827406ec5fd38293a541fb2978ccea4e904533dcf5b812d85b986608154dc410

Analysis

max time kernel
1200s
max time network
889s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/08/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DubbingAI_v1.6.2_08162000_Release_C_Setup.exe
Size

99.2MB
MD5

254fee8dda360f9609f9897a2572f32d
SHA1

43cdf2ba81aa607339de8b6ebad3c8f35491d456
SHA256

827406ec5fd38293a541fb2978ccea4e904533dcf5b812d85b986608154dc410
SHA512

9dd580b36fbe6e9b05af2939a4f1b15289ad66c63949502451087f5e1ae52a4dbef3da5a754135fb74614555b7811d44d159a9ae8f2e7e50d6cea2f67c8e5729
SSDEEP

3145728:Z/yTGAw+RbV0Kr0ZRz52jgqnB0KS+EHT8oACaFcj9yQgSt:pyTvrbV0bzlqnVtcZyQLt

Score

10^/10

google discovery evasion phishing themida trojan

Malware Config

Signatures

Detected google phishing page
phishing google

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	DubbingAI.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	DubbingAI.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SETC796.tmp	DrvInst.exe
File created	C:\Windows\system32\DRIVERS\SETC796.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\AudioMirror.sys	DrvInst.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DubbingAI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	DubbingAI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DubbingAI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	DubbingAI.exe

Themida packer 19 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2180-4640-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/files/0x000400000002b6d4-4626.dat	themida
behavioral1/files/0x000700000001ac4b-4619.dat	themida
behavioral1/memory/2180-4646-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/2180-4647-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/2180-4649-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/2180-4650-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/2180-4648-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/2180-4652-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp	themida
behavioral1/memory/2180-4653-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp	themida
behavioral1/memory/2180-4651-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp	themida
behavioral1/memory/2180-4654-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp	themida
behavioral1/memory/2180-4676-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp	themida
behavioral1/memory/2180-4677-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/2180-4715-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp	themida
behavioral1/memory/2180-4717-0x00007FFD58650000-0x00007FFD59097000-memory.dmp	themida
behavioral1/memory/4904-4793-0x00007FFD580C0000-0x00007FFD58B07000-memory.dmp	themida
behavioral1/memory/4904-4816-0x00007FFD580C0000-0x00007FFD58B07000-memory.dmp	themida
behavioral1/memory/4904-4854-0x00007FFD580C0000-0x00007FFD58B07000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DubbingAI.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DubbingAI.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
75	discord.com
76	discord.com
70	discord.com
71	discord.com
72	discord.com

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	DubbingAI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	DubbingAI.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\audiomirror.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\SETC601.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\SETC5FF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\SETC600.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\SETC601.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\AudioMirror.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.PNF	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\AudioMirror.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\AudioMirror.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.PNF	DrvInst.exe
File created	C:\Windows\system32\sysdbdn	DubbingAI.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\SETC5FF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\AudioMirror.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}\SETC600.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{81947b1a-2353-3d4b-860d-3fc5616e0041}	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DubbingAI\vc_model\is-D3T75.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-AS8O7.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-3Q7QQ.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-9R9Q4.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-08I00.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\audio_play\is-2SV3I.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-VTP8P.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-1OI0P.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-AJSTT.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-E32GQ.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-KTOCO.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-JTERI.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-PC1L6.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-MCQJD.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-AMC6K.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\audio_play\is-T1QDD.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-L820N.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-BVIL0.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-J2S49.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-M0FEV.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-A5CVI.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-AUE16.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-9B853.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-S304E.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-J4AO4.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-AL6BV.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-0B7LC.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-PDFA8.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-9F4O2.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-E58V7.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-UVQVT.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-T1JBJ.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-PSGAR.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-8FULV.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-EGRSA.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File opened for modification	C:\Program Files\DubbingAI\api-ms-win-crt-filesystem-l1-1-0.dll	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-2BDP3.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-VR8G7.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-TI3OD.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-7NGQ3.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-HQHG0.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-LH958.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-DIFU1.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-BLD69.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-OMS5U.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-E49DG.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-R3KII.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-UHC2I.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-KO3JL.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-34BP6.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-MIHON.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-4Q1K4.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-TJEI6.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-TFK94.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-ALR2A.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-3VQ0H.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-DGFIC.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-HNF0H.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-29MER.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\win\is-39IID.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\updater\is-NSI48.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-L0OQ8.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-34HE0.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-9TQ4J.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp

