33d78a44d878a8b66443579954e8822bc9d3b6117495b90d01425b661d41daee

Analysis

max time kernel
178s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.msi
Size

653.6MB
MD5

6fb16aae33afd2282f217b53b3ef0a9c
SHA1

515a3133edee17c9496a8fa3f2d6853296928054
SHA256

33d78a44d878a8b66443579954e8822bc9d3b6117495b90d01425b661d41daee
SHA512

8688c107e0cd742b0e81964cb4b402adfd0240afe2dbb2b587a0c30a97cbfce26c9c6798e89399e66aa0450d153d813be0ef5d3d8fc846de8107bd74da2a1f15
SSDEEP

12582912:YHpej5dfvcFJHSErUs8Gp0s4mCXPD647f6iDAZ9IYF4MTvFRqD8rwmWGL0AbIp6S:Y8j/XcFJHS8UxG0s5KZaamuWwmWGN

Score

6^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
21	1044	msiexec.exe

Enumerates connected drives 3 TTPs 50 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\F:	Topaz Video AI.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\F:	Topaz Video AI.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\D:	Topaz Video AI.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\D:	Topaz Video AI.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Windows\SpinBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQml\WorkerScript\workerscriptplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\Makefile	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\Popup.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\ToolButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\demux_decode.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\openvino_intel_gpu_plugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\qtquickcontrols2imaginestyleplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\ComboBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\impl\qtquickcontrols2fusionstyleimplplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\ScrollView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\decode_filter_video.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\quickimpl\qml\+Fusion\FolderBreadcrumbBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\SplitView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\D3Dcompiler_47.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\impl\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\GroupBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQml\WorkerScript\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffprobe.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\openvino_paddle_frontend.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\transcode.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\translations\qt_bg.qm	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\CheckBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Particles\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\ApplicationWindow.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg-bitstream-filters.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\ItemDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\libvpx-1080p50_60.ffpreset	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6LabsSettings.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQml\XmlListModel\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\SwitchDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\SpinBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\platform.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\BusyIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\quickimpl\qml\+Imagine\FolderBreadcrumbBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\ScrollIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\avio_read_callback.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\fate.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\ToolSeparator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg-scaler.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\SwitchDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\GroupBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Windows\ProgressBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\translations\qt_de.qm	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\impl\qtquickcontrols2universalstyleimplplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Widgets.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\Menu.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\impl\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\PageIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\DialogButtonBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\NativeStyle\controls\DefaultSpinBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\Pane.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg-filters.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\TextArea.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Layouts\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\impl\OpacityMask.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\BusyIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\qtquickcontrols2fusionstyleplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\Dial.qml	msiexec.exe

Drops file in Windows directory 37 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\e5846d8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFA6C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{E41A37EA-E32C-4E3B-B2BA-2C9787A1828B}\mainapp.exe	msiexec.exe
File created	C:\Windows\Installer\e5846da.msi	msiexec.exe
File created	C:\Windows\Installer\DerandomizedSymbolicLinksForSourceLists\Setup.msi	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSI5C73.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7463.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\{E41A37EA-E32C-4E3B-B2BA-2C9787A1828B}\mainapp.exe	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7FB.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI730A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFCBF.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E41A37EA-E32C-4E3B-B2BA-2C9787A1828B}	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\e5846d8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI729C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\AE73A14EC23EB3E42BABC279781A28B8\3.3.10\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe

Executes dropped EXE 7 IoCs

pid	Process
4520	Topaz Video AI.exe
3400	crashpad_handler.exe
3532	Topaz Video AI.exe
1848	crashpad_handler.exe
4416	login.exe
2748	login.exe
2704	login.exe

Loads dropped DLL 64 IoCs

pid	Process
5008	MsiExec.exe
796	MsiExec.exe
3896	MsiExec.exe
3896	MsiExec.exe
3896	MsiExec.exe
3036	MsiExec.exe
3036	MsiExec.exe
3036	MsiExec.exe
796	MsiExec.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
4520	Topaz Video AI.exe
3532	Topaz Video AI.exe
3532	Topaz Video AI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE73A14EC23EB3E42BABC279781A28B8	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\Version = "50528266"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE73A14EC23EB3E42BABC279781A28B8\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Media\DiskPrompt = "Topaz Video AI Installer Package"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\ProductName = "Topaz Video AI"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\PackageCode = "E0DD9F4FDBC109745A7314A82E6834C8"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\PackageName = "Setup.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\LastUsedSource = "n;2;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\ProductIcon = "C:\\Windows\\Installer\\{E41A37EA-E32C-4E3B-B2BA-2C9787A1828B}\\mainapp.exe"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Net\2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE\AE73A14EC23EB3E42BABC279781A28B8	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Net\1 = "C:\\Windows\\Installer\\DerandomizedSymbolicLinksForSourceLists\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE73A14EC23EB3E42BABC279781A28B8\VCRedist	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE73A14EC23EB3E42BABC279781A28B8\SourceList\Media\1 = ";Installer Package"	msiexec.exe

