eeb186dec0228846271ca3fc21633cf84e0786310a694d31229223399f89bb05

Analysis

max time kernel
150s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2023, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jalinga_studio.4.0.2040.0.exe
Size

170.1MB
MD5

948d7987d54a4726f3478445f6f90b35
SHA1

063678240fd304421339faa6198f2b9c9b29694a
SHA256

eeb186dec0228846271ca3fc21633cf84e0786310a694d31229223399f89bb05
SHA512

5e30ee2e321d66354e745456a070e3a981d2932c10d6eb7c4c0865600a4b8a33e5eb30570793069231a46012221069af79058c9cdc29aa61c8182ad9764a69ed
SSDEEP

3145728:lKINS65gwGtO22RM7Yz+invDgfZsY+RdjKJSPCQuKErDOZX9R9lw/vDLgqLFK82/:o/65gwGf26Yz+irgf6TjKJSPCQxkyZ9r

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
3888	LAVFilters-0.73-Installer.exe
3212	LAVFilters-0.73-Installer.tmp
428	vc_redist.x86.2010.exe
1888	Setup.exe
2592	vc_redist.x86.2019.exe
3988	vc_redist.x86.2019.exe
3348	vc_redist.x64.2010.exe
804	Setup.exe
4732	vc_redist.x64.2019.exe
460	vc_redist.x64.2019.exe

Loads dropped DLL 56 IoCs

pid	Process
2824	jalinga_studio.4.0.2040.0.exe
2824	jalinga_studio.4.0.2040.0.exe
3212	LAVFilters-0.73-Installer.tmp
1464	regsvr32.exe
1464	regsvr32.exe
1464	regsvr32.exe
1464	regsvr32.exe
1464	regsvr32.exe
1464	regsvr32.exe
1464	regsvr32.exe
748	regsvr32.exe
748	regsvr32.exe
748	regsvr32.exe
748	regsvr32.exe
748	regsvr32.exe
748	regsvr32.exe
4176	regsvr32.exe
4176	regsvr32.exe
4176	regsvr32.exe
4176	regsvr32.exe
4176	regsvr32.exe
4176	regsvr32.exe
4476	regsvr32.exe
2024	regsvr32.exe
2024	regsvr32.exe
2024	regsvr32.exe
2024	regsvr32.exe
2024	regsvr32.exe
2024	regsvr32.exe
1304	regsvr32.exe
216	regsvr32.exe
216	regsvr32.exe
216	regsvr32.exe
216	regsvr32.exe
216	regsvr32.exe
216	regsvr32.exe
3432	regsvr32.exe
4160	regsvr32.exe
4160	regsvr32.exe
4160	regsvr32.exe
4160	regsvr32.exe
4160	regsvr32.exe
4160	regsvr32.exe
1888	Setup.exe
1888	Setup.exe
3988	vc_redist.x86.2019.exe
804	Setup.exe
804	Setup.exe
460	vc_redist.x64.2019.exe
228	MsiExec.exe
228	MsiExec.exe
228	MsiExec.exe
228	MsiExec.exe
228	MsiExec.exe
228	MsiExec.exe
4136	MsiExec.exe

Registers COM server for autorun 1 TTPs 36 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Drops file in Program Files directory 58 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\LAV Filters\x86\is-7VHJJ.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\vc_redist.x64.2010.exe	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\swscale-lav-5.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-TDLPN.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-BTJKU.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\is-V04P1.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\swscale-lav-5.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\LAV Filters\x86\is-L59TJ.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\is-NURU1.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-RN3JN.tmp	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-MK76T.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-J3C6U.tmp	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\unins000.dat	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\EULA.rtf	msiexec.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\libbluray.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-5I8EM.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\SurfaceRuntime.msi	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-2C2TD.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-Q564L.tmp	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\IntelQuickSyncDecoder.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-AOK9P.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-3EH0T.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-A37LO.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-72IKN.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\LAV Filters\unins000.dat	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-DPUL7.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\is-T0LA3.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\vc_redist.x86.2010.exe	jalinga_studio.4.0.2040.0.exe
File created	C:\Program Files (x86)\LAV Filters\x64\is-SNPK5.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\is-K43F2.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\unins000.msg	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe	jalinga_studio.4.0.2040.0.exe
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\avfilter-lav-7.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-CTSKG.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-4GIH8.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-DVBU5.tmp	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\IntelQuickSyncDecoder.dll	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\libbluray.dll	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-5PDAG.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x86\is-PR5AB.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-79RS3.tmp	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-NB6SR.tmp	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll	LAVFilters-0.73-Installer.tmp
File created	C:\Program Files (x86)\LAV Filters\x64\is-TI2M3.tmp	LAVFilters-0.73-Installer.tmp
File opened for modification	C:\Program Files (x86)\LAV Filters\x64\avfilter-lav-7.dll	LAVFilters-0.73-Installer.tmp