Drops file in Windows directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\setupact.log	DrvInst.exe
File opened for modification	C:\Windows\setuperr.log	DrvInst.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\Fonts\is-1IJG6.tmp	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
File created	C:\Windows\INF\oem3.PNF	DrvInst.exe
File created	C:\Windows\INF\ks.PNF	DrvInst.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Executes dropped EXE 8 IoCs

pid	Process
776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
828	SetAudioDevice.exe
1824	devcon.exe
1304	find.exe
4828	devcon.exe
3228	SetAudioDevice.exe
2180	DubbingAI.exe
4904	DubbingAI.exe

Loads dropped DLL 34 IoCs

pid	Process
776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
828	SetAudioDevice.exe
828	SetAudioDevice.exe
828	SetAudioDevice.exe
3228	SetAudioDevice.exe
3228	SetAudioDevice.exe
3228	SetAudioDevice.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
2180	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DubbingAI_v1.6.2_08162000_Release_C_Setup.exe

Checks SCSI registry key(s) 3 TTPs 60 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4124	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e769023d24f0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 65a9b92924f0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI\shell\open\command	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com\NumberOfSubdom = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "430609112"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpenWithProgids\DubbingAI	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = c07261a256f0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000487bbdb4ea4c85a81a24c655bdba6a0c88a2b7641ee7d080672575b09546e87c104fdf0f91f1b80e04d6dfc8e6b613e6a453a8502ec9c020dd9d	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b8c23f2424f0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 002e263d24f0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 503fe15724f0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9a4d2a2424f0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
2180	DubbingAI.exe
2180	DubbingAI.exe
4904	DubbingAI.exe
4904	DubbingAI.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
3484	MicrosoftEdgeCP.exe
3484	MicrosoftEdgeCP.exe
3484	MicrosoftEdgeCP.exe
3484	MicrosoftEdgeCP.exe
3484	MicrosoftEdgeCP.exe
3484	MicrosoftEdgeCP.exe
3308	MicrosoftEdgeCP.exe
3308	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	4124	taskkill.exe
Token: SeAuditPrivilege	1960	svchost.exe
Token: SeSecurityPrivilege	1960	svchost.exe
Token: SeLoadDriverPrivilege	4828	devcon.exe
Token: SeRestorePrivilege	2244	DrvInst.exe
Token: SeRestorePrivilege	2244	DrvInst.exe
Token: SeRestorePrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2244	DrvInst.exe
Token: SeLoadDriverPrivilege	2180	DubbingAI.exe
Token: SeDebugPrivilege	4712	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4712	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4712	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4712	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3572	MicrosoftEdge.exe
Token: SeDebugPrivilege	3572	MicrosoftEdge.exe
Token: SeLoadDriverPrivilege	4904	DubbingAI.exe
Token: SeDebugPrivilege	196	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	196	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3572	MicrosoftEdge.exe
3484	MicrosoftEdgeCP.exe
4712	MicrosoftEdgeCP.exe
3484	MicrosoftEdgeCP.exe
4904	DubbingAI.exe
2664	MicrosoftEdge.exe
3308	MicrosoftEdgeCP.exe
3308	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 34 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 776	4144	DubbingAI_v1.6.2_08162000_Release_C_Setup.exe	74
PID 4144 wrote to memory of 776	4144	DubbingAI_v1.6.2_08162000_Release_C_Setup.exe	74
PID 4144 wrote to memory of 776	4144	DubbingAI_v1.6.2_08162000_Release_C_Setup.exe	74
PID 776 wrote to memory of 4124	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	75
PID 776 wrote to memory of 4124	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	75
PID 776 wrote to memory of 4124	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	75
PID 776 wrote to memory of 828	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	78
PID 776 wrote to memory of 828	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	78
PID 776 wrote to memory of 2632	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	80
PID 776 wrote to memory of 2632	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	80
PID 776 wrote to memory of 2632	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	80
PID 2632 wrote to memory of 1824	2632	cmd.exe	83
PID 2632 wrote to memory of 1824	2632	cmd.exe	83
PID 2632 wrote to memory of 1304	2632	cmd.exe	84
PID 2632 wrote to memory of 1304	2632	cmd.exe	84
PID 2632 wrote to memory of 4828	2632	cmd.exe	85
PID 2632 wrote to memory of 4828	2632	cmd.exe	85
PID 1960 wrote to memory of 224	1960	svchost.exe	87
PID 1960 wrote to memory of 224	1960	svchost.exe	87
PID 1960 wrote to memory of 2244	1960	svchost.exe	88
PID 1960 wrote to memory of 2244	1960	svchost.exe	88
PID 776 wrote to memory of 3228	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	89
PID 776 wrote to memory of 3228	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	89
PID 776 wrote to memory of 2180	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	92
PID 776 wrote to memory of 2180	776	DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp	92
PID 3484 wrote to memory of 4324	3484	MicrosoftEdgeCP.exe	97
PID 3484 wrote to memory of 4324	3484	MicrosoftEdgeCP.exe	97
PID 3484 wrote to memory of 4324	3484	MicrosoftEdgeCP.exe	97
PID 3484 wrote to memory of 3324	3484	MicrosoftEdgeCP.exe	102
PID 3484 wrote to memory of 3324	3484	MicrosoftEdgeCP.exe	102
PID 3484 wrote to memory of 3324	3484	MicrosoftEdgeCP.exe	102
PID 3308 wrote to memory of 200	3308	MicrosoftEdgeCP.exe	110
PID 3308 wrote to memory of 200	3308	MicrosoftEdgeCP.exe	110
PID 3308 wrote to memory of 200	3308	MicrosoftEdgeCP.exe	110