Modifies system certificate store 2 TTPs 10 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c000000010000000400000000080000040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f19000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Topaz Video AI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4520	Topaz Video AI.exe
3532	Topaz Video AI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4156	msiexec.exe
4156	msiexec.exe
2628	msedge.exe
2628	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4520	Topaz Video AI.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1044	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1044	msiexec.exe
Token: SeSecurityPrivilege	4156	msiexec.exe
Token: SeCreateTokenPrivilege	1044	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1044	msiexec.exe
Token: SeLockMemoryPrivilege	1044	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1044	msiexec.exe
Token: SeMachineAccountPrivilege	1044	msiexec.exe
Token: SeTcbPrivilege	1044	msiexec.exe
Token: SeSecurityPrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeLoadDriverPrivilege	1044	msiexec.exe
Token: SeSystemProfilePrivilege	1044	msiexec.exe
Token: SeSystemtimePrivilege	1044	msiexec.exe
Token: SeProfSingleProcessPrivilege	1044	msiexec.exe
Token: SeIncBasePriorityPrivilege	1044	msiexec.exe
Token: SeCreatePagefilePrivilege	1044	msiexec.exe
Token: SeCreatePermanentPrivilege	1044	msiexec.exe
Token: SeBackupPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeShutdownPrivilege	1044	msiexec.exe
Token: SeDebugPrivilege	1044	msiexec.exe
Token: SeAuditPrivilege	1044	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1044	msiexec.exe
Token: SeChangeNotifyPrivilege	1044	msiexec.exe
Token: SeRemoteShutdownPrivilege	1044	msiexec.exe
Token: SeUndockPrivilege	1044	msiexec.exe
Token: SeSyncAgentPrivilege	1044	msiexec.exe
Token: SeEnableDelegationPrivilege	1044	msiexec.exe
Token: SeManageVolumePrivilege	1044	msiexec.exe
Token: SeImpersonatePrivilege	1044	msiexec.exe
Token: SeCreateGlobalPrivilege	1044	msiexec.exe
Token: SeCreateTokenPrivilege	1044	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1044	msiexec.exe
Token: SeLockMemoryPrivilege	1044	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1044	msiexec.exe
Token: SeMachineAccountPrivilege	1044	msiexec.exe
Token: SeTcbPrivilege	1044	msiexec.exe
Token: SeSecurityPrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeLoadDriverPrivilege	1044	msiexec.exe
Token: SeSystemProfilePrivilege	1044	msiexec.exe
Token: SeSystemtimePrivilege	1044	msiexec.exe
Token: SeProfSingleProcessPrivilege	1044	msiexec.exe
Token: SeIncBasePriorityPrivilege	1044	msiexec.exe
Token: SeCreatePagefilePrivilege	1044	msiexec.exe
Token: SeCreatePermanentPrivilege	1044	msiexec.exe
Token: SeBackupPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeShutdownPrivilege	1044	msiexec.exe
Token: SeDebugPrivilege	1044	msiexec.exe
Token: SeAuditPrivilege	1044	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1044	msiexec.exe
Token: SeChangeNotifyPrivilege	1044	msiexec.exe
Token: SeRemoteShutdownPrivilege	1044	msiexec.exe
Token: SeUndockPrivilege	1044	msiexec.exe
Token: SeSyncAgentPrivilege	1044	msiexec.exe
Token: SeEnableDelegationPrivilege	1044	msiexec.exe
Token: SeManageVolumePrivilege	1044	msiexec.exe
Token: SeImpersonatePrivilege	1044	msiexec.exe
Token: SeCreateGlobalPrivilege	1044	msiexec.exe
Token: SeCreateTokenPrivilege	1044	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1044	msiexec.exe
Token: SeLockMemoryPrivilege	1044	msiexec.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1044	msiexec.exe
1044	msiexec.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3532	Topaz Video AI.exe
4520	Topaz Video AI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 5008	4156	msiexec.exe	93
PID 4156 wrote to memory of 5008	4156	msiexec.exe	93
PID 4156 wrote to memory of 796	4156	msiexec.exe	99
PID 4156 wrote to memory of 796	4156	msiexec.exe	99
PID 4156 wrote to memory of 796	4156	msiexec.exe	99
PID 4156 wrote to memory of 3896	4156	msiexec.exe	102
PID 4156 wrote to memory of 3896	4156	msiexec.exe	102
PID 4156 wrote to memory of 3036	4156	msiexec.exe	110
PID 4156 wrote to memory of 3036	4156	msiexec.exe	110
PID 796 wrote to memory of 4520	796	MsiExec.exe	113
PID 796 wrote to memory of 4520	796	MsiExec.exe	113
PID 4520 wrote to memory of 3400	4520	Topaz Video AI.exe	114
PID 4520 wrote to memory of 3400	4520	Topaz Video AI.exe	114
PID 3532 wrote to memory of 1848	3532	Topaz Video AI.exe	119
PID 3532 wrote to memory of 1848	3532	Topaz Video AI.exe	119
PID 3532 wrote to memory of 4416	3532	Topaz Video AI.exe	122
PID 3532 wrote to memory of 4416	3532	Topaz Video AI.exe	122
PID 4520 wrote to memory of 2748	4520	Topaz Video AI.exe	123
PID 4520 wrote to memory of 2748	4520	Topaz Video AI.exe	123
PID 4520 wrote to memory of 2704	4520	Topaz Video AI.exe	126
PID 4520 wrote to memory of 2704	4520	Topaz Video AI.exe	126
PID 2704 wrote to memory of 764	2704	login.exe	128
PID 2704 wrote to memory of 764	2704	login.exe	128
PID 764 wrote to memory of 3684	764	cmd.exe	129
PID 764 wrote to memory of 3684	764	cmd.exe	129
PID 3684 wrote to memory of 4940	3684	msedge.exe	130
PID 3684 wrote to memory of 4940	3684	msedge.exe	130
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131
PID 3684 wrote to memory of 3712	3684	msedge.exe	131

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Setup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1044

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 4D0BD9A01365ADB491B5A9090265532C C
  2⤵
  - Loads dropped DLL
  PID:5008
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9A3CB8231734091A9E6CC667141E38B8 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:796
- - C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe
    "C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe"
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4520
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\crashpad_handler.exe
      "C:/Program Files/Topaz Labs LLC/Topaz Video AI/crashpad_handler.exe" "--attachment=main.txt=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2024-03-28-03-04-38-Main.tzlog" "--attachment=out.txt=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2024-03-28-03-04-38-Out.tzlog" "--database=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" "--metrics-dir=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" --url=https://submit.backtrace.io/topazlabs/b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98/minidump "--annotation=appName=Topaz Video AI" --annotation=appVersion=3.3.10 --annotation=email=Unspecified --annotation=format=minidump --annotation=token=b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98 --initial-client-data=0x4e0,0x4e4,0x4e8,0x4bc,0x4f0,0x7ff7d7a0e988,0x7ff7d7a0e9a0,0x7ff7d7a0e9b8
      4⤵
      Executes dropped EXE
      PID:3400
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\login.exe
      "C:\Program Files\Topaz Labs LLC\Topaz Video AI\login" status
      4⤵
      Executes dropped EXE
      PID:2748
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\login.exe
      "C:\Program Files\Topaz Labs LLC\Topaz Video AI\login"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start https://topazlabs.com/oauth/authorize?client_id=XbU0xqXX0H1U4GsI3B3xIzJwVY3KL3grXhUTm28K^^^&response_type=code^^^&state=64722
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:764
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://topazlabs.com/oauth/authorize?client_id=XbU0xqXX0H1U4GsI3B3xIzJwVY3KL3grXhUTm28K^&response_type=code^&state=64722
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff839ce46f8,0x7ff839ce4708,0x7ff839ce4718
        7⤵
        
        PID:4940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6200241315240670175,3045386676005229728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
        7⤵
        
