4143f13681d6e1529438ac44f4df991b84308fcae56a578f19d86701fc48c6e4

Analysis

max time kernel
48s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DubbingAI_v1.6.3_09022103_Release_C_Setup.exe
Size

100.1MB
MD5

49982806bad6aad3351fcc7cdb27ac03
SHA1

7d687b2234151d2190c86f2bab080ae677b0e21b
SHA256

4143f13681d6e1529438ac44f4df991b84308fcae56a578f19d86701fc48c6e4
SHA512

b5f2c91a2fc9677ce77831ca457fbca4e30e819cdcf114c438f2d62f3261bb5a10f509b68fea7561585354181bc7628033de3053a6fc5de2b88e15e9515c238a
SSDEEP

3145728:2GPVeEdxnT3lxmWDHa8e0NxQvmKzIC2qMa6tTLjUTEKX:2snyea8eOCCptTv0EKX

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	DubbingAI.exe

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\SETEF03.tmp	DrvInst.exe
File created	C:\Windows\System32\drivers\SETEF03.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\AudioMirror.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DubbingAI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	DubbingAI.exe

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x00070000000234fb-4810.dat	themida
behavioral2/files/0x0007000000023e03-4818.dat	themida
behavioral2/memory/620-4833-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida
behavioral2/memory/620-4841-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida
behavioral2/memory/620-4840-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida
behavioral2/memory/620-4843-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida
behavioral2/memory/620-4844-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida
behavioral2/memory/620-4845-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida
behavioral2/memory/620-4847-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp	themida
behavioral2/memory/620-4848-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp	themida
behavioral2/memory/620-4846-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp	themida
behavioral2/memory/620-4849-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp	themida
behavioral2/memory/620-4869-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp	themida
behavioral2/memory/620-4870-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DubbingAI.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.PNF	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\AudioMirror.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\SETED20.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\AudioMirror.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\SETED20.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\AudioMirror.cat	DrvInst.exe
File created	C:\Windows\system32\sysdbdn	DubbingAI.exe
File created	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\SETED1F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\audiomirror.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\SETED21.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\SETED21.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\AudioMirror.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{dd1e3381-f642-0547-9e3a-c9e96db2e4a3}\SETED1F.tmp	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DubbingAI\vc_model\is-9RQNS.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-8K6J2.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\is-RDVV8.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-ICGSG.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\subscription\is-17VLJ.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-HI3CT.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-P26AU.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-DR07S.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-65JO4.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-NVK7E.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\gift\is-2F4RE.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-TBLIK.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-2OK6F.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-N7P2T.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-B1VU1.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-NI43S.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-B3F9F.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-DF4AQ.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-FD1B0.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\is-L05LB.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-NRKGF.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-80ELU.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-3SN8S.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-MHPCR.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\lang\is-PULJG.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-VI7KH.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-BD6JF.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-EVFSR.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-BF456.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-9QMDD.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-HI3M7.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\cloning\is-AF79M.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-4E6ST.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-VO9NV.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-I82D2.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-QR4T9.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-4T8QI.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-IHVFE.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-EPED9.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-AGCUG.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-FA8VJ.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-1MDKU.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\cloning\is-3O3T0.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-0F6QO.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-D5P3D.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-SIG90.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-K7HNG.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-324TN.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-DI6DB.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-AMSJM.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-GUK8C.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-DADRE.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-SNBPD.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\gift\is-4EMQV.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-05TV8.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\gift\is-R7G8B.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-U8IDN.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-R4P92.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-5E3BA.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-OA7JG.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-37IPI.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\blind\is-20V6E.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-ER8PD.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\box_mini_small\is-HR1B5.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Fonts\is-CQ1I0.tmp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
File created	C:\Windows\INF\c_media.PNF	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe

Executes dropped EXE 7 IoCs

pid	Process
3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
4164	SetAudioDevice.exe
372	devcon.exe
1892	find.exe
5088	devcon.exe
1204	SetAudioDevice.exe
620	DubbingAI.exe

