad522b52eceae60d09e3c803c7b9585355cfad953948c3e9aed2dbc3c5973228acd0e679f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CVH9F.tmp\LAVFilters-0.73-Installer.tmp

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CVH9F.tmp\LAVFilters-0.73-Installer.tmp

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso252F.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso252F.tmp\ShellExecAsUser.dll

Filesize
43KB

MD5
552cba3c6c9987e01be178e1ee22d36b

SHA1
4c0ab0127453b0b53aeb27e407859bccb229ea1b

SHA256
1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29

SHA512
9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso252F.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso252F.tmp\nsDialogs.dll

Filesize
9KB

MD5
904d8313031ac05e2bac3dd329828833

SHA1
6c8322f76e5c38bc24b0bcc057a510c92ec40b43

SHA256
a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4

SHA512
9d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8

Download Submit
C:\Windows\Installer\6ca94f.msi

Filesize
2.7MB

MD5
e2d1625d40b6bb9391085f040dbaa930

SHA1
515645991ab071618d88f42e596fb96dc90b3011

SHA256
46377eab3b11e2ed00966861fd4934108f744fe6a8fbabfc78b80cd19e554fe8

SHA512
2290d58f98ea15633157f43f8c64190cfcef0d5932f904eeb61ed8683e2c414e45e2092263146c77fc156af9e3e2c301cb92af77eb70b0a73eac6e35365e48ad

Download Submit
C:\Windows\Installer\MSIB41B.tmp

Filesize
254KB

MD5
309c77f018ddb2380dcf8aea9ba6312a

SHA1
b6ee083a7f9d3296083d51702abe4c09cfb4c12b

SHA256
6685f23272c1af6e7a8ae56e34a997b374b55e4ec9e6ec614c25f9de84d77973

SHA512
55bd4e0ecf30881ff7db35595bd260b920508d2787a6cc083686e288a9add13b550ef2eaf957510865d9647f53c9d756f085ebe5e782a57976e19bdcd3a98fb3

Download Submit
C:\Windows\Installer\MSIBFC3.tmp

Filesize
148KB

MD5
3bb8ab8803dfb0b7885323eb0784c152

SHA1
27797f02b835796411ed31e99630c7d6d28a0223

SHA256
6eba28700036c0af7a8cf4d919af6e04e0fbe1af89ba0d7c81074492d9c774b6

SHA512
e3003d88aeb5ddad3b97f1e5943046c00897f8a1a8aa0009343eca22d43f4c8117d3e62e9f0314a7b8e04ad8fccda979fa8eafb0d5c0e0e18244965766606a4a

Download Submit
C:\Windows\Installer\MSID28A.tmp

Filesize
83KB

MD5
19fc1213da5642fb19619bccdcc8a66c

SHA1
a8845ee12f7aafb7860d4c7bdd1641cfeab071a1

SHA256
9c3b391c46717db9904880074dec90ea5b6292ef5c1555657519a7d83318f530

SHA512
4ba80032a2f4c359d457bd3aafcd4384551df07f951280992b846bc9fbd3b5af26306bd3b2f8d3e30e96425d9da44447da4952ec352e142b05e046abeb4a9c3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Filesize
111KB

MD5
1dea3c06944c633dc20dbad9f08fde6f

SHA1
9b43e14b2814b0d734d86a48ac487931b803d276

SHA256
afcdbae56c84d1c5335cf8bc12121141d29da54fb30759a08eaf6f75ba0fd3bb

SHA512
32721cc768297a6a0d66e9b0b3e99866b529a5afdd2ef0f27145fabede67a661dc0d05d5da6980de4e8569a370d1002a50e6f2f0fc96c05112dab5679d73a33e

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

Filesize
118KB

MD5
0e7fdb6c77b2c5352371f295733dfc18

SHA1
e12e4616888c9e5acb7616d9462b07279e88089f

SHA256
7b14e03280d7c90c3b876b7a1603aa658b97b9616a815b0a26d0f0d0e1f8bdf7

SHA512
ad49a9573b4d25e1ecebf3503c4666e19a84d248623269a5ac4c2053e91b90a39459f5b617e2798ca02d6fe5a16dc93603a186620ec10b2345fa22b7edd08052