        PID:3712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6200241315240670175,3045386676005229728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6200241315240670175,3045386676005229728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
        7⤵
        
        PID:4676
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6200241315240670175,3045386676005229728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
        7⤵
        
        PID:556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6200241315240670175,3045386676005229728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
        7⤵
        
        PID:1896
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding BFF4E2E462E060CB8903E1A4BE898064
  2⤵
  - Loads dropped DLL
  PID:3896
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 25CBA27879989A3677DF97CA7FA3C065 E Global\MSI0000
  2⤵
  - Drops file in Windows directory
  - Loads dropped DLL
  PID:3036

C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe
"C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe"
1⤵
- Enumerates connected drives
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Program Files\Topaz Labs LLC\Topaz Video AI\crashpad_handler.exe
  "C:/Program Files/Topaz Labs LLC/Topaz Video AI/crashpad_handler.exe" "--attachment=main.txt=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2024-03-28-03-05-10-Main.tzlog" "--attachment=out.txt=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2024-03-28-03-05-10-Out.tzlog" "--database=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" "--metrics-dir=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" --url=https://submit.backtrace.io/topazlabs/b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98/minidump "--annotation=appName=Topaz Video AI" --annotation=appVersion=3.3.10 --annotation=email=Unspecified --annotation=format=minidump --annotation=token=b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98 --initial-client-data=0x4dc,0x4e0,0x4e4,0x4b8,0x4ec,0x7ff7d7a0e988,0x7ff7d7a0e9a0,0x7ff7d7a0e9b8
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Program Files\Topaz Labs LLC\Topaz Video AI\login.exe
  "C:\Program Files\Topaz Labs LLC\Topaz Video AI\login" status
  2⤵
  - Executes dropped EXE
  PID:4416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5846d9.rbs

Filesize
196KB

MD5
14ff0006b1fd4cbe551148d98147a8bc

SHA1
2a7ca6a1cc827c8787fa033051d7196367ae4649

SHA256
ef096816c36e6ac3e150ccb73319b0dc729cc6ba40b92fb7770022f21c1f6183

SHA512
70545e184c408bdd335ae8a5395284e8c9ea3810878e8cc1546271b3f8628914b26eb94c89799222f4a87b66361cacc425e2ebd3b8289479fb1d1a82295f4ee2

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\plugins.qmltypes

Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\aaa-10.json

Filesize
17KB

MD5
0101ad6305f385e56581fb07ddeb262b

SHA1
eff7fff2e24196f18dce4f2a36d4622b69d025d3

SHA256
6d5db3e30fcbeae6b665a05958e91a69a0b9945631035744a05c9d86df97ddfa

SHA512
8bd6ce9089d4dd5b14e283f92bb0218974dc659eed2f398003299f02504a9712fe1ed10381a48fbca21992981ca4c94ac8dc82021050446d3d1132fdb938dba9

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\aaa-9.json

Filesize
18KB

MD5
85d8fcc789f5aa75d454141fb031b9d6

SHA1
dd617fcad4b362208798d1d32d5e4fea7ba2dd77

SHA256
3fb8016c69cb6b39062f3a5860d3f17b602b33dc34d9d128983b31af14f2c3b1

SHA512
11ac83bb793a03a1ec1e6d86b91dca28b7dc1fe15bfd6abeaf2fcba45eb8f1b4f9d1f3aa38f47cc3e86249c13d7442dcaecfd7598ef0c5e59ec3cf90f1134836

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ahq-10.json

Filesize
18KB

MD5
34aa0ece01047f7bb1092eea2c940df7

SHA1
cc90abc05959bb3dda767e0123a635617bf3aeb6

SHA256
2936d9c36d1fc284b6f2f61dbbf86a42a151e933aa1b28cac6946484dec4ec8b

SHA512
0c0bc39c18f9cd5e235ad7bfe05dc4afe215ae21b62f132702a864e80803e5321c2883fcafc3b26cd196dccbed27a37f01c9c24a6a724fa7fc81154e988879f4

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ahq-11.json

Filesize
18KB

MD5
ecbdf815da11dabbe238525f925e2c81

SHA1
859b8c3954c7f0c25b71b73b246ac35a97db3f48

SHA256
c72dd0a319391b6d84f8c80b6de70d0b315c66a099796d3740fae1fc7682235d

SHA512
5cb5f119e8db75cc96a45dee3ae2f71547045c028ba39b8e887e666aa9429a1ea91ec5227bfc85438293ca9b92844523d0e202e32b073fdb819594bf66b9033d

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ahq-12.json

Filesize
17KB

MD5
cf2cc9a98875cb61c90362d23d7aa225

SHA1
920957dc525ee524b0ab7f39012ced464c013d74

SHA256
dc05527aaea0c401b7133a8c5c21314e7d884e38f84ecdd80689d577898a7f44

SHA512
b45d5c7dda597b38d68784a4685b9adcc315ef5ba219cf3d01b45117b8b58419e7a51c07c2960fb311c2f312dd3b30d94de407001453ab029a255ef12c0468b6

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-10.json

Filesize
18KB

MD5
a7b02d83e47a00e1f9a09e1174f40855

SHA1
ac0689c545f7579ba5db7a0f9355d2cb94213a83

SHA256
8daddc54f817e260d7a284157081a4c12f960615555e7a9467a21383d45263ea

SHA512
794153b2e726cd04e882881b3d9c189159b4aa59fab05a528bea6c58d5ceb2459d628baaf0d586cda6a36358a181b203aab447eab4137e690aff6bdcc5213324

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-12.json

Filesize
18KB

MD5
cea5908c699f7394b8bb0aa3449e793d

SHA1
da3625c8148f83104ffcf44650ba98e0c7c2d521

SHA256
bbe672bac66c401820de53f985a89d30348622f2f7b6feb6285092dccb60b127

SHA512
ba87d27d7f792955750a3c981945284ea792f03a8dbc26d43a3d1b2436c44be2d46b86fc7343b2a06136a71f2829b0711e3339059b71113113df380c6619386c

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-13.json

Filesize
17KB

MD5
90beb49f1ad158d44a99e77fd061ac99

SHA1
5c102026c86e2904751b935a37613e6cc740d456

SHA256
d02570742ea002209cf87432ec92b8b7f897e2f44f5cbd5e843265a846682ded

SHA512
863d1b4226a1a10428f3e7b9dc14b4e40668d1f3b35bed44df2211e3f5ba3dec89e1ec3c9fe890a9ee52d95f7c0124b98bd84476aeb7c7108d68e285f2dfd341