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDD7A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDEB6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDF06.tmp	msiexec.exe
File created	C:\Windows\assembly\tmp\7T4QCJEU\Microsoft.Surface.Core.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\UNVJ5GM0\Microsoft.Surface.Presentation.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\e58d925.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDEA5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDEF5.tmp	msiexec.exe
File created	C:\Windows\Fonts\Segoe360-Italic.ttf	msiexec.exe
File created	C:\Windows\Fonts\Segoe360-Regular.ttf	msiexec.exe
File created	C:\Windows\Fonts\Segoe-Regular.Otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE419.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{69C2B39D-F060-49AD-8877-01C4144A8424}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDF65.tmp	msiexec.exe
File created	C:\Windows\Fonts\Segoe-SemiBold.Otf	msiexec.exe
File created	C:\Windows\assembly\tmp\EFNGQKF6\Microsoft.Surface.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\66XTZ9PN\Microsoft.Surface.HidSupport.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\SMIY7699\Microsoft.Surface.Presentation.Generic.dll	msiexec.exe
File created	C:\Windows\Installer\e58d925.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDDD9.tmp	msiexec.exe
File created	C:\Windows\Fonts\Segoe360-Bold.ttf	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	msiexec.exe
File created	C:\Windows\assembly\tmp\5AR40M5G\Microsoft.Surface.NativeWrappers.dll	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\ = "LAV Video Decoder"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVVideo.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mp4\SubType = "{08E22ADA-B715-45ed-9D20-7B87750301D4}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.rmvb\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\FriendlyName = "LAV Audio Decoder"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mp3	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVSplitter.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.avs	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ac3	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ = "C:\\Program Files (x86)\\LAV Filters\\x64\\LAVAudio.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mpeg\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rtspm	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ssif\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{08E22ADA-B715-45ed-9D20-7B87750301D4}\9 = "4,14,ffffffff000000000000ffffffff,706E6F7400000000000050494354"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.bik	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.ssif\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.avs\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\FriendlyName = "LAV Splitter Source"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.mpls\SubType = "{20884BC2-629F-45EA-B1C5-FA4FFA438250}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rtsp	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.dtshd\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{1AC0BEBD-4D2B-45ad-BCEB-F2C41C5E3788}\0 = "0,4,,1A45DFA3"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mpg\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mpls	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{D2855FA9-61A7-4db0-B979-71F297C17A04}\0 = "0,4,,4F676753"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ogg\SubType = "{D2855FA9-61A7-4db0-B979-71F297C17A04}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.asf\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.3ga\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ogg\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wmv\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.eac3\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{20884BC2-629F-45EA-B1C5-FA4FFA438250}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mpg\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mpls\SubType = "{20884BC2-629F-45EA-B1C5-FA4FFA438250}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.asf\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\CLSID = "{171252A0-8820-4AFE-9DF8-5C92B2D66B04}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.mkv	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.amv\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{20884BC2-629F-45EA-B1C5-FA4FFA438250}\0 = "0,4,,494E4458"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{e06d8023-db46-11cf-b4d1-00805f6cbbea}\Source Filter = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ssif	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.bdmv	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.ac3	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.webm\SubType = "{1AC0BEBD-4D2B-45ad-BCEB-F2C41C5E3788}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.divx\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.dvr-ms\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.mkv\SubType = "{1AC0BEBD-4D2B-45ad-BCEB-F2C41C5E3788}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.3ga\SubType = "{08E22ADA-B715-45ed-9D20-7B87750301D4}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ogv\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\Extensions\.aac\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.webm	LAVFilters-0.73-Installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.vp6	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{08E22ADA-B715-45ed-9D20-7B87750301D4}\7 = "4,12,ffffffff00000000ffffffff,6672656500000000636D6F76"	LAVFilters-0.73-Installer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.ogv\Media Type = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"	LAVFilters-0.73-Installer.tmp