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Surface.Core\v4.0_2.0.0.0__31bf3856ad364e35\Microsoft.Surface.Core.dll

Filesize
127KB

MD5
7aa9ed177ce9e1877982a9cd4443cd96

SHA1
2ff1dcb60c61bf87a11c29fbcbdafd2c0d91eda1

SHA256
318d1b684f2961bbd2a7214d23b28ebcd6380e4c826818df3a4bc6a0b9973b02

SHA512
f2ae56c3a7d778f7145095f06d54606141c38a230bc2d7fa3b87b65ce24e2ffae27fed91dc272e149611a67688665750ab40deaf6239c95f75284d224a0c4ad4

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Surface.HidSupport\v4.0_2.0.0.0__31bf3856ad364e35\Microsoft.Surface.HidSupport.dll

Filesize
78KB

MD5
bdd49d2aa3d6ed7658fcd818e4375b61

SHA1
5e2fec8832614d74d87d7d228f4cd57e815a5536

SHA256
22e00c6d9f2e3bc79328f415dae20cbc866e718c97aaedf1ad3d184126213d3e

SHA512
427fc62e37fca7418fa383c3faefbe1830f43cbb169cbfc9c7a12c38941057e2332e975a26b3989d04ce640ea41df3539295b8a9b6f02453a37d039e1243ba6e

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Surface.NativeWrappers\v4.0_2.0.0.0__31bf3856ad364e35\Microsoft.Surface.NativeWrappers.dll

Filesize
121KB

MD5
6d8d29bdc8f78d0718947e7a3e0bdf71

SHA1
f9d82ea0963c7d699bf86576bb4b9b66af45d53b

SHA256
4f4dff91ca6ffd61498b25c2fec77d7c566f8dec20268a113dd905d32dee684a

SHA512
caa49e268f15f09f360cb3261da8050e54b35a1a7c032ea48b2800199b6d023955412d6e6d15e159b0e1cec1dff4ddc53beb527f306f601c91d510fdab5ea21c

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Surface.Presentation.Generic\v4.0_2.0.0.0__31bf3856ad364e35\Microsoft.Surface.Presentation.Generic.dll

Filesize
106KB

MD5
fc1f0bdabd5498ad9ae26b4244b32ed4

SHA1
f3279bb04bac385a4254501f988ab4ec95c49a4e

SHA256
1695d31c36ed768e061e4a8afdf15655a12680b6669612074a6fe1789a76af2b

SHA512
4aa45984142efed2d46924ace188289178dbc74a4d5ece047a972d3aec25bade0f48abee75edc6c2ec4d00d5f217cf2be363783e038d99291346f237ce19febb

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Surface.Presentation\v4.0_2.0.0.0__31bf3856ad364e35\Microsoft.Surface.Presentation.dll

Filesize
1005KB

MD5
d025841eab2e3766a2f526a619843e01

SHA1
109aed7b7f91ab3d65c689a6a1c5a1ccbeee6f43

SHA256
4b46d4882d2d175b3efb119f02740dccf9b9f493e4ba8bda2af7180da2bd8697

SHA512
40f1140d316852e82488c66a8a9ec41f844c112344fe2c4718652d744d6bf4e76ec7a7a3d6ca3a1f9e27a37a2439b7c32039b3421b3c8dd8f2d5090c34978ad0

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Surface\v4.0_2.0.0.0__31bf3856ad364e35\Microsoft.Surface.dll

Filesize
33KB

MD5
e4638444fffb27ebf9d21283a8454974

SHA1
e113f72ccc185d5b4e351ecdf300d5bb2468d173

SHA256
2186712cd299b9a86cb4fb8ca1d96ca5a3504e6d894976044d2dc52694e5814e

SHA512
927eb9a067b2c54221e9f497bcb800a187508371dac968334b1d72ad7ccdaed32daf1b229c1ae92e0bad6638bb366298a2435e2af9c5b1ab50807ba9382d3f1f

Download Submit
C:\Windows\System32\perfc007.dat

Filesize
145KB

MD5
13d27bbdd047b1595d77fb62bbef5763

SHA1
06e3fff51d22ea962d2428ba9e31632729d51b1d

SHA256
d2c8911d30cd6b00a03780e956cc4d64817c7c065f29003d9822f972e68826e8

SHA512
bb737a2f57df64ea8d6c7b84ea06e9035a73b0211b9025f2a9dd0d1043215b5a2d314f71cce6ab45dcfd20b79fb8e7690cd5c6c804339e5c1e51c001e373fb09