Loads dropped DLL 24 IoCs

pid	Process
3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
4164	SetAudioDevice.exe
4164	SetAudioDevice.exe
4164	SetAudioDevice.exe
4164	SetAudioDevice.exe
1204	SetAudioDevice.exe
1204	SetAudioDevice.exe
1204	SetAudioDevice.exe
1204	SetAudioDevice.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe
620	DubbingAI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DubbingAI_v1.6.3_09022103_Release_C_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2860	taskkill.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe\SupportedTypes	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe\SupportedTypes\.myp	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\URL Protocol = "DubbingAI"	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI\DefaultIcon	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell\open\command	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\DefaultIcon\ = "C:\\Program Files\\DubbingAI\\DubbingAI.exe,0"	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell\open	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\ = "DubbingAI"	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI\shell\open\command	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\\OpenWithProgids	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpenWithProgids\DubbingAI	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell\open\command\ = "\"C:\\Program Files\\DubbingAI\\DubbingAI.exe\" \"%1\""	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\DubbingAI.exe\SupportedTypes	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
620	DubbingAI.exe
620	DubbingAI.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	2860	taskkill.exe
Token: SeAuditPrivilege	1540	svchost.exe
Token: SeSecurityPrivilege	1540	svchost.exe
Token: SeLoadDriverPrivilege	5088	devcon.exe
Token: SeRestorePrivilege	1896	DrvInst.exe
Token: SeBackupPrivilege	1896	DrvInst.exe
Token: SeRestorePrivilege	1896	DrvInst.exe
Token: SeBackupPrivilege	1896	DrvInst.exe
Token: SeRestorePrivilege	1896	DrvInst.exe
Token: SeBackupPrivilege	1896	DrvInst.exe
Token: SeLoadDriverPrivilege	1896	DrvInst.exe
Token: SeLoadDriverPrivilege	1896	DrvInst.exe
Token: SeLoadDriverPrivilege	1896	DrvInst.exe
Token: SeLoadDriverPrivilege	620	DubbingAI.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 3500	4704	DubbingAI_v1.6.3_09022103_Release_C_Setup.exe	86
PID 4704 wrote to memory of 3500	4704	DubbingAI_v1.6.3_09022103_Release_C_Setup.exe	86
PID 4704 wrote to memory of 3500	4704	DubbingAI_v1.6.3_09022103_Release_C_Setup.exe	86
PID 3500 wrote to memory of 2860	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	87
PID 3500 wrote to memory of 2860	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	87
PID 3500 wrote to memory of 2860	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	87
PID 3500 wrote to memory of 4164	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	96
PID 3500 wrote to memory of 4164	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	96
PID 3500 wrote to memory of 1664	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	98
PID 3500 wrote to memory of 1664	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	98
PID 3500 wrote to memory of 1664	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	98
PID 1664 wrote to memory of 372	1664	cmd.exe	101
PID 1664 wrote to memory of 372	1664	cmd.exe	101
PID 1664 wrote to memory of 1892	1664	cmd.exe	102
PID 1664 wrote to memory of 1892	1664	cmd.exe	102
PID 1664 wrote to memory of 5088	1664	cmd.exe	103
PID 1664 wrote to memory of 5088	1664	cmd.exe	103
PID 1540 wrote to memory of 3172	1540	svchost.exe	105
PID 1540 wrote to memory of 3172	1540	svchost.exe	105
PID 1540 wrote to memory of 1896	1540	svchost.exe	106
PID 1540 wrote to memory of 1896	1540	svchost.exe	106
PID 3500 wrote to memory of 1204	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	108
PID 3500 wrote to memory of 1204	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	108
PID 3500 wrote to memory of 620	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	110
PID 3500 wrote to memory of 620	3500	DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp	110

C:\Users\Admin\AppData\Local\Temp\DubbingAI_v1.6.3_09022103_Release_C_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\DubbingAI_v1.6.3_09022103_Release_C_Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Users\Admin\AppData\Local\Temp\is-882VM.tmp\DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-882VM.tmp\DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp" /SL5="$B024C,103985754,928768,C:\Users\Admin\AppData\Local\Temp\DubbingAI_v1.6.3_09022103_Release_C_Setup.exe"
  2⤵
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3500
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill.exe" /IM DubbingAI.exe /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2860
- - C:\Program Files\DubbingAI\SetAudioDevice.exe
    "C:\Program Files\DubbingAI\SetAudioDevice.exe" get
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4164
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\DubbingAI\AudioMirror\install.bat""
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Program Files\DubbingAI\AudioMirror\devcon.exe
      devcon.exe status "Root\AudioMirror"
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      PID:372
  - - C:\Program Files\DubbingAI\AudioMirror\find.exe
      find "Dubbing Virtual Device"
      4⤵
      Executes dropped EXE
      PID:1892
  - - C:\Program Files\DubbingAI\AudioMirror\devcon.exe
      devcon.exe install AudioMirror.inf Root\AudioMirror -v
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious use of AdjustPrivilegeToken
      PID:5088
- - C:\Program Files\DubbingAI\SetAudioDevice.exe
    "C:\Program Files\DubbingAI\SetAudioDevice.exe" set
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1204
- - C:\Program Files\DubbingAI\DubbingAI.exe
    "C:\Program Files\DubbingAI\DubbingAI.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Checks whether UAC is enabled
    - Drops file in System32 directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{dfeb8638-97bd-f741-afe7-3a0d5fcc9269}\audiomirror.inf" "9" "41823b7ff" "0000000000000144" "WinSta0\Default" "0000000000000158" "208" "c:\program files\dubbingai\audiomirror"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3172
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:f1d97002a6aaffa0:AudioMirror_Device:12.33.40.11:root\audiomirror," "41823b7ff" "0000000000000144"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:1896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\DubbingAI\AudioMirror\AudioMirror.inf