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alqs-1.json

Filesize
18KB

MD5
3c8ce9b67a921ecd31736c8f6dd49bbf

SHA1
71aa94dc8dd60fe91ae6565aa51a6d6cd61adb38

SHA256
ab679e0382ea87629889d5b91d7a6a6d0562bd8f07cbc27916f013fb005d6e9f

SHA512
fb36919e8d5f5c16a94470b7b41f0f11f0f50ebbd72eaf6fe4063b17ab2a0fb6d4f3f3baaf38630a086ab7f75b8e11dee7e15125ada98f4811f2ce9489b7cf0f

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alqs-2.json

Filesize
17KB

MD5
f8bd3830e02401b72c877a1e34851f2e

SHA1
900b03d6da095d84c5508043589d9b446b399b85

SHA256
ab0694e95ccf376da7705684c80a448cef88e4d199a1c89e8b491670f41e765e

SHA512
8a19d2cc6f02bc5fa2129437a0213756fbcbfd0cf29ba18c8385ec2cacea37742e3aa820d78bf79188aa850b710d1182921f826a1b569b10f232148c032b803b

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amq-10.json

Filesize
18KB

MD5
07119df93e9a418bfac8fccf15bf0d7f

SHA1
59eed8492ded4bd351bf9c58af1d26d49f0784ba

SHA256
7c699ec7c0ad2e67bad885053297cfc81e2efb1753006f8952245e8bf1ca3cba

SHA512
1c9516be21bed59ff3065393ab5706ed44a5ee716dbbb43be51dd0c6d44fe2086aab17fe751b3b3a259cc714fc9d2dd999a75d65ce85d17f32072e548a20cd2e

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amq-12.json

Filesize
18KB

MD5
512e30e2a5c2ca7898a12a49d423ff59

SHA1
37690cad59c78b81ecf2680a82c6c06c640c4235

SHA256
0e3a5f03ee53cc5e01f675d7d95e440ae773e6584eee65efdd2adf4f326550db

SHA512
a8e2c303845818c542040b19bfb2adad17fe95d537827c8c2f67ac1b5cc2c861414eb47140516192e10996dc6519e50cf26dd7a66e0a97be10a0d9cb5de44645

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amq-13.json

Filesize
17KB

MD5
47f2068c9da99ee81307edf7e3c054fc

SHA1
8394748648bf95edc0220c327c0a2de76aa6797e

SHA256
7a5531f445b6a1ec1397b85717bd9db5e5bf4763505c62642d6c3c3b8e2edcb6

SHA512
1f2d5d8593ccdcf18b94845e7b7e8a1d28d47db2e7a9775268586035f8d4e26a4b66a94c3880830e3a8f1a92d4abc353488ea67d534de793d8ce6db652a848ad

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amqs-1.json

Filesize
18KB

MD5
8861b4f347bb082b78cd2f0b39b1ec37

SHA1
81ce43ea6955c0cd914a79d8131d8f50a56b8f5a

SHA256
5f10dcacce097fb67f16e72ba9965e1b0e8b2475ef6e077044c05ad02d20fa19

SHA512
bff7b0ba4bded0a2ab94b443511a61b5e7a7a24a6d029d0e8e005bda2729b076abfd4993a914c55485309a04730e6d1e659769d8efc338101379449030330f33

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amqs-2.json

Filesize
17KB

MD5
3196548b95b6ad9183a35da9db408ffd

SHA1
ad7902aa13e9964ad5c011aea8961428082b74d0

SHA256
98a9b9fee92b47f4376549a99598d367d00054df4f6725a6d22a2b6eae959acc

SHA512
2d503793cb5f7384f6fd307bd0564a35acabca835071f74b7d9f46e2eccb9c418219d1495c5db438a8f027f9c2e4a642f60cf8756b86053286e8319a1d1c8971

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apa-1.json

Filesize
6KB

MD5
edbe2efe93acaf7d19945733f1904c7a

SHA1
15accaeb28bf5ccbc7b78b6eca2db736c2347910

SHA256
a040e307ab636d973aade7b30c6a5fbcc332f442affb3ed943ba07f5aa3840c8

SHA512
426c6346b33ca660b0aca304c3861fc98d2f12b88b39a57e14d2139aa45e34e0b59fe4b05e5fce4b2e2abd5b57be4af698b57e7556a50a0d9bfddede8fed9c98

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apb-1.json

Filesize
6KB

MD5
7eaa743fa9ce25c2517f5f778b66d8f8

SHA1
9c784950e845c2c92435c84ddb7c806bb618262c

SHA256
c670428e036a2f8e17705d32755ccc7f299d70f4992161b86ffcacaf33720486

SHA512
46accf872aa01087d7f5d656efc1b5793afeb4e150cd12855baac45def00230eccea8321b71283a7569d1511adf249bb2bb351714925f01d061f8d5aa0a5937f

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apf-1.json

Filesize
7KB

MD5
3b9743a9df5dd1d514f800da2c06e031

SHA1
7c60199b47df082ae7eb706fc557c6f7f2199e44

SHA256
522935b3171ecbf004e74af6aa9ff60a448e7260a531f2e20f17df05fa699448

SHA512
99f0e0f19a0d06c9d2328801410bcddaa132a8f5477c919460575dbeda2265f2fd55e10e83e2fa72cdd7e01ba157b19fc44250f70950d00177ccbc41f00bc1f2

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apf-2.json

Filesize
7KB

MD5
f6c9426ed34cd24d4d8d18c51d0ad43b

SHA1
169bbd2e1e4daef8bc8dee3181c55da1a10a4637

SHA256
30c8b9187badcd4d36972d476e8956832b3c378098c81fb9cacd874deefc1ef3

SHA512
b92406ada1fa6cdfa64f2abe16d2c75b1cb6ee031f4086a9ee83ad37ecae01b03b342544cf5c0bea10f7fd8a85231f5281d42aa4d2e5c6540f95522db5cd38a9

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-5.json

Filesize
7KB

MD5
1768636a2c49aa4b7522b9fb8aeba7da

SHA1
5424cf6ae93db46f847f4e1c620cf066f4337376

SHA256
ce2962b800b002de90f6cc722bb232fa4bbfcebd39af7e7fe6fa2d2504021a15

SHA512
faf2bd972658a8cdc415558f311527d8b69df4c73c7eec6672777f26b6a70dc8ecaa23558d6217217c3dee27eb14d1bd7a0a60cb83d0d5c2df87ea986ecbfaef