C:\Users\Admin\AppData\Local\Temp\DubbingAI_v1.6.2_08162000_Release_C_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\DubbingAI_v1.6.2_08162000_Release_C_Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Local\Temp\is-TI765.tmp\DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TI765.tmp\DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp" /SL5="$60200,103001501,928768,C:\Users\Admin\AppData\Local\Temp\DubbingAI_v1.6.2_08162000_Release_C_Setup.exe"
  2⤵
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:776
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill.exe" /IM DubbingAI.exe /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4124
- - C:\Program Files\DubbingAI\SetAudioDevice.exe
    "C:\Program Files\DubbingAI\SetAudioDevice.exe" get
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:828
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\DubbingAI\AudioMirror\install.bat""
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Program Files\DubbingAI\AudioMirror\devcon.exe
      devcon.exe status "Root\AudioMirror"
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      PID:1824
  - - C:\Program Files\DubbingAI\AudioMirror\find.exe
      find "Dubbing Virtual Device"
      4⤵
      Executes dropped EXE
      PID:1304
  - - C:\Program Files\DubbingAI\AudioMirror\devcon.exe
      devcon.exe install AudioMirror.inf Root\AudioMirror -v
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious use of AdjustPrivilegeToken
      PID:4828
- - C:\Program Files\DubbingAI\SetAudioDevice.exe
    "C:\Program Files\DubbingAI\SetAudioDevice.exe" set
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3228
- - C:\Program Files\DubbingAI\DubbingAI.exe
    "C:\Program Files\DubbingAI\DubbingAI.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Checks whether UAC is enabled
    - Checks computer location settings
    - Drops file in System32 directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2180

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1706c0f7-5257-c348-ba07-08cbb2adb589}\audiomirror.inf" "9" "41823b7ff" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "c:\program files\dubbingai\audiomirror"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:224
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "audiomirror.inf:f1d97002a6aaffa0:AudioMirror_Device:12.33.40.11:root\audiomirror," "41823b7ff" "0000000000000174"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of AdjustPrivilegeToken
  PID:2244

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3572

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3484

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3324

C:\Program Files\DubbingAI\DubbingAI.exe
"C:\Program Files\DubbingAI\DubbingAI.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:500

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\DubbingAI\AudioMirror\AudioMirror.inf

Filesize
5KB

MD5
f5d9ad8275255b0fbee239f3960da265

SHA1
0f4bea0d2f4e488b66d52668a0ce8eabbe58e057

SHA256
b4216f74d8c68396e5b2ee5da78ed4802347986e4f9ebf918d783579f8708202

SHA512
2740a19538c72591c0a825b9adfb36f168df59c059ebbf8ebda6acea03e9e1016f5aac44e839a4e24c7713d27c8005e1b5e3f0b027b589dde2a18b983be5a837

Download Submit
C:\Program Files\DubbingAI\AudioMirror\devcon.exe

Filesize
81KB

MD5
816c4e245b286b4e4903131f75a94948

SHA1
eda70c1fc8a461efb0e376d42e35a72b96175e4d

SHA256
aca1bda08690dcca930254f96f9185c776671a85a58ffa1b59cf16017546f218

SHA512
d0dc74956c57403c0638e6595aaf1c2eb75233997a15170b064261a5d3f1f525a3e35e13fef04c36cc20fd1d5d1cf000a5fb7a646bf2cf1cea73817e5d3335b3