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2824	jalinga_studio.4.0.2040.0.exe
2824	jalinga_studio.4.0.2040.0.exe
3212	LAVFilters-0.73-Installer.tmp
3212	LAVFilters-0.73-Installer.tmp
1888	Setup.exe
1888	Setup.exe
1888	Setup.exe
1888	Setup.exe
1888	Setup.exe
1888	Setup.exe
1888	Setup.exe
1888	Setup.exe
804	Setup.exe
804	Setup.exe
804	Setup.exe
804	Setup.exe
804	Setup.exe
804	Setup.exe
804	Setup.exe
804	Setup.exe
1972	msiexec.exe
1972	msiexec.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2848	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2848	msiexec.exe
Token: SeSecurityPrivilege	1972	msiexec.exe
Token: SeCreateTokenPrivilege	2848	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2848	msiexec.exe
Token: SeLockMemoryPrivilege	2848	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2848	msiexec.exe
Token: SeMachineAccountPrivilege	2848	msiexec.exe
Token: SeTcbPrivilege	2848	msiexec.exe
Token: SeSecurityPrivilege	2848	msiexec.exe
Token: SeTakeOwnershipPrivilege	2848	msiexec.exe
Token: SeLoadDriverPrivilege	2848	msiexec.exe
Token: SeSystemProfilePrivilege	2848	msiexec.exe
Token: SeSystemtimePrivilege	2848	msiexec.exe
Token: SeProfSingleProcessPrivilege	2848	msiexec.exe
Token: SeIncBasePriorityPrivilege	2848	msiexec.exe
Token: SeCreatePagefilePrivilege	2848	msiexec.exe
Token: SeCreatePermanentPrivilege	2848	msiexec.exe
Token: SeBackupPrivilege	2848	msiexec.exe
Token: SeRestorePrivilege	2848	msiexec.exe
Token: SeShutdownPrivilege	2848	msiexec.exe
Token: SeDebugPrivilege	2848	msiexec.exe
Token: SeAuditPrivilege	2848	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2848	msiexec.exe
Token: SeChangeNotifyPrivilege	2848	msiexec.exe
Token: SeRemoteShutdownPrivilege	2848	msiexec.exe
Token: SeUndockPrivilege	2848	msiexec.exe
Token: SeSyncAgentPrivilege	2848	msiexec.exe
Token: SeEnableDelegationPrivilege	2848	msiexec.exe
Token: SeManageVolumePrivilege	2848	msiexec.exe
Token: SeImpersonatePrivilege	2848	msiexec.exe
Token: SeCreateGlobalPrivilege	2848	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeRestorePrivilege	1972	msiexec.exe
Token: SeTakeOwnershipPrivilege	1972	msiexec.exe
Token: SeSecurityPrivilege	2080	wevtutil.exe
Token: SeBackupPrivilege	2080	wevtutil.exe
Token: SeSecurityPrivilege	4144	wevtutil.exe
Token: SeBackupPrivilege	4144	wevtutil.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3212	LAVFilters-0.73-Installer.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 3888	2824	jalinga_studio.4.0.2040.0.exe	103
PID 2824 wrote to memory of 3888	2824	jalinga_studio.4.0.2040.0.exe	103
PID 2824 wrote to memory of 3888	2824	jalinga_studio.4.0.2040.0.exe	103
PID 3888 wrote to memory of 3212	3888	LAVFilters-0.73-Installer.exe	104
PID 3888 wrote to memory of 3212	3888	LAVFilters-0.73-Installer.exe	104
PID 3888 wrote to memory of 3212	3888	LAVFilters-0.73-Installer.exe	104
PID 3212 wrote to memory of 1464	3212	LAVFilters-0.73-Installer.tmp	105
PID 3212 wrote to memory of 1464	3212	LAVFilters-0.73-Installer.tmp	105
PID 3212 wrote to memory of 1464	3212	LAVFilters-0.73-Installer.tmp	105
PID 3212 wrote to memory of 748	3212	LAVFilters-0.73-Installer.tmp	106
PID 3212 wrote to memory of 748	3212	LAVFilters-0.73-Installer.tmp	106
PID 3212 wrote to memory of 748	3212	LAVFilters-0.73-Installer.tmp	106
PID 3212 wrote to memory of 4176	3212	LAVFilters-0.73-Installer.tmp	107
PID 3212 wrote to memory of 4176	3212	LAVFilters-0.73-Installer.tmp	107
PID 3212 wrote to memory of 4176	3212	LAVFilters-0.73-Installer.tmp	107
PID 3212 wrote to memory of 4476	3212	LAVFilters-0.73-Installer.tmp	108
PID 3212 wrote to memory of 4476	3212	LAVFilters-0.73-Installer.tmp	108
PID 3212 wrote to memory of 4476	3212	LAVFilters-0.73-Installer.tmp	108
PID 4476 wrote to memory of 2024	4476	regsvr32.exe	109
PID 4476 wrote to memory of 2024	4476	regsvr32.exe	109
PID 3212 wrote to memory of 1304	3212	LAVFilters-0.73-Installer.tmp	110
PID 3212 wrote to memory of 1304	3212	LAVFilters-0.73-Installer.tmp	110
PID 3212 wrote to memory of 1304	3212	LAVFilters-0.73-Installer.tmp	110
PID 1304 wrote to memory of 216	1304	regsvr32.exe	111
PID 1304 wrote to memory of 216	1304	regsvr32.exe	111
PID 3212 wrote to memory of 3432	3212	LAVFilters-0.73-Installer.tmp	112
PID 3212 wrote to memory of 3432	3212	LAVFilters-0.73-Installer.tmp	112
PID 3212 wrote to memory of 3432	3212	LAVFilters-0.73-Installer.tmp	112
PID 3432 wrote to memory of 4160	3432	regsvr32.exe	113
PID 3432 wrote to memory of 4160	3432	regsvr32.exe	113
PID 2824 wrote to memory of 428	2824	jalinga_studio.4.0.2040.0.exe	115
PID 2824 wrote to memory of 428	2824	jalinga_studio.4.0.2040.0.exe	115
PID 2824 wrote to memory of 428	2824	jalinga_studio.4.0.2040.0.exe	115
PID 428 wrote to memory of 1888	428	vc_redist.x86.2010.exe	116
PID 428 wrote to memory of 1888	428	vc_redist.x86.2010.exe	116
PID 428 wrote to memory of 1888	428	vc_redist.x86.2010.exe	116
PID 2824 wrote to memory of 2592	2824	jalinga_studio.4.0.2040.0.exe	117
PID 2824 wrote to memory of 2592	2824	jalinga_studio.4.0.2040.0.exe	117
PID 2824 wrote to memory of 2592	2824	jalinga_studio.4.0.2040.0.exe	117
PID 2592 wrote to memory of 3988	2592	vc_redist.x86.2019.exe	118
PID 2592 wrote to memory of 3988	2592	vc_redist.x86.2019.exe	118
PID 2592 wrote to memory of 3988	2592	vc_redist.x86.2019.exe	118
PID 2824 wrote to memory of 3348	2824	jalinga_studio.4.0.2040.0.exe	119
PID 2824 wrote to memory of 3348	2824	jalinga_studio.4.0.2040.0.exe	119
PID 2824 wrote to memory of 3348	2824	jalinga_studio.4.0.2040.0.exe	119
PID 3348 wrote to memory of 804	3348	vc_redist.x64.2010.exe	120
PID 3348 wrote to memory of 804	3348	vc_redist.x64.2010.exe	120
PID 3348 wrote to memory of 804	3348	vc_redist.x64.2010.exe	120
PID 2824 wrote to memory of 4732	2824	jalinga_studio.4.0.2040.0.exe	121
PID 2824 wrote to memory of 4732	2824	jalinga_studio.4.0.2040.0.exe	121
PID 2824 wrote to memory of 4732	2824	jalinga_studio.4.0.2040.0.exe	121
PID 4732 wrote to memory of 460	4732	vc_redist.x64.2019.exe	122
PID 4732 wrote to memory of 460	4732	vc_redist.x64.2019.exe	122
PID 4732 wrote to memory of 460	4732	vc_redist.x64.2019.exe	122
PID 2824 wrote to memory of 2848	2824	jalinga_studio.4.0.2040.0.exe	123
PID 2824 wrote to memory of 2848	2824	jalinga_studio.4.0.2040.0.exe	123
PID 2824 wrote to memory of 2848	2824	jalinga_studio.4.0.2040.0.exe	123
PID 1972 wrote to memory of 228	1972	msiexec.exe	126
PID 1972 wrote to memory of 228	1972	msiexec.exe	126
PID 1972 wrote to memory of 228	1972	msiexec.exe	126
PID 1972 wrote to memory of 4136	1972	msiexec.exe	127
PID 1972 wrote to memory of 4136	1972	msiexec.exe	127
PID 1972 wrote to memory of 4136	1972	msiexec.exe	127
PID 4136 wrote to memory of 2080	4136	MsiExec.exe	128