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
154KB

MD5
47cb43c19491a42e8eb75ca8ca187d45

SHA1
e76e6234d83c6f7d4c9cd4062729f11e600e7da2

SHA256
cb85dc4dc53babcb6cd1def9134016deed161f30c6f16ea8eafe974adbf41aba

SHA512
c4b81791c55f3248c6be015421ba7506aacd4f2afc64c9822c376ec95a051c134964b21bd9903325af602651b70051038c67e36532ddbe4107e7e8507f7103cc

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
145KB

MD5
cba5b56a0285f5b0aa2ac1e92f825faf

SHA1
4d5209d43c325fed7cf11753ef9e3ecd70046ef4

SHA256
a34942423094f4806028cd845efe9edcfaec6b4bf9d68ee2c557b33203d2f661

SHA512
27410c523501458cf67975d5cae1beff7fc415e7cd3468079fd69a37d76a39bfbdff4c1a9deb0a09eab461d55cb2d0edfc2d19aa8b1c8da976e16183dc4c5d35

Download Submit
C:\Windows\System32\perfc010.dat

Filesize
143KB

MD5
03461c0bafa2615cbf1a87aec2e957fc

SHA1
38cc10064ae9ee512404180592aa45741e50d254

SHA256
84d82645fddfa00f2520b4685a4de7016c534b1aabb60cade9e52a8b9b56ee33

SHA512
11569ff58d779a67203f79f6ba2eec9a63871ac8591ef46812e8b6e9c1fe06af8fa35a401c3ef18fdbe8032e08922f22ad7d7b6e09123e84aad604951012de1e

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
119KB

MD5
6edf584f997c2e8224205f54677fe5a9

SHA1
bd573e58177ddb9fc10e314dd5add0c3df7f8854

SHA256
27665ca9cb201c0f15bc00314f5855037fe70a9dfc5fdf0636eb9cdc800e78d9

SHA512
a17c41260ad505844b49a1b90be376c1d8567c8e7c9582c053a05bf468b0a709c1d0b7a3f728662c58d374775d2bde6595074a47ba90da4e9a46989998c40c1f

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
681KB

MD5
b86f2965e267f7d7fd0495334bf53bc4

SHA1
42b04f25206cf347b8bde96bc5b632bbc721380b

SHA256
60638518936fdbd1ff5106e813a11e0b408f67f74935b8657c0a44007f72e9dd

SHA512
6ceff7f70016406b9096d84e8ae07f19c231deece6960e572552efef735d196512a95d1abf2e11361e8550397a53ccbb74e43043de8b80afb192114713504991

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
646KB

MD5
84e1b29cd5a01f3dee006a3311b9650c

SHA1
f37c315c85d604ccb8cec7a2cc6bbf44adacdf33

SHA256
91e0b5044149f1977a217380036b2896e9a25eb3725994e458ef2fb518aa8c06

SHA512
8ba61e577f35e6919ea75a9c1f02f5e56de4cbbec9bed2a438ad5fbd257bf5ee22468a2ef439c7f00aa9beb3fc7ceec07c18c9161063737731cefc1baece91b7

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
728KB

MD5
5502aca393c025e566f76bb5cc9e0b01

SHA1
2bc187244d652c2c5df0ac96720bafa89283b207

SHA256
b8ad1d7e818e02164f0a36c3552f54db39fb7b2ce8c99e0bad41e0bb49396caa

SHA512
419c6ba89c98088da759d87fa213506566c3cce5db18ba8657b79b48bc55d437663b0bc0ad0f5e8a63e025e8597ef16edd7344320eeb2f9ffe6c8458efd9412d

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
728KB

MD5
90ae48f07a3221d2ca61b6d3aed42383

SHA1
04fd7e98745516a4dfcc88c683b76345551d940c

SHA256
51d687802786168d5203824597e8c5fdc39bc7662a378a9b7002ca068cfd306c

SHA512
02b1ebfe46918f38b15b3e669a1d5e811b08bc655442ba59b43b569d541f1375ffdba79b9efbb199f1cd43a3f9af592a4d249e8061b7bde10e15da1c77101446