Download Submit
C:\Program Files\DubbingAI\AudioMirror\find.exe

Filesize
17KB

MD5
ae3f3dc3ed900f2a582bad86a764508c

SHA1
1e44ee63bdb2cf3a6e48b521844204218a001344

SHA256
1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab

SHA512
059c0a371aada5f36e72196109c06208b68475ed0fbefb950beb0cbea2c29595151d65b087c5113af41df926596c4fe4e01102daf4b75e999cf6d6517d26ff63

Download Submit
C:\Program Files\DubbingAI\AudioMirror\install.bat

Filesize
223B

MD5
70e7c009a4f8a420755c0efc4197e642

SHA1
6dcae12ede6c84626a6cdef9614a8ead66f42ba3

SHA256
b517734c72a6bee139b181ce8ed7926d0e2e1cf98a1e2a0bdbc28806549c3003

SHA512
7dee3e85f7b60c847c4e628f1380512e4f58d78dabfac62f10130c637b0cadf6897e8f6dc48aa4c034d013e75d187cda587747fb311688cf51a0a953c333708e

Download Submit
C:\Program Files\DubbingAI\DubbingAI.exe

Filesize
3.4MB

MD5
4ea3d22adb4d3246a94afc167308cade

SHA1
0e4866c27c21e1d4e0aa90f1a2cb5fa5f06aca2b

SHA256
29d73df4d1433dc43c5723d870f2ccff4747ac9beb44bd31ad1d5d7f02bb0e5d

SHA512
ae01512c2c19727a153550b40a2b2ac32943d31e418058a3d62b246b6efcf33610d4706fc0b5f9f6a46516d9717d1bfe1d1bb73e7fd93b6a34e495e581342b41

Download Submit
C:\Program Files\DubbingAI\InDeviceId.ini

Filesize
55B

MD5
65f9db521499870c0c6ea7ae0f6faaca

SHA1
c6ddd72056657f61aae383be251d23571643711a

SHA256
65bb6b5b3ed6737e0b7893c50c8572527cf3aac18980a96e868495ce7e050a33

SHA512
c1143e5973e0ab4e17f4b7fd6b9e114d9e31ffc782086204c39a2b2e61d33e6ca5149bd622422ec3353715c8ba5a5f0845f8a7a091d44844fcfb5bb2af0b43a5

Download Submit
C:\Program Files\DubbingAI\MSVCP140.dll

Filesize
555KB

MD5
0d9ffc3f4d6a9e762282891c7b4c61e1

SHA1
15468bd1183b091b92f9e9a3bd352c0562b5b9a3

SHA256
b2bd81e9ae5cf2714c8a245428ef22fa5eab3e3b92a926ef395e1f3733939e25

SHA512
9d8529f9f043196b101a2bd3c9d13a5b8b9e09bc827f5afdd86894998ca1463fc8f74fea66c5b33498b2685294c2f90c75ce9efd77f7bccf19337ebd37ea413e

Download Submit
C:\Program Files\DubbingAI\OutDeviceId.ini

Filesize
55B

MD5
9274c7e5d2844500887f3c4e03fc342a

SHA1
c248c3ddf01926d5cc91263bcf3e7653948626a3

SHA256
a019755505dc494c5ee549d2fe855330a3c7ae04ece53513b1e54bf22b8b799a

SHA512
dbde73152570ac3d7783a7f2482747a9161b4d06302726ea69f96922e6213dc9f9f777689eccb9b2ebd6a095c63844140d11a66317317d04dec1ac79af3c70f7

Download Submit
C:\Program Files\DubbingAI\SetAudioDevice.exe

Filesize
82KB

MD5
cb084353c30a8a949a133ce647e9d6d4

SHA1
d04d9b214b928fede9aa895e95b9fdb1f7874496

SHA256
def90008d015ea9c5b935208dacd4371c071bc96f390dd8b6a79af3a45336cde

SHA512
f2c1b43773f38320fb63c9f95272f689d59e9b8762c6534c81552fe9ca5408f0eec8fb393f9ec16e29baad7d57eb5ddc52931d04d578f383e2c57a1b711f4baf