Filesize
5KB

MD5
f5d9ad8275255b0fbee239f3960da265

SHA1
0f4bea0d2f4e488b66d52668a0ce8eabbe58e057

SHA256
b4216f74d8c68396e5b2ee5da78ed4802347986e4f9ebf918d783579f8708202

SHA512
2740a19538c72591c0a825b9adfb36f168df59c059ebbf8ebda6acea03e9e1016f5aac44e839a4e24c7713d27c8005e1b5e3f0b027b589dde2a18b983be5a837

Download Submit
C:\Program Files\DubbingAI\AudioMirror\devcon.exe

Filesize
81KB

MD5
816c4e245b286b4e4903131f75a94948

SHA1
eda70c1fc8a461efb0e376d42e35a72b96175e4d

SHA256
aca1bda08690dcca930254f96f9185c776671a85a58ffa1b59cf16017546f218

SHA512
d0dc74956c57403c0638e6595aaf1c2eb75233997a15170b064261a5d3f1f525a3e35e13fef04c36cc20fd1d5d1cf000a5fb7a646bf2cf1cea73817e5d3335b3

Download Submit
C:\Program Files\DubbingAI\AudioMirror\find.exe

Filesize
17KB

MD5
ae3f3dc3ed900f2a582bad86a764508c

SHA1
1e44ee63bdb2cf3a6e48b521844204218a001344

SHA256
1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab

SHA512
059c0a371aada5f36e72196109c06208b68475ed0fbefb950beb0cbea2c29595151d65b087c5113af41df926596c4fe4e01102daf4b75e999cf6d6517d26ff63

Download Submit
C:\Program Files\DubbingAI\AudioMirror\install.bat

Filesize
223B

MD5
70e7c009a4f8a420755c0efc4197e642

SHA1
6dcae12ede6c84626a6cdef9614a8ead66f42ba3

SHA256
b517734c72a6bee139b181ce8ed7926d0e2e1cf98a1e2a0bdbc28806549c3003

SHA512
7dee3e85f7b60c847c4e628f1380512e4f58d78dabfac62f10130c637b0cadf6897e8f6dc48aa4c034d013e75d187cda587747fb311688cf51a0a953c333708e

Download Submit
C:\Program Files\DubbingAI\DubbingAI.exe

Filesize
3.5MB

MD5
bf22ca98cea8d6f94ebfe465cf00f751

SHA1
b145bb6c62689c7059455bd7734c67364cec668f

SHA256
94c8c9ad43f1c4d79f8604ef96324a6487225dc3cd64ba517929cba1cdfacca5

SHA512
8b2bc3e753dee1f990f5a09434cfe662359e1fde08288b421cc7087b6664f8ccc7272482eb31c3801d63360b331153fff5aa8f68e42eb57e9ce43d231c758f38

Download Submit
C:\Program Files\DubbingAI\InDeviceId.ini

Filesize
55B

MD5
9aa07e94a93dbe28a2f83580192e20ae

SHA1
21a2bf504d452ff3defe6d0ef9a521460844136e

SHA256
f160338febf2f60a8a9e66dd0138be657a9fb3a965e1992d9b9fdaf8c9cc68f4

SHA512
ab5c44893e5ff60318b7f24acd9368cb031405586668c224ebfb0e1f451a8b6b1107c7ee7a1abef8e52a78f79ac20c21da4cbb9e6d9957446cf19d7d80ebf3aa