C:\Users\Admin\AppData\Local\Temp\jalinga_studio.4.0.2040.0.exe
"C:\Users\Admin\AppData\Local\Temp\jalinga_studio.4.0.2040.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe
  "C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe" /verysilent /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3888
- - C:\Users\Admin\AppData\Local\Temp\is-O288F.tmp\LAVFilters-0.73-Installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-O288F.tmp\LAVFilters-0.73-Installer.tmp" /SL5="$7011E,11719530,57856,C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe" /verysilent /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3212
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x86\LAVAudio.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1464
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x86\LAVSplitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:748
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x86\LAVVideo.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4176
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4476
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2024
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1304
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:216
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3432
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4160
- C:\Program Files\Jalinga Studio\vc_redist.x86.2010.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x86.2010.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:428
- - \??\c:\c93a1a1e47086fb2fbb9\Setup.exe
    c:\c93a1a1e47086fb2fbb9\Setup.exe /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:1888
- C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Windows\Temp\{234A1F5F-9F1D-40E7-8492-15E04B82A80C}\.cr\vc_redist.x86.2019.exe
    "C:\Windows\Temp\{234A1F5F-9F1D-40E7-8492-15E04B82A80C}\.cr\vc_redist.x86.2019.exe" -burn.clean.room="C:\Program Files\Jalinga Studio\vc_redist.x86.2019.exe" -burn.filehandle.attached=548 -burn.filehandle.self=648 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3988
- C:\Program Files\Jalinga Studio\vc_redist.x64.2010.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x64.2010.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3348
- - \??\c:\b5484baebc31d38f5288f901687b\Setup.exe
    c:\b5484baebc31d38f5288f901687b\Setup.exe /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:804
- C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe
  "C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Windows\Temp\{05F42598-B527-4702-BAAC-7B5FAD3AB2D4}\.cr\vc_redist.x64.2019.exe
    "C:\Windows\Temp\{05F42598-B527-4702-BAAC-7B5FAD3AB2D4}\.cr\vc_redist.x64.2019.exe" -burn.clean.room="C:\Program Files\Jalinga Studio\vc_redist.x64.2019.exe" -burn.filehandle.attached=656 -burn.filehandle.self=684 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:460
- C:\Windows\SysWOW64\msiexec.exe
  msiexec /i "C:\Program Files\Jalinga Studio\SurfaceRuntime.msi" /quiet /qn /norestart
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2848

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F8DBA7B38DE6EC2FB72BA24B7DCDF3B1
  2⤵
  - Loads dropped DLL
  PID:228
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9B1667CFCE04483D16D28C809A506BE3 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4136
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2080
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Core.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4144
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man"
    3⤵
    PID:1096
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files (x86)\Microsoft Surface\v2.0\Microsoft-Surface-Presentation.man" /fromwow64
      4⤵
      PID:2320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\LAV Filters\unins000.exe

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax

Filesize
301KB

MD5
5fc0485fc0af5e830394925d0dd2e64e

SHA1
15bf82543b318a142f1f2d5956dfc691d38da01d

SHA256
0756a983da10579c2dc08e9be7696c031d9a457ab2c75204cb0b11bff79976fb

SHA512
3d5472b96046262ace855e33d8f84335678ef9b0ffa33731360685ae74030874155e9f873e56b69e248ee9c9fa3286319bf5e5413253718f682e085e0f2d3ef4

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax

Filesize
301KB

MD5
5fc0485fc0af5e830394925d0dd2e64e

SHA1
15bf82543b318a142f1f2d5956dfc691d38da01d

SHA256
0756a983da10579c2dc08e9be7696c031d9a457ab2c75204cb0b11bff79976fb

SHA512
3d5472b96046262ace855e33d8f84335678ef9b0ffa33731360685ae74030874155e9f873e56b69e248ee9c9fa3286319bf5e5413253718f682e085e0f2d3ef4

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVAudio.ax

Filesize
301KB

MD5
5fc0485fc0af5e830394925d0dd2e64e

SHA1
15bf82543b318a142f1f2d5956dfc691d38da01d

SHA256
0756a983da10579c2dc08e9be7696c031d9a457ab2c75204cb0b11bff79976fb

SHA512
3d5472b96046262ace855e33d8f84335678ef9b0ffa33731360685ae74030874155e9f873e56b69e248ee9c9fa3286319bf5e5413253718f682e085e0f2d3ef4

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax

Filesize
655KB

MD5
211edfde91c97a547ea0dc2de161476d

SHA1
9ccd350682c9a7f7e0597c0bed7f44f1b5082c44

SHA256
59ffb8f14919fcf9a5881326edab0a83fd8ef612f22f1bb884f52c0ad15d8745

SHA512
3c69af1a56fa638ecd773452e67938940d5b56d13c7903dcfe1beace13bdb396a82cbac7aa2d7cd98a104c94269bf0ba826425af732557aa892c6e9d3e4b30af

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax

Filesize
655KB

MD5
211edfde91c97a547ea0dc2de161476d

SHA1
9ccd350682c9a7f7e0597c0bed7f44f1b5082c44

SHA256
59ffb8f14919fcf9a5881326edab0a83fd8ef612f22f1bb884f52c0ad15d8745

SHA512
3c69af1a56fa638ecd773452e67938940d5b56d13c7903dcfe1beace13bdb396a82cbac7aa2d7cd98a104c94269bf0ba826425af732557aa892c6e9d3e4b30af

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVSplitter.ax

Filesize
655KB

MD5
211edfde91c97a547ea0dc2de161476d

SHA1
9ccd350682c9a7f7e0597c0bed7f44f1b5082c44

SHA256
59ffb8f14919fcf9a5881326edab0a83fd8ef612f22f1bb884f52c0ad15d8745

SHA512
3c69af1a56fa638ecd773452e67938940d5b56d13c7903dcfe1beace13bdb396a82cbac7aa2d7cd98a104c94269bf0ba826425af732557aa892c6e9d3e4b30af