Download Submit
C:\Program Files\DubbingAI\libsamplerate-0.dll

Filesize
1.4MB

MD5
a3152f39f57ad9419e24978073de8f88

SHA1
5b1428bfd1a5de018d43e3f3925d2750f326ed4a

SHA256
c395fa20bb73ea23ff0b1a796b6c067cfa547e51fbedcf837b86578867d96325

SHA512
ad797813e5b4153280e39c18751756010cf00c8a05b7efb24aa28e4a3a64e6e56dbbbe665555fb17c43696b6d495f6c2bcd24e5e87d285d0430e62ea34e601c6

Download Submit
C:\Program Files\DubbingAI\logInfo2024_08_16_21_34_46_110.log

Filesize
480B

MD5
4aa46475274514338587d82bcd1ea98a

SHA1
b83cc18a33b1fbcdab7a84d786494774f2ca3d71

SHA256
159eeaf63e55252f09784f865dac997e0eb93c2581a70ef5c83f8a329744b935

SHA512
fc4d20e8b5e087c96411acbf8475054ce834926507e185926584b9ef10016bff2189c40522c7e280810c38b021d6f7764369352681d3eddb80a76157f749c87b

Download Submit
C:\Program Files\DubbingAI\logInfo2024_08_16_21_35_24_321.log

Filesize
480B

MD5
f497a1e1360cfc29b010c08b27c0dc29

SHA1
8f5c3bd82f888dbce156a7c12c7cebea9c4402f2

SHA256
14ea1807ccfc8f25cb00712466be2769531173d249419a796ad380a4657a68a0

SHA512
a56a8945b34340ebf41b7648ce3426585bfa4542d2c88d98afbba5c021585d9f1cfdea707c5f694b2c7bc49af0347790aa276ce678e76ab871f5980e828ff005

Download Submit
C:\Program Files\DubbingAI\res\drawable\DubbingAI_splash.png

Filesize
9KB

MD5
69da2fc513db63b4754f8493d8b13130

SHA1
588042efbf1677dbbe67e29b6ff6465a3bf32043

SHA256
1c5915a904c7c2a346aa58e8783dcc691e366efdebf9a750f7e410877e1cfd27

SHA512
2b76d1520a186bf398ea83fc8ba5ed001f3baf6f4af225d35d3f7a0f1fb615d97c9ef543ecbf4659440ce4230a4ed76dfdf6e0162fa4bfd6f748685a5cae54e1

Download Submit
C:\Program Files\DubbingAI\res\drawable\icon_halo_mango.png

Filesize
5KB

MD5
b0dc90f989c07770074ac7bc440923c9

SHA1
a07b628d3eada7109ecfc81bd5ca20e16171cde1

SHA256
1b83170c33b44106113097d982fb776a810cc151d195b81ba38c46b06e4b2f80

SHA512
6af842adac44ee9ed060eee270ed2daab8166a837ace78f9a08bab237e45f721c614652d0ffc02f98f3f7efee0ed9ac544f20d2c269370b8b19436df4004a551

Download Submit
C:\Program Files\DubbingAI\res\lang\lan_en.xml

Filesize
38KB

MD5
66d0e4adfe09c3f538f15ccf8a25f7f9

SHA1
269ac3519cd666760c9df0ba847e72e92c773e5c

SHA256
64dd60ffba0a130133e3cbe82978fa0ef42b64783a0456a478b47bda23e209ec

SHA512
4b3e3c2cf57893e427bc6ebefe7498cab7ac700a4450ffb767b4a9577399ab6b6703945cb4811943039726d96f451b48f687c163ef37b8751f0f74ee8ee1d355

Download Submit
C:\Program Files\DubbingAI\res\layout\wnd_splash.xml

Filesize
169B

MD5
c6bdbd0caffe891fcdd579f09eaf1e88

SHA1
fcc30b16603d9f44cc0e4174a3d6784d1ffd11d9

SHA256
a991596e27b28ebfd6e673ef0ee7a0d5ab4af0cf1db768992b8ef174d480c803

SHA512
b93e3b07112491dc673e90a9323d7fdd47a374eb7be7b5945aea9edb0779a86208b45be343a5db3e2a0029e494d970ea95212bc5f84da69a4e81791c079c6552