Download Submit
C:\Program Files\DubbingAI\LIBEAY32.dll

Filesize
2.0MB

MD5
af94333b32b5600d81399f44ba33c41a

SHA1
f4fdac998c0e143bb838bb038c6f5a6f0ed8f463

SHA256
9462951326bc42a99533f75f191e8f527de5575aedb43229559a677b973766d3

SHA512
cd5fa74ec507d48c003ac7bb20632cdb2e8de0d2222982d98579a8a451bc799039f000ebe8bed7e8670a81f488451903d747951b9eb8b0306648de732e1aceb1

Download Submit
C:\Program Files\DubbingAI\MSVCP140.dll

Filesize
555KB

MD5
0d9ffc3f4d6a9e762282891c7b4c61e1

SHA1
15468bd1183b091b92f9e9a3bd352c0562b5b9a3

SHA256
b2bd81e9ae5cf2714c8a245428ef22fa5eab3e3b92a926ef395e1f3733939e25

SHA512
9d8529f9f043196b101a2bd3c9d13a5b8b9e09bc827f5afdd86894998ca1463fc8f74fea66c5b33498b2685294c2f90c75ce9efd77f7bccf19337ebd37ea413e

Download Submit
C:\Program Files\DubbingAI\OutDeviceId.ini

Filesize
55B

MD5
18528e5aff77e3b360c65ace74141089

SHA1
3929dd904470efe6e9ef405bb08bb573fda8ff23

SHA256
88d4125e403912fde2c0f9bb4d0c0649e3dff27d7c5fb277e4535a14b5b442f3

SHA512
d39c298da71c339f84cefcf79d5a98914209fa36374c15267dbadd41308b127d167ae6faf7d544a7a9dee0b4d730a241647f51ac906ca8ab1e01909e07796d94

Download Submit
C:\Program Files\DubbingAI\SetAudioDevice.exe

Filesize
82KB

MD5
cb084353c30a8a949a133ce647e9d6d4

SHA1
d04d9b214b928fede9aa895e95b9fdb1f7874496

SHA256
def90008d015ea9c5b935208dacd4371c071bc96f390dd8b6a79af3a45336cde

SHA512
f2c1b43773f38320fb63c9f95272f689d59e9b8762c6534c81552fe9ca5408f0eec8fb393f9ec16e29baad7d57eb5ddc52931d04d578f383e2c57a1b711f4baf

Download Submit
C:\Program Files\DubbingAI\VCRUNTIME140.dll

Filesize
96KB

MD5
882da7657405a220fa53d14d663bb216

SHA1
aba49ae69d6c5622ff0598de541aa4d126a4a16c

SHA256
e808fc3824026ba2216c89d3eec46c8202d5eef8d47f797b4f0e7ffa4644cce2

SHA512
833d5fded349da03eff8b20bbdfffc39acf79fb813f506956e28ca064247e5cc2b0ec959f7133ea89448d2ba06d3baad7cb1f64ece37b1cdce52b69bf898c966

Download Submit
C:\Program Files\DubbingAI\VCRUNTIME140_1.dll

Filesize
36KB

MD5
ac5f3720519c641e361ee6ec12d1775a

SHA1
74634eb85c3eadfefe7bcd4520526eca266a2990

SHA256
07ac39c0043a84bd55acab926e84068a24f7824376037da8e75535c2ca7b0c01

SHA512
a024329a567c92bd3f018f9389a6f5043d7194bc26fc7569c3519208697cd84570e0e6f94c4ae34e7ce0e3bc3d26503351493127bd5aa727dd9b1eb2d84f996f

Download Submit
C:\Program Files\DubbingAI\dubbing-base.dll

Filesize
3.5MB

MD5
fc704eeb1add0c480a74a9bdcd77206f

SHA1
4447cf1216148187dc5276e5becd082ad61fa638

SHA256
295b5169b550b364554411cca0fe5c9f57bbfe36801244889dda5b74e00d8763

SHA512
cc5ddc8af7d677b5b192cb1e9a89c88708edd8db85eb134aa2f919e5003023b32daae56e098cf7822656e241887084b7c80027db39cc4f16c091261adbafbd0f

Download Submit
C:\Program Files\DubbingAI\dubbing-sdk-windows.dll

Filesize
3.6MB

MD5
5f74a32421dbbefbcb5c162da86fdeef

SHA1
0d585f6ec55c3f5c3360d174001c21b3d64fb2d8

SHA256
d41fadca0469477bf854d2a11e5726527e7e1af53c9970d11a18685107307190

SHA512
f747d11968565d176c2224fc8306f01bd97bfe6b7e0f66208ac7fd51616a4f6d81bc3d932f82f1a07c0d04da5add60da513cc7e7839e4e6d8ee77aa5f5e726ba