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax

Filesize
1.2MB

MD5
9e5c7abf08e968c16d19b3e3c8b5b2d3

SHA1
98d1e61096722284a33cbbf75006c88dd9532c48

SHA256
aed745551ce887199dcedcdd633a08f8a7ae0c96d60e6353d8f42157b5074801

SHA512
4ac7f8fd1df73e1d6afc83c54c6e6f45813f9094a34c322f71a5f324ab5a5a24635104a579b1504b48a7d9a733ce399919fea2ffd42b13e780a34d974f7bb57e

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax

Filesize
1.2MB

MD5
9e5c7abf08e968c16d19b3e3c8b5b2d3

SHA1
98d1e61096722284a33cbbf75006c88dd9532c48

SHA256
aed745551ce887199dcedcdd633a08f8a7ae0c96d60e6353d8f42157b5074801

SHA512
4ac7f8fd1df73e1d6afc83c54c6e6f45813f9094a34c322f71a5f324ab5a5a24635104a579b1504b48a7d9a733ce399919fea2ffd42b13e780a34d974f7bb57e

Download Submit
C:\Program Files (x86)\LAV Filters\x64\LAVVideo.ax

Filesize
1.2MB

MD5
9e5c7abf08e968c16d19b3e3c8b5b2d3

SHA1
98d1e61096722284a33cbbf75006c88dd9532c48

SHA256
aed745551ce887199dcedcdd633a08f8a7ae0c96d60e6353d8f42157b5074801

SHA512
4ac7f8fd1df73e1d6afc83c54c6e6f45813f9094a34c322f71a5f324ab5a5a24635104a579b1504b48a7d9a733ce399919fea2ffd42b13e780a34d974f7bb57e

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avcodec-lav-58.dll

Filesize
13.7MB

MD5
c1c0ac9e9b368182b46e9f19ac0ac80d

SHA1
f6a89019156503cafc645e2bf6c66ec068b3c68b

SHA256
fdd817b79ea0d6b5651709616ee489672d3cc8eafbf06a271777824be877804c

SHA512
4d153e7508507e337abe8f94b23445829161b63d8a2492e6131011f048cc518c7455cd06ac912d21f86566a10659b4962349f067d159fbafd68176d2cbdbccfa

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll

Filesize
1.6MB

MD5
7dba10836cc3290d96e5eaf12bb7756e

SHA1
a428bc404f7534a56837835535fe796282e08fd8

SHA256
b93454722bb4cc56767bc9c636fac60b8594511e28f00a6a47467d069a256072

SHA512
91e45f7cbf736b81324b5833c3210840a0fd065ff6666a4521423094266c351985d008d04dbb41ec495f6620035ff96d0ae08a6b16b4a7a4e76238843803c83c

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll

Filesize
1.6MB

MD5
7dba10836cc3290d96e5eaf12bb7756e

SHA1
a428bc404f7534a56837835535fe796282e08fd8

SHA256
b93454722bb4cc56767bc9c636fac60b8594511e28f00a6a47467d069a256072

SHA512
91e45f7cbf736b81324b5833c3210840a0fd065ff6666a4521423094266c351985d008d04dbb41ec495f6620035ff96d0ae08a6b16b4a7a4e76238843803c83c

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avformat-lav-58.dll

Filesize
1.6MB

MD5
7dba10836cc3290d96e5eaf12bb7756e

SHA1
a428bc404f7534a56837835535fe796282e08fd8

SHA256
b93454722bb4cc56767bc9c636fac60b8594511e28f00a6a47467d069a256072

SHA512
91e45f7cbf736b81324b5833c3210840a0fd065ff6666a4521423094266c351985d008d04dbb41ec495f6620035ff96d0ae08a6b16b4a7a4e76238843803c83c

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avresample-lav-4.dll

Filesize
163KB

MD5
571a1d742403d8efcda16d870e24fe51

SHA1
f0b83616e84ac18229403035036a2673da465221

SHA256
6536c2190e4d75e0cef1fc7ce36ff3546b060d4736298afff4a33850bcc36695

SHA512
b77a60bca188cbb65923412e41d1ab1e9991b942ac16b839ce80f00361b77d12e6ba38f82c4c29bfa8886fd72b46b763c3f74fb7f30a974556c88b0a81da560f

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
C:\Program Files (x86)\LAV Filters\x64\avutil-lav-56.dll

Filesize
494KB

MD5
3e0b48d6b378b74a30034abeef75f436

SHA1
8768712bac6e8cd065f413ad8f1dab33af78ed1f

SHA256
8904fee508101a6b5401d1d833065f9f3e470edbac2433cbf4f00795b9f0015b

SHA512
90885a478e06c4b09ab0f8e6b311f204f56cef080f5703f7dff3381e0c236194fbe315f5f621219b16f497c2cc0e64e045f771d12a94b038c4b24fa082006865

Download Submit
C:\Program Files (x86)\LAV Filters\x64\libbluray.dll

Filesize
334KB

MD5
c00c82ad564d121426b29ca836c0a065

SHA1
fed5cf0fa3e1277c4f73ed2b1da7cfceea350cc8

SHA256
f24ef8dd55955a1c9cfc699cc98b7231161de6a7c84be6a4637f08bed05c9e9c

SHA512
47a43a59cc331ee9f2d339eb5b20005f36c2ccfeff9dc3c813943ee9a01e8f47870564036947b584a788492a0d13f06cd740985b633a9b67e70e10e379f00b67

Download Submit
C:\Program Files (x86)\LAV Filters\x64\libbluray.dll

Filesize
334KB

MD5
c00c82ad564d121426b29ca836c0a065

SHA1
fed5cf0fa3e1277c4f73ed2b1da7cfceea350cc8

SHA256
f24ef8dd55955a1c9cfc699cc98b7231161de6a7c84be6a4637f08bed05c9e9c

SHA512
47a43a59cc331ee9f2d339eb5b20005f36c2ccfeff9dc3c813943ee9a01e8f47870564036947b584a788492a0d13f06cd740985b633a9b67e70e10e379f00b67