Download Submit
C:\Program Files\DubbingAI\res\layout\wnd_toast.xml

Filesize
410B

MD5
fc10f47767a7c6e7c34ce222653bc1f4

SHA1
2112f7fb016ced546763562eceef6997fb174064

SHA256
10b3eb596a8e3330382c6ecb63c7d7a18e9b427a8ec6ddc36a7af8b27f807e5d

SHA512
6afd4a6bdc4a4ddec2284837f1cd02d5675ab24c5a01742a4b27ed462fe6c704be6bd7309b88dc5eec73a8ef0c07616b19d89d077f3da23102a6ed6226a09d78

Download Submit
C:\Program Files\DubbingAI\res\res.xml

Filesize
7KB

MD5
b92d1e6af6b34e8a96a09842d69bdcf6

SHA1
a208bbcce5fe77694002e71f3936de6593ca5ce9

SHA256
525fe0e814ff376e202ae31f44a30e2f4aff26d941271ded235eb21c9c7aad5d

SHA512
bbc765e36348dc0fe591085f6ea30e8148df8ca198eb4019fe8fc3cb4d6c927c99f74cbc6fbcee410af977285e323aba448bf34d926f8383490eac70708a4c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0NGE19MV\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KAD4R23F\favicon[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF5CDDF0BF7D668FD2.TMP

Filesize
16KB

MD5
a6cfa4c759e315722b3418cf7ee65486

SHA1
13fac830b7fba0e0c15b5ca19fbf33f38c1989cb

SHA256
65865907d12f5d32a8f093b69cf2a57d84bae127347f275f0c6aa9c72fc398dd

SHA512
168f2522d9e662357cbb0e759f78f4603e1f08b002e0a88bd2da380d3130b6003074066527b85141e6cd899e1249a3230c9a9a2c0272fb226834c3c3978064c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TI765.tmp\DubbingAI_v1.6.2_08162000_Release_C_Setup.tmp

Filesize
3.1MB

MD5
82f36924d4d3a33686ef15d33c150f10

SHA1
50eb1335cbac715ebe2baa7ab7c197f9cf89f519

SHA256
90d44facabc9621dfca9c2fdce76ce2e7b5375e14b95418d7ec1591122ee9052

SHA512
cc1a6e23eb4a735f786cb80a2175f97fb866671367f33bdca68b3bc718082e6f49995e0edc5082745fba79c825a588e507bc7cd8f7e9e43513c05e43ad2773d5

Download Submit
C:\Windows\Fonts\SourceSans3-Regular.ttf

Filesize
421KB

MD5
c056d313af09e05a5912778e0834bece

SHA1
f63b2573a8d85c28fbe8fc15d732e88b381faa4c

SHA256
4644c81b86ec9caaa76b634889968ed3c4f4f52f054855933acc7c2b21e53b0f

SHA512
4cfe3f262c5fd33405af5ab3dd315e291738088f569cd5bd99946dd3c9959e95898f5f1c6f6c7d23494a9b013d5475c8c954686abd560870f3339881cd158318

Download Submit
C:\Windows\INF\oem3.PNF

Filesize
15KB

MD5
9271604d8427b7b678014b6daca0d37a

SHA1
4dd0e2dd63381405b273b32abbd9c52cf69a6b7e

SHA256
787d0092af6057c7aefd2526db48ed5a5e1be92ab1e19505e216f782e1138e14

SHA512
bbaddc40428bbedc51932c557727570be7b7c9215b017adc311259db17e0b1bea89e4e6543dbb0f0d6e6b073dc771bfff9d15a375463cc3d8bc099b60a71dc98

Download Submit
C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.PNF

Filesize
15KB

MD5
ceb027ca58fb525c1b66e64fabe186a9

SHA1
7b62b39cbe463af75d9bfcc8e4d5607c1f5c7b2a

SHA256
214f3028dfe713a5170e281687f50d421940db739ae13fb35492b1279e590b54

SHA512
37a9280e7de30a713d69f395abcc237fa037d4613a10270c7a89de72539439749026e395d654ac3b0bdf8c18097e12c52efce9557e5271b32631290976ba5bd7

Download Submit
\??\c:\PROGRA~1\DUBBIN~1\AUDIOM~1\AUDIOM~1.SYS

Filesize
60KB

MD5
52d2a437987ad25f2089ab0ab72f05f5

SHA1
3bf5aef0a7b31ab8da46174a0ede8d52384d629b

SHA256
9ccc1546f7df007944af1fe77e1a7769b3b692167e065af53b0c6fa43c180490

SHA512
7a3eea971aaa250997aa0a7fc7201908f16dcd58f355c9781d31a5b96cd949a71b5f8b0f9d185ef2c4121c953229f767a649363cdaf25bb17eb51c29cfa2f119