Download Submit
C:\Program Files\DubbingAI\libagora_audio_processing.dll

Filesize
9.8MB

MD5
934eb15b076f39cd5e0a4563d4c26070

SHA1
e8a1a75400e49ddb087e6d63236d853a3c3a4e64

SHA256
867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29

SHA512
19ef605f0364fd2bee08adfef0d69a124c5a4d58faef7f915feff49d2314929e8a6f5defefd4035ea3195d07cbc9f4214542e4c6300a27e4d4e5d6d9df94aeda

Download Submit
C:\Program Files\DubbingAI\libcurl.dll

Filesize
369KB

MD5
79da7507ead61b2b6cd2060a2ffaaa5d

SHA1
bd6aa8c56c3bba171a23d14db6e5cb60d014ad57

SHA256
aeed15aa1949050d0c2bd3b9d2d7f0af8dd2cb544ab0b7efec070da533db5a1d

SHA512
26b8d4d35c1c308b28d7447777e14acde4edbfda8c441cc89bb53b0e386e2e083d0670839324e00eea96618b0e31df2f851cedb19b63a4c2360fa938d11183e9

Download Submit
C:\Program Files\DubbingAI\libsamplerate-0.dll

Filesize
1.4MB

MD5
a3152f39f57ad9419e24978073de8f88

SHA1
5b1428bfd1a5de018d43e3f3925d2750f326ed4a

SHA256
c395fa20bb73ea23ff0b1a796b6c067cfa547e51fbedcf837b86578867d96325

SHA512
ad797813e5b4153280e39c18751756010cf00c8a05b7efb24aa28e4a3a64e6e56dbbbe665555fb17c43696b6d495f6c2bcd24e5e87d285d0430e62ea34e601c6

Download Submit
C:\Program Files\DubbingAI\libspeexdsp.dll

Filesize
128KB

MD5
65575ef949097fe2188dd5b21ea6f176

SHA1
cf1058bd18fc874ecba4b682f3aa1e1fec5bb8ed

SHA256
071feed74d724c72049c8c5d48b7e8a2a61697383d84b41d8d639346b6ae4f44

SHA512
fad8956df63535a8f716024bc102f51327694ec17b3bc26621ac89757a32bf521f78354b21a3e687b7d108908d4db63827c93b0d60718ee2142c15ed219b3da3

Download Submit
C:\Program Files\DubbingAI\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\Program Files\DubbingAI\res\drawable\DubbingAI_splash.png

Filesize
9KB

MD5
69da2fc513db63b4754f8493d8b13130

SHA1
588042efbf1677dbbe67e29b6ff6465a3bf32043

SHA256
1c5915a904c7c2a346aa58e8783dcc691e366efdebf9a750f7e410877e1cfd27

SHA512
2b76d1520a186bf398ea83fc8ba5ed001f3baf6f4af225d35d3f7a0f1fb615d97c9ef543ecbf4659440ce4230a4ed76dfdf6e0162fa4bfd6f748685a5cae54e1

Download Submit
C:\Program Files\DubbingAI\res\lang\lan_en.xml

Filesize
39KB

MD5
6ec3472da61a8ee3ad79b4642ddc2876

SHA1
cb4f1f8a4d50494e8f110f79c46612fd0fdf3e04

SHA256
ca4cb8b24f2a6d518190273dd4e53950dd396eb1b427de22bdcbb05ef274243b

SHA512
9fcb6facf98fa7ae88e46380a61d2e4e4bebc1c7ae123ab77246e8dcf568bb357706c29429a1fb1516697d75d516d2ed0aa360871df6d06c56abfd9836909d91

Download Submit
C:\Program Files\DubbingAI\res\layout\wnd_splash.xml

Filesize
169B

MD5
c6bdbd0caffe891fcdd579f09eaf1e88

SHA1
fcc30b16603d9f44cc0e4174a3d6784d1ffd11d9

SHA256
a991596e27b28ebfd6e673ef0ee7a0d5ab4af0cf1db768992b8ef174d480c803

SHA512
b93e3b07112491dc673e90a9323d7fdd47a374eb7be7b5945aea9edb0779a86208b45be343a5db3e2a0029e494d970ea95212bc5f84da69a4e81791c079c6552