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-6.json

Filesize
7KB

MD5
8b794a4a1005e702ca33dba595029c50

SHA1
24b003a8e9f8f232fadb37e046971e84594f6d5d

SHA256
2ecf6b5a793289f583aaaec2e99b6d8798fe5853d16eb4c0687d10c498408f37

SHA512
8b782521a9c24763a81f2fd63d625d9d8c7f3ca2578e4a86ed488dcc9d5faf5f5a8638fea76db7580ce9eef04991acecac18122a050894bf4650a6a26a86d2b2

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-7.json

Filesize
7KB

MD5
0f5e3aaf0adeff6dd4eb8605130b663f

SHA1
fad8cd5b8e10309d00db73d660dd466040c9dcb9

SHA256
2610f77bacafd6c3936ed35eb7ce8060a26f9662eee2bdc88c676bf0a3997c07

SHA512
4564e860b351c8e004e6d59f0906b38ae48accd5707ebb7383c7e3d4ad7bb0ebd805a7d5471d5f99b0850229ea8f5a17829d038a99dc8140a256ff8f556e0dae

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-8.json

Filesize
7KB

MD5
e3c1ce02044f5bda09a3cd0ded6d15d0

SHA1
5b2a0c1aaaeb60a2e80359619aba07350858967e

SHA256
454427127eaaa63e11e0e9e40d22acf671dabf217b1fe7fe192fb9da28535296

SHA512
12585c18ec02e65ce42f324891d33bae9f31a0e2f0e2c9f04c5dc7e6253851759de4c6a97b18aaea6e2c1e48b41d63e460663977f4db41c960ba5fea5739c735

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\audio-codecs.json

Filesize
764B

MD5
9890a2de5afdcda0eb82deae0a4a3b86

SHA1
2037b2851cfaa4623c4da392313efa6b0f676eb8

SHA256
2620ecd7094bd0f0b6f179fd1eaf95ae807edb446e7d091874f9c2152bd34dbe

SHA512
de57deaf1e3ecec58221c19f92ce32aab8e49618fd4c36a293eb2c629df788beab8b21ffb61036e1adbca3e6dcef43a759724a9dfade6d9b77201f00d4479851

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\benchmarks.json

Filesize
1KB

MD5
43670f4c987785b70803dfd34c3c8ccc

SHA1
d4db6479538f9f22627e677ca707e596f95b8e6e

SHA256
dd50f814af61a23f6a7227fac7a139cfdce833c604da1de8c0b20ce0c7619163

SHA512
6f3d296943e61fde3ef5b530deac14be268d9276851e00759dd433e540153029b0343fa9d57cdb4865077b6f3c40bd8e6c54eda1d19d81b164020beddb626c19

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chf-1.json

Filesize
6KB

MD5
1a5e834be6288b8a20bdb3b11b32d3f3

SHA1
4389579b46fb980f32f701954943ec0fbb4ec74b

SHA256
198c91a0217515db394c711f45abbfe3929d3d893ff11f95ac677c4f8045a8c7

SHA512
01de4e7506b2b36cf415cb72e71d3f546606468b9e2c4df79992bf61aef808015b427a371b82b9d9868fec0ab5dc63132b8e99c791c8e1ea915a724cc60c8001

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chf-2.json

Filesize
6KB

MD5
9ff7863099edb2b32d5dfc638157f926

SHA1
f55d61a99107da1b48bc243fc3081e079cfe4903

SHA256
76c78914bfeca36114cb17e3a576eafc10980e5c1773d6e3b6425ddab59ddcca

SHA512
3718e017cb77956767148e32c5ec8ba35433957061eaa2ca19e7d4f44815514c89e20fcc60a7e09cc1327c531ed25b72c6d6a1a003864b7b74618fb2d01c7c9f

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chf-3.json

Filesize
6KB

MD5
bfe9b9a21a300127eea4f874f62a1577

SHA1
a198eb0e0a5f3450c849f30492d7660556c0856c

SHA256
04037999ea17c64d1e271cb4a502636ebd192bc801ba666f41e54fbc58c506e1

SHA512
6a34da5b417b52e67428e4015cbb84ad6fe411373fe930cba62b7d31146dab5a982efb53ac45a6e56827753412c395490ac967e894a2e8bd0504ca1bc037593f

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chr-1.json

Filesize
6KB

MD5
c22a7059cd3d2fc7138936c87e7460b5

SHA1
bc15a25e9a72adf45a13a5c5ea2341d2486d5fbe

SHA256
693cb80fe7e43531287c22d2b99f6fde96a5f25b550db7128854b170873330d8

SHA512
0e1df76e1c23a7bbec3f0da2b249864a20de7d07dc9eb75af171ddfd86b6fac28f136e84dc52a183abe2028ad4183fbbb805e27b8139a4539e10d8473c826dde

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chr-2.json

Filesize
6KB

MD5
0d3f6eea23fe0dcad1eee0bfd21a7277

SHA1
61805f77f5d64ff9b06e4262af36f974e5dc6d67

SHA256
49e59c035e04aa183dbf393efe60ff2db854dcc23a8378cf3cdfc1f674d41e06

SHA512
287d3d95808b4f2b9bcdf16ae7d59765acf3f3ceb0c9b9b284a36df45b47f3fabed809b8327f04a8351a3ad3751f3e3cafb07c96f0f186df21d111bfa548c3a6

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\cpe-1.json

Filesize
3KB

MD5
1517c965e24be77a5eb3824a08b8ca37

SHA1
300ee3cf2576860893ba8a0ba6395c26ebd6382c

SHA256
19b04c5d606f25f096d2a135a5159fa1d843f39de6bce5c891fd04e2bf502914

SHA512
cb3db36e3425d7e36b40ad0360911417b673838e972541ba4b1794df8a56bfbb082ca1cbdf14bc7be3d264c6e2e4b8de84ec9c9c9bcfbad2aabebba9116a0099

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\cpe-2.json

Filesize
3KB

MD5
fc64e6efaf0793cd5b55354adeafff1f

SHA1
2ade72a87bc083d1387a6d9fc3c3d6f65801b988

SHA256
4967c184c8571e3719ec5a3def52eade53e72424cec986f21efee17a0c671bc4

SHA512
52e061c1466befdb32428cdfd6e4c4d16e7663d84dffd530abb7ff1d9d0dc6dbc6d0bad62ed7b2944f5208b581c8a533771b7b75a40dca8b35956a0159ebb9d3