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
723KB

MD5
8406cc877c1619769ab22f23f81eb2d7

SHA1
a7864db7c930f7eb8b02522dfe1003e6c558a101

SHA256
87dd7643fcf4cd91bc87b24c6a4435f188a06ef0c69859c4d1533fea1366c1e2

SHA512
4ba96255669ffe6dec43c4188fd47218e4a7708680251829f6a91345876d4cfba455feaf447724e7f779d9abc91b11b5c0077ae3ec4114d64eee36fa34ba9475

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
407KB

MD5
5e055e384731f93b49de3b0685674df0

SHA1
0838a2eb34c30af7d6d92ecad7953ebd5069cdc3

SHA256
df2bebfab504415165d2e026701b9f9211fbb0b05dc554ef646418590a38a90a

SHA512
f6827b3ccc8e5b9a0ce8028219e3f880cb74ece34a95771f5dad38026dd987ca52c80d46b81f7618492467d07dd6aa463f51108d249818fc31df7394a52d8792

Download Submit
C:\Windows\Temp\{4CCC2624-DE66-4085-87AB-F8FE78E0C677}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{7B64CC5B-623F-41DE-978B-538B2E3BEA5A}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\inf\Microsoft Surface Presentation\wixperf.h

Filesize
223B

MD5
2b70dabc4114354f6d3e25d783eee380

SHA1
7b0ce53f48ec10855012752d1bd1c9e0c68260de

SHA256
ec2eddc17e94633c4374cdcfd1ced7166bacd6cdbdcdb0602676b48a0eef60bc

SHA512
89384cdf9611b2228c4ce97633363932672787e2169462fc2c82ecc864f0dc349f36c7b3abf95644640d17a04bc3d8a0f6facef387ddeefc094166db8650b074

Download Submit
\Program Files (x86)\LAV Filters\unins000.exe

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
\Program Files (x86)\LAV Filters\x64\LAVAudio.ax

Filesize
301KB

MD5
5fc0485fc0af5e830394925d0dd2e64e

SHA1
15bf82543b318a142f1f2d5956dfc691d38da01d

SHA256
0756a983da10579c2dc08e9be7696c031d9a457ab2c75204cb0b11bff79976fb

SHA512
3d5472b96046262ace855e33d8f84335678ef9b0ffa33731360685ae74030874155e9f873e56b69e248ee9c9fa3286319bf5e5413253718f682e085e0f2d3ef4

Download Submit
\Program Files (x86)\LAV Filters\x64\LAVAudio.ax

Filesize
301KB

MD5
5fc0485fc0af5e830394925d0dd2e64e

SHA1
15bf82543b318a142f1f2d5956dfc691d38da01d

SHA256
0756a983da10579c2dc08e9be7696c031d9a457ab2c75204cb0b11bff79976fb

SHA512
3d5472b96046262ace855e33d8f84335678ef9b0ffa33731360685ae74030874155e9f873e56b69e248ee9c9fa3286319bf5e5413253718f682e085e0f2d3ef4

Download Submit
\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax

Filesize
655KB

MD5
211edfde91c97a547ea0dc2de161476d

SHA1
9ccd350682c9a7f7e0597c0bed7f44f1b5082c44

SHA256
59ffb8f14919fcf9a5881326edab0a83fd8ef612f22f1bb884f52c0ad15d8745

SHA512
3c69af1a56fa638ecd773452e67938940d5b56d13c7903dcfe1beace13bdb396a82cbac7aa2d7cd98a104c94269bf0ba826425af732557aa892c6e9d3e4b30af

Download Submit
\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax

Filesize
655KB

MD5
211edfde91c97a547ea0dc2de161476d

SHA1
9ccd350682c9a7f7e0597c0bed7f44f1b5082c44

SHA256
59ffb8f14919fcf9a5881326edab0a83fd8ef612f22f1bb884f52c0ad15d8745

SHA512
3c69af1a56fa638ecd773452e67938940d5b56d13c7903dcfe1beace13bdb396a82cbac7aa2d7cd98a104c94269bf0ba826425af732557aa892c6e9d3e4b30af