Download Submit
C:\Program Files (x86)\LAV Filters\x64\swscale-lav-5.dll

Filesize
536KB

MD5
fc988a11bb057b35d694e9ebcdec7110

SHA1
ddd4c5f1ea71626c2cb556b0f02d71f819e5666c

SHA256
3138475cfeba34282b1d3de1b5b324cf2bd61a7212fab19abfa6ba0a09f9a936

SHA512
c781b64458609f0ebda88d5f3445fd0ea50cd4db10afb5b49b7057f31a118d4d94911085ad5be7ff33ed563b607384f5c42b6373d931cfd036ec5b5cde1e0522

Download Submit
C:\Program Files (x86)\LAV Filters\x64\swscale-lav-5.dll

Filesize
536KB

MD5
fc988a11bb057b35d694e9ebcdec7110

SHA1
ddd4c5f1ea71626c2cb556b0f02d71f819e5666c

SHA256
3138475cfeba34282b1d3de1b5b324cf2bd61a7212fab19abfa6ba0a09f9a936

SHA512
c781b64458609f0ebda88d5f3445fd0ea50cd4db10afb5b49b7057f31a118d4d94911085ad5be7ff33ed563b607384f5c42b6373d931cfd036ec5b5cde1e0522

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVAudio.ax

Filesize
259KB

MD5
8c7d3a2dd89c717f8a8deda045e9dc50

SHA1
fc96eed22a6e17249f7be1e93015db8ceae5737e

SHA256
002d5bfa19a4fd3e924c4b2907afca1b788d57cae0d839db63693e88ea2130e8

SHA512
55663a60ae57a08d6bd31b705c26af7e99e77bacc3785d827fbcd479700493bcbcb37cf680515fd47fb6906d506d5dca96a4590a57c94c37b08a41a4d4de335e

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVAudio.ax

Filesize
259KB

MD5
8c7d3a2dd89c717f8a8deda045e9dc50

SHA1
fc96eed22a6e17249f7be1e93015db8ceae5737e

SHA256
002d5bfa19a4fd3e924c4b2907afca1b788d57cae0d839db63693e88ea2130e8

SHA512
55663a60ae57a08d6bd31b705c26af7e99e77bacc3785d827fbcd479700493bcbcb37cf680515fd47fb6906d506d5dca96a4590a57c94c37b08a41a4d4de335e

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVSplitter.ax

Filesize
538KB

MD5
317312557542f2e6c86c753e97739a82

SHA1
ba48bc0f0e961460cfd233f11c59182c6a24e1d0

SHA256
c78ca50629505e365c4214618575401efd302a4c53b0f3f4a64b08b7461fdff3

SHA512
7c0d25e3692297c7176dac52913b0a4f84ba362e88e36eef05c17c16c7721ad99543e08f74be95c47cabb8be3c489061564d8159eb8d27124e614a7eb233afc7

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVSplitter.ax

Filesize
538KB

MD5
317312557542f2e6c86c753e97739a82

SHA1
ba48bc0f0e961460cfd233f11c59182c6a24e1d0

SHA256
c78ca50629505e365c4214618575401efd302a4c53b0f3f4a64b08b7461fdff3

SHA512
7c0d25e3692297c7176dac52913b0a4f84ba362e88e36eef05c17c16c7721ad99543e08f74be95c47cabb8be3c489061564d8159eb8d27124e614a7eb233afc7

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVVideo.ax

Filesize
1018KB

MD5
4578a1854d3d81273fa864d023608cd1

SHA1
db72f387e095a2baf0cd5767020ab0c0ac51d7b8

SHA256
3cc4b020e39217a1ccf55f9efa14c802082d6b83b5617af179956be71b3978d1

SHA512
cdc8304ba408723f79a5b85090e0859cd918367db877af4152526fa1acb9be7ac41c7b58e9e342c9f019abfea230293da72b37c162362d68d51a55c80874158b

Download Submit
C:\Program Files (x86)\LAV Filters\x86\LAVVideo.ax

Filesize
1018KB

MD5
4578a1854d3d81273fa864d023608cd1

SHA1
db72f387e095a2baf0cd5767020ab0c0ac51d7b8

SHA256
3cc4b020e39217a1ccf55f9efa14c802082d6b83b5617af179956be71b3978d1

SHA512
cdc8304ba408723f79a5b85090e0859cd918367db877af4152526fa1acb9be7ac41c7b58e9e342c9f019abfea230293da72b37c162362d68d51a55c80874158b

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avcodec-lav-58.dll

Filesize
13.1MB

MD5
f95172633fb1459f3b8f54d8b17c65ff

SHA1
6665a91175cc0b5c2bf87dff8cbd50a589dd3f7e

SHA256
12c70eeeb3430013bf5cc5d2e78704146b3f9da968103f87d0dd67c3b03b40c5

SHA512
7b4c0e56d6b89f60d17f7005a0dc2aa82cc65c2a50a345ed37eb72e09a0cb1e26bb6456dff4355cdeedd3eeabf73ec909aa2c1c65182d9bc0a5ff5d002dc67b9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avfilter-lav-7.dll

Filesize
199KB

MD5
a8f17210ce3efaca99a414fdc7ce4fbb

SHA1
d14c8fbcbd69efe1ed48f30a20e29b5fa09792e8

SHA256
19419924fbc077cea05e6b83c101326d9b0239cce9d01511e3c723aa172395ba

SHA512
4efc7be3c7ad95f25944c03187b158f9086d6c1c9b7c22ddafd2869acfcff4e886138e72253b3a669eeb9b96aed508ec1f3adc3c0a12afc60763f026ead0a437