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-1.json

Filesize
19KB

MD5
891fedbfcd6665e077c498d531c09593

SHA1
f43a329b33ee5be7379bbd99c4ef8ae9882ab974

SHA256
642af1f675264753874462326ade9e8b3ea5624ff9e3548145a043b2c9748d5e

SHA512
2c484a5d6799d3557d33f30fc14dd6887d89cf23230f8f2c5c53e248c25aef8bd45f3c71df2db48a136d15239cb9a347c10dbfd63a17334e54c4a3d416e57184

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-2.json

Filesize
19KB

MD5
f6b3eb3adf8a8d5be66a1cf4a1894aa0

SHA1
c1980a57e7d6a66f5a08d32e0ea0489f713ac204

SHA256
8d92c0f08d345d211f6cba914070fba8f60903c452ec31c4a49d4d7a21b6845b

SHA512
749aad130a5d3d94ae2fffba0904c3068a8dc64a7077157e888858883597109622a4e9ba7fef16404590d428e1c8ac1ac76c4ad96a560848be384a5061f282b3

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-3.json

Filesize
18KB

MD5
08502a33937a32b8d4731accf03b2ba9

SHA1
df399c19c157ecc1ede06a05017e9ca0048702c4

SHA256
815ea4880f0dc3118c81ee82fd81b269e00cb6c84e26e1b8ce8b1f2a2c9ef98c

SHA512
c87eba82435051242770dd22ac95a3b44078f1dd6466a40a8f291084ba3fe350c5eda601c923f69e06f27db507acc625f4de140b31420b957d4a44b8ef695b55

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtd-1.json

Filesize
18KB

MD5
cfada66ad24897e69bfef5d6909ba786

SHA1
43b718c8fc7d6fb0f9b8287102881b73f00c8349

SHA256
f4aafcab3b0ce5e46652434d359cbfd719caca80fdfc0d3ae83b77bc0f1ee0ca

SHA512
e854c7b075da50e069933c115e622d2e8b573918fe361b75cf4806cc8899cc9f63f1b8a86145a1a78c6c5455bfa25fb66a2808f19a879049ba8c648b3f9e555f

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtd-3.json

Filesize
18KB

MD5
6349978982b7d73d1decf17454b303e4

SHA1
3e2c4fbc77d785f42dd77414a1c2572b7b50811e

SHA256
131c0899e07ea7f8912dfb3f07db6fb433744726a09f19ebbe6c55bace3d3afd

SHA512
8ce30778268b7a25c16ad07a826e1229f9ed8cf8412c99ac0476638083dd76aa2cb43feda81d7c6dd90fb597440f6e03bcc20afde4c7d4656bb370df568a7d23

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtd-4.json

Filesize
17KB

MD5
5b59c8abc75de51cfe8d265503631782

SHA1
b9b6e33e4031103da3b0a9de694844ec5072b70a

SHA256
f6189db3fb413746e59bd40533bf52ccdcb66985b7bee4b5d46d0b699c24b094

SHA512
3e9393be2521af17a975c9ec8fdce514bfe5ce56b819a2f57acc7880f6c59102e6d5cd1f6f57085c2bf243b52edc97f242aee6855af19d48b9fc455863397df2

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtds-1.json

Filesize
18KB

MD5
53877258ce95ba659552c9a3c5b6f78b

SHA1
d305e2b562307da3d01bf38c5778729b54a40f22

SHA256
d4b543828c821c43059ec4e5d009a5fca1f4dbce24a159089deed16f37fd5a5a

SHA512
a4800e487a4d02dc48b28e064e886e9ef6b82496a8e7bd9e849ca116bbf05d36d59d72f76c8b3e44b22d4efe0f04ea256205f172e8619fa8598f5f44bcc5755b

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtds-2.json

Filesize
17KB

MD5
1336a342b527c9e38dca9e1de25af9fe

SHA1
257b1834e74b454e375de0301c48f24a32129f81

SHA256
dec5c2601f2925a9eabca527db415b574f4eb31f0ce43506815ac6561f175a53

SHA512
e9198a9ae47bcb22ea9d01e0cd0373908f4ce541720a4ca92fbd712b62ac1caa706137fa18d0f97bc3fe7620616812e868a8aedbee5292f506b35778da7e9fd4

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtv-1.json

Filesize
19KB

MD5
4683dcddac9a003ca0bfc8fa4d1ca9a1

SHA1
d1c983408b4a0804e1f28062dfe64c4210f6c64d

SHA256
9e620839faaf2e27f69a3b3e0aa4f8184062af7fbc02a9aaf9a08507ff9e702a

SHA512
9c742c88f8f504c8ee11eac3e40f5d771a669a01571eb01c089042abadfc9becc381b1a895882947a16bface7fb61cad6ced23d4e102d9c88c4a78ebc4af14a4

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtv-3.json

Filesize
19KB

MD5
d0c4da48e43c50f6a8675964605241a1

SHA1
e6edfe14cd99666063bf311664383c9891be1e06

SHA256
ee13ca9a51bb58c3dfc8414eab3a8f523e9b80f30a175e965e6d23e03a1a64b9

SHA512
eed6701f500a0b0281a164f9102e455084848e43af22a2c0baf25e5c088cd5e367f8fc5c8a69481d3a43e9f88e2536964f5f6ea6daa6e0f6a27c0ce1835032c2

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtv-4.json

Filesize
18KB

MD5
81b596e092578b0db59d53001aacf940

SHA1
ea7514c7ff7153f2f58dc8488fc1b938eb82b888

SHA256
47d70b17497f0f02ced30cb1651026717345cff6a02447dc07ac9c844619d237

SHA512
47a8d9220ab7c474c6bef7b3fc0fd0515b0e1fac00fd2b3dcf6bd5768ccc1958a3c28548d952e5cf60dab1c50cad81785d7d15de4a2f553e86569d9e11b65d16

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtvs-1.json

Filesize
18KB

MD5
c81ca43c8b05a3f4347e8ac30242d6c2

SHA1
d86dfc4b79e8794ee9f2e4699a1c62b966c0f22a

SHA256
e2d72d3a5e57f4c70aa7274fa6d314c709ce86cddfd329da80fdbc32d6d5be58

SHA512
291f5970dfe72170ae9d84a0474db652d78ec38cc3ca242ec1a8c39379ca3457ba4067b91c2539ab39fd135eb962365ccbfcf1597da3cc882e2bb83c7f92c5e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
5f85d155147e06073176655b3e80a3ab