Download Submit
\Program Files (x86)\LAV Filters\x64\LAVVideo.ax

Filesize
1.2MB

MD5
9e5c7abf08e968c16d19b3e3c8b5b2d3

SHA1
98d1e61096722284a33cbbf75006c88dd9532c48

SHA256
aed745551ce887199dcedcdd633a08f8a7ae0c96d60e6353d8f42157b5074801

SHA512
4ac7f8fd1df73e1d6afc83c54c6e6f45813f9094a34c322f71a5f324ab5a5a24635104a579b1504b48a7d9a733ce399919fea2ffd42b13e780a34d974f7bb57e

Download Submit
\Program Files (x86)\LAV Filters\x64\LAVVideo.ax

Filesize
1.2MB

MD5
9e5c7abf08e968c16d19b3e3c8b5b2d3

SHA1
98d1e61096722284a33cbbf75006c88dd9532c48

SHA256
aed745551ce887199dcedcdd633a08f8a7ae0c96d60e6353d8f42157b5074801

SHA512
4ac7f8fd1df73e1d6afc83c54c6e6f45813f9094a34c322f71a5f324ab5a5a24635104a579b1504b48a7d9a733ce399919fea2ffd42b13e780a34d974f7bb57e

Download Submit
\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll

Filesize
1.6MB

MD5
7dba10836cc3290d96e5eaf12bb7756e

SHA1
a428bc404f7534a56837835535fe796282e08fd8

SHA256
b93454722bb4cc56767bc9c636fac60b8594511e28f00a6a47467d069a256072

SHA512
91e45f7cbf736b81324b5833c3210840a0fd065ff6666a4521423094266c351985d008d04dbb41ec495f6620035ff96d0ae08a6b16b4a7a4e76238843803c83c

Download Submit
\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll

Filesize
1.6MB

MD5
7dba10836cc3290d96e5eaf12bb7756e

SHA1
a428bc404f7534a56837835535fe796282e08fd8

SHA256
b93454722bb4cc56767bc9c636fac60b8594511e28f00a6a47467d069a256072

SHA512
91e45f7cbf736b81324b5833c3210840a0fd065ff6666a4521423094266c351985d008d04dbb41ec495f6620035ff96d0ae08a6b16b4a7a4e76238843803c83c

Download Submit
\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
\Program Files (x86)\LAV Filters\x64\libbluray.dll

Filesize
334KB

MD5
c00c82ad564d121426b29ca836c0a065

SHA1
fed5cf0fa3e1277c4f73ed2b1da7cfceea350cc8

SHA256
f24ef8dd55955a1c9cfc699cc98b7231161de6a7c84be6a4637f08bed05c9e9c

SHA512
47a43a59cc331ee9f2d339eb5b20005f36c2ccfeff9dc3c813943ee9a01e8f47870564036947b584a788492a0d13f06cd740985b633a9b67e70e10e379f00b67

Download Submit
\Program Files (x86)\LAV Filters\x86\LAVAudio.ax

Filesize
259KB

MD5
8c7d3a2dd89c717f8a8deda045e9dc50

SHA1
fc96eed22a6e17249f7be1e93015db8ceae5737e

SHA256
002d5bfa19a4fd3e924c4b2907afca1b788d57cae0d839db63693e88ea2130e8

SHA512
55663a60ae57a08d6bd31b705c26af7e99e77bacc3785d827fbcd479700493bcbcb37cf680515fd47fb6906d506d5dca96a4590a57c94c37b08a41a4d4de335e

Download Submit
\Program Files (x86)\LAV Filters\x86\LAVSplitter.ax

Filesize
538KB

MD5
317312557542f2e6c86c753e97739a82

SHA1
ba48bc0f0e961460cfd233f11c59182c6a24e1d0

SHA256
c78ca50629505e365c4214618575401efd302a4c53b0f3f4a64b08b7461fdff3

SHA512
7c0d25e3692297c7176dac52913b0a4f84ba362e88e36eef05c17c16c7721ad99543e08f74be95c47cabb8be3c489061564d8159eb8d27124e614a7eb233afc7