Download Submit
\??\c:\program files\dubbingai\audiomirror\AudioMirror.cat

Filesize
11KB

MD5
8caa25db0b3e09c258435159ddb11123

SHA1
1419fddd79cf5adf908c19019d6d82875026bed9

SHA256
a7c19e8213d87f5949a4db449798997a71c3ffeca600618c607e8aac9c787814

SHA512
ea2c3fdab25fd6a69dff7f44d5aa5df39ed62108eba27b68fd4e9c2b570b851f20c4b6100626b06f30e78fbde6f242385fb4d3c48e5bfec275c871aebf3a1fd3

Download Submit
\Program Files\DubbingAI\dubbing-base.dll

Filesize
3.5MB

MD5
fc704eeb1add0c480a74a9bdcd77206f

SHA1
4447cf1216148187dc5276e5becd082ad61fa638

SHA256
295b5169b550b364554411cca0fe5c9f57bbfe36801244889dda5b74e00d8763

SHA512
cc5ddc8af7d677b5b192cb1e9a89c88708edd8db85eb134aa2f919e5003023b32daae56e098cf7822656e241887084b7c80027db39cc4f16c091261adbafbd0f

Download Submit
\Program Files\DubbingAI\dubbing-sdk-windows.dll

Filesize
3.6MB

MD5
5f74a32421dbbefbcb5c162da86fdeef

SHA1
0d585f6ec55c3f5c3360d174001c21b3d64fb2d8

SHA256
d41fadca0469477bf854d2a11e5726527e7e1af53c9970d11a18685107307190

SHA512
f747d11968565d176c2224fc8306f01bd97bfe6b7e0f66208ac7fd51616a4f6d81bc3d932f82f1a07c0d04da5add60da513cc7e7839e4e6d8ee77aa5f5e726ba

Download Submit
\Program Files\DubbingAI\libagora_audio_processing.dll

Filesize
9.8MB

MD5
934eb15b076f39cd5e0a4563d4c26070

SHA1
e8a1a75400e49ddb087e6d63236d853a3c3a4e64

SHA256
867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29

SHA512
19ef605f0364fd2bee08adfef0d69a124c5a4d58faef7f915feff49d2314929e8a6f5defefd4035ea3195d07cbc9f4214542e4c6300a27e4d4e5d6d9df94aeda

Download Submit
\Program Files\DubbingAI\libcurl.dll

Filesize
369KB

MD5
79da7507ead61b2b6cd2060a2ffaaa5d

SHA1
bd6aa8c56c3bba171a23d14db6e5cb60d014ad57

SHA256
aeed15aa1949050d0c2bd3b9d2d7f0af8dd2cb544ab0b7efec070da533db5a1d

SHA512
26b8d4d35c1c308b28d7447777e14acde4edbfda8c441cc89bb53b0e386e2e083d0670839324e00eea96618b0e31df2f851cedb19b63a4c2360fa938d11183e9

Download Submit
\Program Files\DubbingAI\libeay32.dll

Filesize
2.0MB

MD5
af94333b32b5600d81399f44ba33c41a

SHA1
f4fdac998c0e143bb838bb038c6f5a6f0ed8f463

SHA256
9462951326bc42a99533f75f191e8f527de5575aedb43229559a677b973766d3

SHA512
cd5fa74ec507d48c003ac7bb20632cdb2e8de0d2222982d98579a8a451bc799039f000ebe8bed7e8670a81f488451903d747951b9eb8b0306648de732e1aceb1

Download Submit
\Program Files\DubbingAI\libspeexdsp.dll

Filesize
128KB

MD5
65575ef949097fe2188dd5b21ea6f176

SHA1
cf1058bd18fc874ecba4b682f3aa1e1fec5bb8ed

SHA256
071feed74d724c72049c8c5d48b7e8a2a61697383d84b41d8d639346b6ae4f44

SHA512
fad8956df63535a8f716024bc102f51327694ec17b3bc26621ac89757a32bf521f78354b21a3e687b7d108908d4db63827c93b0d60718ee2142c15ed219b3da3

Download Submit
\Program Files\DubbingAI\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
\Program Files\DubbingAI\ssleay32.dll