SHA1
4de7a90fe405400d3970ce58dbd1a0171aa90343

SHA256
ffdbd3538622b4cc877d713fcfd09043ed4dd5e48102e99f72855beb426292ab

SHA512
d53eb600abfd9537425d038c50f64dc58f65b5a21a43fd61d574488306f231a316622d395f19e32b837c51be96765649b4825f6647406ac2a3a90ee29161c06b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
727B

MD5
a2b6adf9d2f09e449185561e2e01ff21

SHA1
0fb5f43d2e4c2064fa19c3cc792a2a2c74354ba0

SHA256
1d263054e49a4974cb9ebf196211f105608f451269115cebfdbe0855b117843c

SHA512
2496417917601af2e59dfb6de2ecec930bd0281fed4e19f2fbd5318c308dd01551065b9b6a66b5b7c1c901c725f62cab51ebaa056fa3fd475c57121e7a5980e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
3b51e41d93df132b90a46d9f529a4a15

SHA1
adfcbfab7670e420b66f7530f9d866486186f352

SHA256
c14843a220b612d6c90a59232c764c088b50a939614955a23235d5418cea8084

SHA512
e04cbe221cf9e8bb01828d03922399d568b7d68d845fea670bc829f82d8e2eb88aa9a7d24a4b89c838cd7e0d90279e40c5ad07f5a6aeb8d0acef21fd8975f282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
02cf625c201d5c8a3031356a591361ff

SHA1
f4125594f35b153a5c4bef313663524104a501a7

SHA256
cff4c8b8ee364f677b4a83b67b694344e3a29d335be4c1c1d9f63b4abd68037f

SHA512
74b32208c6ae28f3f3299e2729e8217330426dd9c6dd39a24d605424742acf656a237b4f373abcf70f8c5e9ce755e6a306d41b2555a63e6f6ae413e7cbde88da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
404B

MD5
983f16a33d7279e80b1dc719ea65345d

SHA1
356c1fc7e7c73e1d4e3e262d9bba5010715e4f4e

SHA256
aae7bf2131432ea81c3ee30a0af71b148c7d253649189e0367413bcb91544677

SHA512
cc5c2a3d4744ca5f41248fbad891e30a3326b448a915957031fe86cda342c1a5ef74d6447c8a4954921f17ac6da5e1e127df82f07002e1a831ff1f47b5567433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
afc0fc03a217b292830bfdd1d80b6bd2

SHA1
6b74b2d7f911309d6c4c4c952a3fc4d05485321f

SHA256
bdd5545c4b1972f139d356b81e6311f542de1e82fa0a53846d677eefdfb26767

SHA512
20ad165cece343009f858b0acca6f18d3276b4a3116a1171f2bfb80d68280f6bc34de36b06759bb48361335a111a4de00b80b60c2b36e3c141c9b8792de1f469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
b4873cc5303e555ab8627ecff6c2ac6c

SHA1
1fb3c17171db3c9472ebefa3c67e5c26626588d8

SHA256
4f0d44293b3877d0cac43d60f244f7f2468a986bcf8e1e6e133bf1371f850895

SHA512
4c7e38eea8225ebb2d9d82ad0df9d20fa8c14b00c4aa3851fb72dd1e505155dca7eeb3b238a58941913999a95812d4392d165d04a4528ee453110a6c480c3552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf0ae128a4dfbe932decf91d2bf31587

SHA1
6df7c7eb79f3b19f8cbf5347cd08f1f212c334d3

SHA256
6f18f52f8c4eaff70a79acf6bed9d60d1629261a8508e288fa5f1c3e3fa2a8e3

SHA512
da4ab82f744da7fa6b5191dfa80637468d86d4d5beebe882fc3b4ff933c4521aeedebc198b8dcf6a9bbb41494a6dadd280d15e71310993df1b3da61c328af1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81ebe817b868ada876dcacbc84bbcaa0

SHA1
5c3c2914e3fe04e62dbe361f80c3cc4cd6667d5f

SHA256
de1ca9663c746641b180d4c7403eba7427f610a64a5c457b2b49130415d71504

SHA512
d87f5a021b50870bf7561aaa62fd266c8480083566bb44154042ee6937a9f569dc2088267b0b8e375bfd5c0925645e9567f2e66566953be7105fe09e8595b35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
378fcb97ee6265d4cab51508aa1e50a7

SHA1
4eff258ec7f83d7c0bf3ada43f0e5c73d95a2b6a

SHA256
2d316a4d305ed34fa4cb392d5333a4cd20c10f4a1eb3f4cbfb3400d210b3e587

SHA512
231f8426c7540c19a0044679d607a3ece832339c3b65a19fe089093df5ea1e5f6c119d710c23d849a08cd62019b54ba269f745e08ca9ed6ce75b696c3ec00b6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI451.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID958.tmp

Filesize
1.0MB

MD5
8f8d26d9ed4449d5175c9d77f3059968

SHA1
2f9e854b29f8aed8c27c69ac1606825ce99699e3

SHA256
e931822e4f2359a53dda34040c9d14ed9985f239a3c11777170d525cb06ed2ff

SHA512
6c0d03b4ec5d7aca14c8936dc74d7a221613afa138d354051ced407e1678373d92f8ee0d40231991171d23d363aa71d11278781dfc35789363a1fb4164c02655

Download Submit
C:\Users\Admin\AppData\Local\Topaz Labs LLC\Topaz Video AI\cache\qmlcache\1256d377e6d6eb91d41b7c184c750e9d53d13b3e.qmlc

Filesize
3KB

MD5
c28f8f3f7c0f28e17e37cbf9d6348fdc

SHA1
c5b470c9d4dd0bc421b48cc1dcd82fffdb7a8007

SHA256
4a2a0cddf8d68472d6b8b8a7b87775767e84c715f8d8ad48bda9d765bfb1c2e4

SHA512
9bb852000330dba2f96bc78f4f612dcf3922e66c36380fa435864416e5da284533df30cb2eafc45ae8377f8333f0c4dbe1e0e94fc191714e2cd224738e4942c4

Download Submit
C:\Users\Admin\AppData\Local\Topaz Labs LLC\Topaz Video AI\cache\qmlcache\5d6908fe5b7095ab9e15df35c16b9b41d0a9590a.qmlc