Download Submit
\Program Files (x86)\LAV Filters\x86\LAVVideo.ax

Filesize
1018KB

MD5
4578a1854d3d81273fa864d023608cd1

SHA1
db72f387e095a2baf0cd5767020ab0c0ac51d7b8

SHA256
3cc4b020e39217a1ccf55f9efa14c802082d6b83b5617af179956be71b3978d1

SHA512
cdc8304ba408723f79a5b85090e0859cd918367db877af4152526fa1acb9be7ac41c7b58e9e342c9f019abfea230293da72b37c162362d68d51a55c80874158b

Download Submit
\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
\Program Files (x86)\LAV Filters\x86\avfilter-lav-7.dll

Filesize
199KB

MD5
a8f17210ce3efaca99a414fdc7ce4fbb

SHA1
d14c8fbcbd69efe1ed48f30a20e29b5fa09792e8

SHA256
19419924fbc077cea05e6b83c101326d9b0239cce9d01511e3c723aa172395ba

SHA512
4efc7be3c7ad95f25944c03187b158f9086d6c1c9b7c22ddafd2869acfcff4e886138e72253b3a669eeb9b96aed508ec1f3adc3c0a12afc60763f026ead0a437

Download Submit
\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll

Filesize
1.8MB

MD5
490bff67b49428b054964e2a03c4fcdf

SHA1
3e25f235b706ab8ff23e72e4b322d78f681839f8

SHA256
4acbb05e602a874db0e13e9d75efb0939aac149aba5aea58b656965a324157a0

SHA512
11d1b54a432390143df7d01a366eefae525605b91c4d3f5f0fcc401c3dd0e7c6960a3a09e38d162027a4802226df7539073c4619f7f57940f05ae70a52d174b4

Download Submit
\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll

Filesize
1.8MB

MD5
490bff67b49428b054964e2a03c4fcdf

SHA1
3e25f235b706ab8ff23e72e4b322d78f681839f8

SHA256
4acbb05e602a874db0e13e9d75efb0939aac149aba5aea58b656965a324157a0

SHA512
11d1b54a432390143df7d01a366eefae525605b91c4d3f5f0fcc401c3dd0e7c6960a3a09e38d162027a4802226df7539073c4619f7f57940f05ae70a52d174b4

Download Submit
\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
\Program Files (x86)\LAV Filters\x86\libbluray.dll

Filesize
280KB

MD5
beec0ed19b1336dd0e5fab430ca9e3b9

SHA1
81c2e9877b89a9c0525535854afdd2355d6a2066

SHA256
f9784b4d47d4453e709bff8e656995ead1341aad63201c2fb62ebed51d3d6167

SHA512
1c7ecac550694b0ac6c1b2aaa291bc4dfb2468704a9076e43fba09a47517255866588ed261d23ed54b7b88849bee5d5ca85b80563491a3fd0e591c3a1b3c7dad

Download Submit
\Program Files (x86)\LAV Filters\x86\swscale-lav-5.dll

Filesize
534KB

MD5
2041c494ef4b8a1b3744a346a092edb3

SHA1
a84873405c8d195f9a4b9b1ef1128bafb690707c

SHA256
b9614a1d14f53c71af486d170f2dfbf592dbdbcfd48f72932524c771c8bd1d77

SHA512
242ca54bc234092af6ab6a4d05aa138ad301df7f3bfd5565d98a2b8814645ba9496239e4f5d4c7541c7dfedc5a6c89752bac63c030b673018e7276c4a252b29f

Download Submit
\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe

Filesize
11.4MB

MD5
44c38392c32d058beda9f410f0366a9e

SHA1
3c5572035de70810821b1bd3695766c8b4e4ecac

SHA256
9e75f3ed760d54b1e8134072971b724b4707e3eca14a90ed233ac71ab51f94ee

SHA512
69da99543dd7a65d714e5b13cd5d8d7e3d5dbd190516e4abf731b8141c6eda3204401f2c48819f2156ef7a3536cd76c06bffb507816e4870ba8f7244e801bd11

Download Submit
\Users\Admin\AppData\Local\Temp\is-CVH9F.tmp\LAVFilters-0.73-Installer.tmp

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
\Users\Admin\AppData\Local\Temp\is-KKURJ.tmp\idp.dll