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avfilter-lav-7.dll

Filesize
199KB

MD5
a8f17210ce3efaca99a414fdc7ce4fbb

SHA1
d14c8fbcbd69efe1ed48f30a20e29b5fa09792e8

SHA256
19419924fbc077cea05e6b83c101326d9b0239cce9d01511e3c723aa172395ba

SHA512
4efc7be3c7ad95f25944c03187b158f9086d6c1c9b7c22ddafd2869acfcff4e886138e72253b3a669eeb9b96aed508ec1f3adc3c0a12afc60763f026ead0a437

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll

Filesize
1.8MB

MD5
490bff67b49428b054964e2a03c4fcdf

SHA1
3e25f235b706ab8ff23e72e4b322d78f681839f8

SHA256
4acbb05e602a874db0e13e9d75efb0939aac149aba5aea58b656965a324157a0

SHA512
11d1b54a432390143df7d01a366eefae525605b91c4d3f5f0fcc401c3dd0e7c6960a3a09e38d162027a4802226df7539073c4619f7f57940f05ae70a52d174b4

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll

Filesize
1.8MB

MD5
490bff67b49428b054964e2a03c4fcdf

SHA1
3e25f235b706ab8ff23e72e4b322d78f681839f8

SHA256
4acbb05e602a874db0e13e9d75efb0939aac149aba5aea58b656965a324157a0

SHA512
11d1b54a432390143df7d01a366eefae525605b91c4d3f5f0fcc401c3dd0e7c6960a3a09e38d162027a4802226df7539073c4619f7f57940f05ae70a52d174b4

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avformat-lav-58.dll

Filesize
1.8MB

MD5
490bff67b49428b054964e2a03c4fcdf

SHA1
3e25f235b706ab8ff23e72e4b322d78f681839f8

SHA256
4acbb05e602a874db0e13e9d75efb0939aac149aba5aea58b656965a324157a0

SHA512
11d1b54a432390143df7d01a366eefae525605b91c4d3f5f0fcc401c3dd0e7c6960a3a09e38d162027a4802226df7539073c4619f7f57940f05ae70a52d174b4

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avresample-lav-4.dll

Filesize
158KB

MD5
be18a07cf61419ad6371ea4c62ed4187

SHA1
9d7b432d9d27c2f56d04dd89a518b62d19f9782d

SHA256
c94261a401b9aa01ce9ed0dcc7099d919f443a58761206c85ad1ced143efaa5a

SHA512
3ad0cb08cb4fb609ab96a65aa7523ee0bbb51b6b4c7aaf3d28f920e4c801e4d09ca8efcd70b3b922b4b75fabf5c9e8a358d1f0c6852046b090c1aa955e0f5084

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\avutil-lav-56.dll

Filesize
553KB

MD5
0d1b85365aa955969fde3483523055d0

SHA1
6d3df3b1bcd31759794972c74af9d4559b126c4d

SHA256
72b03168682d8de7a97d5e1dff8a4d42e35ea3e0d19be49505e1810429fe3bf6

SHA512
5c739b8c7dc2af0583088e48c020d56194e239b823b64700a271580d07b4624625690eedc2da3c4b496f21323eff94f5dbf25521460f4879caade7a0751c71e9

Download Submit
C:\Program Files (x86)\LAV Filters\x86\libbluray.dll

Filesize
280KB

MD5
beec0ed19b1336dd0e5fab430ca9e3b9

SHA1
81c2e9877b89a9c0525535854afdd2355d6a2066

SHA256
f9784b4d47d4453e709bff8e656995ead1341aad63201c2fb62ebed51d3d6167

SHA512
1c7ecac550694b0ac6c1b2aaa291bc4dfb2468704a9076e43fba09a47517255866588ed261d23ed54b7b88849bee5d5ca85b80563491a3fd0e591c3a1b3c7dad

Download Submit
C:\Program Files (x86)\LAV Filters\x86\libbluray.dll

Filesize
280KB

MD5
beec0ed19b1336dd0e5fab430ca9e3b9

SHA1
81c2e9877b89a9c0525535854afdd2355d6a2066

SHA256
f9784b4d47d4453e709bff8e656995ead1341aad63201c2fb62ebed51d3d6167

SHA512
1c7ecac550694b0ac6c1b2aaa291bc4dfb2468704a9076e43fba09a47517255866588ed261d23ed54b7b88849bee5d5ca85b80563491a3fd0e591c3a1b3c7dad

Download Submit
C:\Program Files (x86)\LAV Filters\x86\swscale-lav-5.dll

Filesize
534KB

MD5
2041c494ef4b8a1b3744a346a092edb3

SHA1
a84873405c8d195f9a4b9b1ef1128bafb690707c

SHA256
b9614a1d14f53c71af486d170f2dfbf592dbdbcfd48f72932524c771c8bd1d77

SHA512
242ca54bc234092af6ab6a4d05aa138ad301df7f3bfd5565d98a2b8814645ba9496239e4f5d4c7541c7dfedc5a6c89752bac63c030b673018e7276c4a252b29f

Download Submit
C:\Program Files (x86)\LAV Filters\x86\swscale-lav-5.dll

Filesize
534KB

MD5
2041c494ef4b8a1b3744a346a092edb3

SHA1
a84873405c8d195f9a4b9b1ef1128bafb690707c

SHA256
b9614a1d14f53c71af486d170f2dfbf592dbdbcfd48f72932524c771c8bd1d77

SHA512
242ca54bc234092af6ab6a4d05aa138ad301df7f3bfd5565d98a2b8814645ba9496239e4f5d4c7541c7dfedc5a6c89752bac63c030b673018e7276c4a252b29f

Download Submit
C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe

Filesize
11.4MB

MD5
44c38392c32d058beda9f410f0366a9e

SHA1
3c5572035de70810821b1bd3695766c8b4e4ecac

SHA256
9e75f3ed760d54b1e8134072971b724b4707e3eca14a90ed233ac71ab51f94ee

SHA512
69da99543dd7a65d714e5b13cd5d8d7e3d5dbd190516e4abf731b8141c6eda3204401f2c48819f2156ef7a3536cd76c06bffb507816e4870ba8f7244e801bd11