Filesize
2KB

MD5
abd8fa050bdae9e862592df256eb2b90

SHA1
c9a71dc8fa0e6ed527c06b77c49c470232ca64bb

SHA256
23a7527f13a28b5e2473d57115f0dfee4917b74a6d079c7b786f8e941eea9532

SHA512
f08aa64729996e223ad225cdc72212da25c3e700f565319b7b1af52a16166c8a341709d782c386da37b22ec82e67337254ce71ff5fc057cb18da8cde6f34bcbc

Download Submit
C:\Users\Admin\AppData\Local\Topaz Labs LLC\Topaz Video AI\cache\qmlcache\6739f20420f8e39705e071378a79a7a91ba78f95.qmlc

Filesize
15KB

MD5
36d2d9df01ca7235cb4cff8cb5540c89

SHA1
42319e6d361149fb60fa7d7ca12172029e06aca9

SHA256
cc725e55f91c7defa98eaefaaeaa143e9e03fa07a9f9ef988dbfe672746d63e9

SHA512
04f4920444680420b8d6c84e1c57b45cce41dd3cf2931e9f762add3a14ee43120cdb8ebf6ac57eaf73bbdb418ab46a84bb8619ed4371b70d047a645df26f1d82

Download Submit
C:\Users\Admin\AppData\Local\Topaz Labs LLC\Topaz Video AI\cache\qmlcache\6a2d59b9baed23d3ef50b8411b7a73a353383ec1.qmlc

Filesize
4KB

MD5
e85bfdb5268319b72a6d4e8c00e8f383

SHA1
46491d80399058b43d3eafc9ef69c252534ded2d

SHA256
8c6bc60189799d122c097b00c1c04a7f04bbfb872227325ba2981241f9e4e085

SHA512
71d981653344005e9ca3bb1162d4dd362330df47c24697ec1230b89c4235d68ac0af0134350e1135a495374cfb36b457eff23c511bfa76c29a82979a2f133241

Download Submit
C:\Users\Admin\AppData\Local\Topaz Labs LLC\Topaz Video AI\cache\qmlcache\c90d051de3ee09b5e39426b948d2acb562cc3f4c.qmlc.fXqwYG

Filesize
8KB

MD5
fad00cfa04f197bf786d65435c579bd3

SHA1
4f317c29268bef116d2e608678475f44eaec9e96

SHA256
f7ef7d83f673a56f21ff537aaa40a3a73d9448123d0801646009146bf3855dbb

SHA512
77fa77991401f09a784ac81832beb39e801456b236a37d54ce901d846648996f8c99eef63f32da04d454138eb015979bfde57c1c4e200bd7933a469488a7ff62

Download Submit
C:\Windows\Installer\MSI730A.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\e5846da.msi

Filesize
9.0MB

MD5
369ef8f6700ad7fba45b3f892dbf99f0

SHA1
6f9483d1229053e142ccaea9c19acdd607e8ee69

SHA256
35fd68b3eedaa14e4927755fe1c39bdb4296c18a7766d105aa4ecf877713466e

SHA512
4d77ad886743cdf89cdd47f6893337fe6d39743c11d5b9bdeac1ef961cbf0ed4bc8d54d4949def16db67a3ed8f95e3851ec8b9700429c612c11e51a97c6fa8aa

Download Submit
memory/3532-2764-0x0000029D7B560000-0x0000029D7B570000-memory.dmp

Filesize
64KB

Download
memory/3532-1259-0x00007FF83F720000-0x00007FF83FBE4000-memory.dmp

Filesize
4.8MB

Download
memory/3532-1265-0x0000029D7B560000-0x0000029D7B570000-memory.dmp

Filesize
64KB

Download
memory/3532-1261-0x00007FF83F720000-0x00007FF83FBE4000-memory.dmp

Filesize
4.8MB

Download
memory/3532-1260-0x00007FF83FBF0000-0x00007FF8401AF000-memory.dmp

Filesize
5.7MB

Download
memory/4520-841-0x00007FF83FBF0000-0x00007FF8401AF000-memory.dmp

Filesize
5.7MB

Download
memory/4520-1251-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1253-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1252-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1254-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1250-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1249-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1245-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1244-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1278-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1280-0x000001CFD86C0000-0x000001CFD86C1000-memory.dmp

Filesize
4KB

Download
memory/4520-1281-0x000001CFD86D0000-0x000001CFD86D3000-memory.dmp

Filesize
12KB

Download
memory/4520-1282-0x000001CFD86D0000-0x000001CFD86D3000-memory.dmp

Filesize
12KB

Download
memory/4520-1283-0x000001CFD86D0000-0x000001CFD86D3000-memory.dmp

Filesize
12KB

Download
memory/4520-1284-0x000001CFD86C0000-0x000001CFD86C1000-memory.dmp

Filesize
4KB

Download
memory/4520-1285-0x000001CFD86C0000-0x000001CFD86C1000-memory.dmp

Filesize
4KB

Download
memory/4520-1287-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1288-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1291-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1289-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1290-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1292-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1293-0x000001CFD86F0000-0x000001CFD86F1000-memory.dmp

Filesize
4KB

Download
memory/4520-1295-0x000001CFD8730000-0x000001CFD8731000-memory.dmp

Filesize
4KB

Download
memory/4520-1296-0x000001CFD8730000-0x000001CFD8731000-memory.dmp

Filesize
4KB

Download
memory/4520-1298-0x000001CFD8730000-0x000001CFD8731000-memory.dmp

Filesize
4KB

Download
memory/4520-1297-0x000001CFD8730000-0x000001CFD8731000-memory.dmp

Filesize
4KB

Download
memory/4520-1300-0x000001CFD8740000-0x000001CFD8741000-memory.dmp

Filesize
4KB

Download
memory/4520-1301-0x000001CFD8730000-0x000001CFD8731000-memory.dmp

Filesize
4KB

Download
memory/4520-1243-0x000001CFDAF10000-0x000001CFDAF11000-memory.dmp

Filesize
4KB

Download
memory/4520-1236-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1237-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1238-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1239-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1240-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1242-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-1241-0x000001CFD8660000-0x000001CFD8661000-memory.dmp

Filesize
4KB

Download
memory/4520-847-0x000001CFD5660000-0x000001CFD5860000-memory.dmp

Filesize
2.0MB

Download
memory/4520-843-0x000001CFD5220000-0x000001CFD5660000-memory.dmp

Filesize
4.2MB

Download
memory/4520-845-0x000001CFD4BA0000-0x000001CFD4BB0000-memory.dmp

Filesize
64KB

Download
memory/4520-842-0x00007FF83F720000-0x00007FF83FBE4000-memory.dmp

Filesize
4.8MB

Download