Filesize
216KB

MD5
b37377d34c8262a90ff95a9a92b65ed8

SHA1
faeef415bd0bc2a08cf9fe1e987007bf28e7218d

SHA256
e5a0ad2e37dde043a0dd4ad7634961ff3f0d70e87d2db49761eb4c1f468bb02f

SHA512
69d8da5b45d9b4b996d32328d3402fa37a3d710564d47c474bf9e15c1e45bc15b2858dbab446e6baec0c099d99007ff1099e9c4e66cfd1597f28c420bb50fdcc

Download Submit
\Users\Admin\AppData\Local\Temp\nso252F.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
\Users\Admin\AppData\Local\Temp\nso252F.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
memory/392-1752-0x000000001D1A0000-0x000000001D220000-memory.dmp

Filesize
512KB

Download
memory/392-1745-0x000000001D1A0000-0x000000001D220000-memory.dmp

Filesize
512KB

Download
memory/392-1699-0x000000001D1A0000-0x000000001D220000-memory.dmp

Filesize
512KB

Download
memory/392-1634-0x000000001D1A0000-0x000000001D220000-memory.dmp

Filesize
512KB

Download
memory/760-1046-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/760-1109-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1056-210-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1056-70-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1056-177-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1588-1524-0x000000001AE00000-0x000000001AE08000-memory.dmp