Filesize
345KB

MD5
0e3630d64f2c2275e27bf8d22a0b27af

SHA1
f01b6fdaa3bc0a1c512c3d0a16ed9bf151f13cb3

SHA256
11451c44e9fd3af5763f2b24e477eb4c180984ed01bb475a8b591e27d6814f1d

SHA512
c68ce7c4ef663b5eb0493b079d216c9cff4df3be65580ccb9b95436a6e34c91d931feb6de4029bc050d11da27620311e1569280b4781c096e5e57a02b71bb96b

Download Submit
\Program Files\DubbingAI\vcruntime140.dll

Filesize
96KB

MD5
882da7657405a220fa53d14d663bb216

SHA1
aba49ae69d6c5622ff0598de541aa4d126a4a16c

SHA256
e808fc3824026ba2216c89d3eec46c8202d5eef8d47f797b4f0e7ffa4644cce2

SHA512
833d5fded349da03eff8b20bbdfffc39acf79fb813f506956e28ca064247e5cc2b0ec959f7133ea89448d2ba06d3baad7cb1f64ece37b1cdce52b69bf898c966

Download Submit
\Program Files\DubbingAI\vcruntime140_1.dll

Filesize
36KB

MD5
ac5f3720519c641e361ee6ec12d1775a

SHA1
74634eb85c3eadfefe7bcd4520526eca266a2990

SHA256
07ac39c0043a84bd55acab926e84068a24f7824376037da8e75535c2ca7b0c01

SHA512
a024329a567c92bd3f018f9389a6f5043d7194bc26fc7569c3519208697cd84570e0e6f94c4ae34e7ce0e3bc3d26503351493127bd5aa727dd9b1eb2d84f996f

Download Submit
\Program Files\DubbingAI\zlibwapi.dll

Filesize
102KB

MD5
1a73b3d3e4467fd99936b9887ac98a6c

SHA1
071e382b801533328626c07f870f6a12287d28d7

SHA256
600a58a9d9a898955e8debcfc9e4e52eb06f01bc781bdae836f9dfe656284f60

SHA512
71acf6d1eb3dfe9e850f6665abd2aebddd693ba3f19b44b827c1ea3edd86f93f3366d16ecc7139f225bf9ce1071d07bbbcd1238a79ab58292e5c8f51bc559cb7

Download Submit
\Users\Admin\AppData\Local\Temp\is-FACGD.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
memory/776-6-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/776-4044-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/776-15-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/776-4611-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/776-4644-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/2180-4652-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp

Filesize
9.6MB

Download
memory/2180-4717-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4654-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp

Filesize
9.6MB

Download
memory/2180-4640-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4651-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp

Filesize
9.6MB

Download
memory/2180-4653-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp

Filesize
9.6MB

Download
memory/2180-4648-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4650-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4649-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4676-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp

Filesize
9.6MB

Download
memory/2180-4677-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4646-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4647-0x00007FFD58650000-0x00007FFD59097000-memory.dmp

Filesize
10.3MB

Download
memory/2180-4715-0x00007FFD590A0000-0x00007FFD59A46000-memory.dmp

Filesize
9.6MB

Download
memory/3572-4678-0x0000023C63120000-0x0000023C63130000-memory.dmp

Filesize
64KB

Download
memory/3572-4694-0x0000023C63220000-0x0000023C63230000-memory.dmp

Filesize
64KB

Download
memory/3572-4713-0x0000023C60600000-0x0000023C60602000-memory.dmp

Filesize
8KB

Download
memory/4144-4645-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/4144-0-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/4144-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4144-13-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/4324-4753-0x0000027A3BE60000-0x0000027A3BE62000-memory.dmp

Filesize
8KB

Download
memory/4324-4749-0x0000027A3BD80000-0x0000027A3BD82000-memory.dmp

Filesize
8KB

Download
memory/4324-4751-0x0000027A3BDA0000-0x0000027A3BDA2000-memory.dmp

Filesize
8KB

Download
memory/4712-4726-0x000002DD5AE00000-0x000002DD5AF00000-memory.dmp

Filesize
1024KB

Download
memory/4712-4725-0x000002DD5AE00000-0x000002DD5AF00000-memory.dmp

Filesize
1024KB

Download
memory/4904-4793-0x00007FFD580C0000-0x00007FFD58B07000-memory.dmp

Filesize
10.3MB

Download
memory/4904-4816-0x00007FFD580C0000-0x00007FFD58B07000-memory.dmp

Filesize
10.3MB

Download
memory/4904-4854-0x00007FFD580C0000-0x00007FFD58B07000-memory.dmp

Filesize
10.3MB

Download