Download Submit
C:\Program Files\Jalinga Studio\LAVFilters-0.73-Installer.exe

Filesize
11.4MB

MD5
44c38392c32d058beda9f410f0366a9e

SHA1
3c5572035de70810821b1bd3695766c8b4e4ecac

SHA256
9e75f3ed760d54b1e8134072971b724b4707e3eca14a90ed233ac71ab51f94ee

SHA512
69da99543dd7a65d714e5b13cd5d8d7e3d5dbd190516e4abf731b8141c6eda3204401f2c48819f2156ef7a3536cd76c06bffb507816e4870ba8f7244e801bd11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup_20230306_160940476.html

Filesize
16KB

MD5
8b799e8c4d45251559d0bf2af9a6bd16

SHA1
fb9ac347d6bea0018b5da8d3bc95d9f824c2caeb

SHA256
b4d333be221f94d9f632ba40dc595358a6caed5cd9b7fbca5490bb73a922507d

SHA512
0b9e5286ffa3cd0f0015dad92993503df4a231e2339a9082b13375ab25bf00fab01b8b907b438afc93797ee3ea83a01cc29428887afc2eae8087d1f95afe2117

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIXPF001\wixperf.ini

Filesize
1KB

MD5
7ab63ec67d5e9c77b257e510447c5e99

SHA1
7ea462dc1891709c0732f83d6b5775b1876af0a9

SHA256
7be590c1fe806c04ac6bac4a793a6996dba5a966618e445ec0bae1e2b7296886

SHA512
9b08698cd84908a5a3e2f9566039a8d47e37e5016e9681f6bfa4b0eb1837b604ec057c8c0416126cbf1c200f7b1f5e70ab17631a761980e17e4af83987c25ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9QU55.tmp\idp.dll

Filesize
216KB

MD5
b37377d34c8262a90ff95a9a92b65ed8

SHA1
faeef415bd0bc2a08cf9fe1e987007bf28e7218d

SHA256
e5a0ad2e37dde043a0dd4ad7634961ff3f0d70e87d2db49761eb4c1f468bb02f

SHA512
69d8da5b45d9b4b996d32328d3402fa37a3d710564d47c474bf9e15c1e45bc15b2858dbab446e6baec0c099d99007ff1099e9c4e66cfd1597f28c420bb50fdcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O288F.tmp\LAVFilters-0.73-Installer.tmp

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O288F.tmp\LAVFilters-0.73-Installer.tmp

Filesize
702KB

MD5
220515d10fc1fabbee9f845b49a88e9a

SHA1
759478d6cc36a21e2efd306d0699e5a9167466f1

SHA256
53039f32f90c16b497d6bf42221d78c719c4cd232ea72cab9071d61d469aacf7

SHA512
8eff0c9ddc1ac1de10fee7cbbea723f15b1e64025417d541f458b00cc6832f818d2422bba93391943cf5ad11beb27a7f4e2aae8b45e6d3b94d8a30b151afabb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskAE47.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskAE47.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Windows\INF\Microsoft Surface Presentation\wixperf.h

Filesize
223B

MD5
2b70dabc4114354f6d3e25d783eee380

SHA1
7b0ce53f48ec10855012752d1bd1c9e0c68260de

SHA256
ec2eddc17e94633c4374cdcfd1ced7166bacd6cdbdcdb0602676b48a0eef60bc

SHA512
89384cdf9611b2228c4ce97633363932672787e2169462fc2c82ecc864f0dc349f36c7b3abf95644640d17a04bc3d8a0f6facef387ddeefc094166db8650b074

Download Submit
C:\Windows\Installer\MSIDF06.tmp

Filesize
254KB

MD5
309c77f018ddb2380dcf8aea9ba6312a

SHA1
b6ee083a7f9d3296083d51702abe4c09cfb4c12b

SHA256
6685f23272c1af6e7a8ae56e34a997b374b55e4ec9e6ec614c25f9de84d77973

SHA512
55bd4e0ecf30881ff7db35595bd260b920508d2787a6cc083686e288a9add13b550ef2eaf957510865d9647f53c9d756f085ebe5e782a57976e19bdcd3a98fb3

Download Submit
C:\Windows\Installer\MSIED9F.tmp

Filesize
148KB

MD5
3bb8ab8803dfb0b7885323eb0784c152

SHA1
27797f02b835796411ed31e99630c7d6d28a0223

SHA256
6eba28700036c0af7a8cf4d919af6e04e0fbe1af89ba0d7c81074492d9c774b6

SHA512
e3003d88aeb5ddad3b97f1e5943046c00897f8a1a8aa0009343eca22d43f4c8117d3e62e9f0314a7b8e04ad8fccda979fa8eafb0d5c0e0e18244965766606a4a

Download Submit
C:\Windows\Temp\{5802FB5C-C831-4AB4-8559-386639E424DA}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{74247707-AF37-40E5-BEF2-E6EAB1E556A1}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
memory/1972-726-0x0000019E757C0000-0x0000019E757E0000-memory.dmp

Filesize
128KB

Download
memory/1972-711-0x0000019E74D20000-0x0000019E74D2E000-memory.dmp

Filesize
56KB

Download
memory/1972-714-0x0000019E75790000-0x0000019E757B4000-memory.dmp

Filesize
144KB

Download
memory/1972-717-0x0000019E75760000-0x0000019E75778000-memory.dmp

Filesize
96KB

Download
memory/1972-720-0x0000019E757F0000-0x0000019E75814000-memory.dmp

Filesize
144KB

Download
memory/1972-723-0x0000019E759F0000-0x0000019E75AF0000-memory.dmp

Filesize
1024KB

Download
memory/3212-285-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3212-157-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/3212-264-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3888-145-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3888-286-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3888-263-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download