Filesize
32KB

Download
memory/1588-1530-0x000000001DC40000-0x000000001DC9C000-memory.dmp

Filesize
368KB

Download
memory/1588-1390-0x0000000000540000-0x000000000055C000-memory.dmp

Filesize
112KB

Download
memory/1588-1391-0x000000001AD80000-0x000000001AE00000-memory.dmp

Filesize
512KB

Download
memory/1588-1848-0x00000000218C0000-0x0000000021B7E000-memory.dmp

Filesize
2.7MB

Download
memory/1588-1847-0x000000001BF20000-0x000000001BF28000-memory.dmp

Filesize
32KB

Download
memory/1588-1388-0x000000013F370000-0x000000013F53C000-memory.dmp

Filesize
1.8MB

Download
memory/1588-1846-0x000000001BEF0000-0x000000001BF0A000-memory.dmp

Filesize
104KB

Download
memory/1588-1503-0x00000000008E0000-0x00000000008EC000-memory.dmp

Filesize
48KB

Download
memory/1588-1504-0x00000000008E0000-0x00000000008EC000-memory.dmp

Filesize
48KB

Download
memory/1588-1505-0x00000000008F0000-0x00000000008F8000-memory.dmp

Filesize
32KB

Download
memory/1588-1506-0x00000000008F0000-0x00000000008F8000-memory.dmp

Filesize
32KB

Download
memory/1588-1507-0x00000000024C0000-0x00000000024EE000-memory.dmp

Filesize
184KB

Download
memory/1588-1508-0x000000001B4F0000-0x000000001B520000-memory.dmp

Filesize
192KB

Download
memory/1588-1509-0x000000001E1C0000-0x000000001E2FA000-memory.dmp

Filesize
1.2MB

Download
memory/1588-1510-0x000000001BA60000-0x000000001BA96000-memory.dmp

Filesize
216KB

Download
memory/1588-1511-0x000000001CCB0000-0x000000001CCEE000-memory.dmp

Filesize
248KB

Download
memory/1588-1512-0x00000000024F0000-0x00000000024FA000-memory.dmp

Filesize
40KB

Download
memory/1588-1513-0x000000001AE10000-0x000000001AE1A000-memory.dmp

Filesize
40KB

Download
memory/1588-1514-0x000000001C0F0000-0x000000001C106000-memory.dmp

Filesize
88KB

Download
memory/1588-1515-0x00000000021D0000-0x00000000021D8000-memory.dmp

Filesize
32KB

Download
memory/1588-1516-0x000000001B520000-0x000000001B532000-memory.dmp

Filesize
72KB

Download
memory/1588-1521-0x000000001AD80000-0x000000001AE00000-memory.dmp

Filesize
512KB

Download
memory/1588-1522-0x00000000021E0000-0x00000000021EE000-memory.dmp

Filesize
56KB

Download
memory/1588-1523-0x0000000002430000-0x000000000243A000-memory.dmp

Filesize
40KB

Download
memory/1588-1844-0x000000001BEC0000-0x000000001BEE6000-memory.dmp

Filesize
152KB

Download
memory/1588-1525-0x000000001B9B0000-0x000000001B9B8000-memory.dmp

Filesize
32KB

Download
memory/1588-1526-0x000000001FEE0000-0x000000001FFF2000-memory.dmp

Filesize
1.1MB

Download
memory/1588-1527-0x000000001C190000-0x000000001C198000-memory.dmp

Filesize
32KB

Download
memory/1588-1528-0x000000001C1A0000-0x000000001C1A8000-memory.dmp

Filesize
32KB

Download
memory/1588-1529-0x000000001C5B0000-0x000000001C5B8000-memory.dmp

Filesize
32KB

Download
memory/1588-1389-0x0000000002350000-0x0000000002422000-memory.dmp

Filesize
840KB

Download
memory/1588-1531-0x000000001D1F0000-0x000000001D234000-memory.dmp

Filesize
272KB

Download
memory/1588-1532-0x000000001CCF0000-0x000000001CD26000-memory.dmp

Filesize
216KB

Download
memory/1588-1533-0x000000001C5C0000-0x000000001C5D0000-memory.dmp

Filesize
64KB

Download
memory/1588-1534-0x000000001CDB0000-0x000000001CDC4000-memory.dmp

Filesize
80KB

Download
memory/1588-1535-0x000000001E7C0000-0x000000001E81E000-memory.dmp

Filesize
376KB

Download
memory/1588-1536-0x000000001E900000-0x000000001E992000-memory.dmp

Filesize
584KB

Download
memory/1588-1539-0x000000001DD70000-0x000000001DD9A000-memory.dmp

Filesize
168KB

Download
memory/1588-1540-0x000000001CDD0000-0x000000001CDE2000-memory.dmp

Filesize
72KB

Download
memory/1588-1541-0x0000000020000000-0x000000002009C000-memory.dmp

Filesize
624KB

Download
memory/1588-1542-0x000000001DDA0000-0x000000001DDB8000-memory.dmp

Filesize
96KB

Download
memory/1588-1543-0x00000000204F0000-0x00000000205F0000-memory.dmp

Filesize
1024KB

Download
memory/1588-1544-0x000000001E820000-0x000000001E87C000-memory.dmp

Filesize
368KB

Download
memory/1588-1545-0x000000001E300000-0x000000001E326000-memory.dmp

Filesize
152KB

Download
memory/1588-1840-0x000000001D3E0000-0x000000001D464000-memory.dmp

Filesize
528KB

Download
memory/1588-1838-0x000000001BDF0000-0x000000001BE9A000-memory.dmp

Filesize
680KB

Download
memory/1588-1588-0x000000001AD80000-0x000000001AE00000-memory.dmp

Filesize
512KB

Download
memory/1588-1603-0x000000001AD80000-0x000000001AE00000-memory.dmp

Filesize
512KB

Download
memory/1588-1836-0x000000001D240000-0x000000001D3E0000-memory.dmp

Filesize
1.6MB

Download
memory/1588-1835-0x000000001BD60000-0x000000001BDA0000-memory.dmp

Filesize
256KB

Download
memory/1588-1832-0x000000001BD10000-0x000000001BD5E000-memory.dmp

Filesize
312KB

Download
memory/1628-209-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/1628-110-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1632-672-0x0000000000BF0000-0x0000000000C10000-memory.dmp

Filesize
128KB

Download
memory/1632-657-0x00000000006E0000-0x00000000006EE000-memory.dmp

Filesize
56KB

Download
memory/1632-669-0x0000000002720000-0x0000000002820000-memory.dmp

Filesize
1024KB

Download
memory/1632-666-0x0000000000B40000-0x0000000000B64000-memory.dmp

Filesize
144KB

Download
memory/1632-660-0x00000000006F0000-0x0000000000714000-memory.dmp

Filesize
144KB

Download
memory/1632-663-0x0000000000720000-0x0000000000738000-memory.dmp

Filesize
96KB

Download
memory/1696-1377-0x0000000002530000-0x0000000002532000-memory.dmp

Filesize
8KB

Download
memory/2028-1108-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/2028-1052-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download