Download Submit
C:\Program Files\DubbingAI\res\layout\wnd_toast.xml

Filesize
410B

MD5
fc10f47767a7c6e7c34ce222653bc1f4

SHA1
2112f7fb016ced546763562eceef6997fb174064

SHA256
10b3eb596a8e3330382c6ecb63c7d7a18e9b427a8ec6ddc36a7af8b27f807e5d

SHA512
6afd4a6bdc4a4ddec2284837f1cd02d5675ab24c5a01742a4b27ed462fe6c704be6bd7309b88dc5eec73a8ef0c07616b19d89d077f3da23102a6ed6226a09d78

Download Submit
C:\Program Files\DubbingAI\res\res.xml

Filesize
7KB

MD5
0e59aa54c198c28240d9429c93831ed9

SHA1
0aefb8dfc03d2d9618c59450e72ee0b55bbf35c0

SHA256
6e14b617728a5f06ae1d8b10248ce393dab92af8113fe11146a3f5f31e2c6466

SHA512
ece7933395f2a1dc8d9446587d84bc4f566129bd505e4941911134b7c80819232b229d38795e9ea989d6915af0174e9339020fef50518f44666b26d5c27e731e

Download Submit
C:\Program Files\DubbingAI\ssleay32.dll

Filesize
345KB

MD5
0e3630d64f2c2275e27bf8d22a0b27af

SHA1
f01b6fdaa3bc0a1c512c3d0a16ed9bf151f13cb3

SHA256
11451c44e9fd3af5763f2b24e477eb4c180984ed01bb475a8b591e27d6814f1d

SHA512
c68ce7c4ef663b5eb0493b079d216c9cff4df3be65580ccb9b95436a6e34c91d931feb6de4029bc050d11da27620311e1569280b4781c096e5e57a02b71bb96b

Download Submit
C:\Program Files\DubbingAI\zlibwapi.dll

Filesize
102KB

MD5
1a73b3d3e4467fd99936b9887ac98a6c

SHA1
071e382b801533328626c07f870f6a12287d28d7

SHA256
600a58a9d9a898955e8debcfc9e4e52eb06f01bc781bdae836f9dfe656284f60

SHA512
71acf6d1eb3dfe9e850f6665abd2aebddd693ba3f19b44b827c1ea3edd86f93f3366d16ecc7139f225bf9ce1071d07bbbcd1238a79ab58292e5c8f51bc559cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-882VM.tmp\DubbingAI_v1.6.3_09022103_Release_C_Setup.tmp

Filesize
3.1MB

MD5
a7235a5e01a445634c2e6de0e9ebfdf6

SHA1
03f500daf7cb5ce0cb82e1b6c244cd7341fa5104

SHA256
2095789bf34a4f1ca8fe74b4d508adc4c432947840658ff9155d1a30d2a036c3

SHA512
8dee0bba64bd3f0c5c20ba210284b8a8e9e587d6175fc8662b481c3ff2e8e88eabb400288cacfb7152ca2989c3593ef19eaee1be88f0bd5deb473505c8bebed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PMLJA.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Windows\Fonts\SourceSans3-Regular.ttf

Filesize
421KB

MD5
c056d313af09e05a5912778e0834bece

SHA1
f63b2573a8d85c28fbe8fc15d732e88b381faa4c

SHA256
4644c81b86ec9caaa76b634889968ed3c4f4f52f054855933acc7c2b21e53b0f

SHA512
4cfe3f262c5fd33405af5ab3dd315e291738088f569cd5bd99946dd3c9959e95898f5f1c6f6c7d23494a9b013d5475c8c954686abd560870f3339881cd158318

Download Submit
\??\c:\PROGRA~1\DUBBIN~1\AUDIOM~1\AUDIOM~1.SYS

Filesize
60KB

MD5
52d2a437987ad25f2089ab0ab72f05f5

SHA1
3bf5aef0a7b31ab8da46174a0ede8d52384d629b

SHA256
9ccc1546f7df007944af1fe77e1a7769b3b692167e065af53b0c6fa43c180490

SHA512
7a3eea971aaa250997aa0a7fc7201908f16dcd58f355c9781d31a5b96cd949a71b5f8b0f9d185ef2c4121c953229f767a649363cdaf25bb17eb51c29cfa2f119

Download Submit
\??\c:\program files\dubbingai\audiomirror\AudioMirror.cat

Filesize
11KB

MD5
8caa25db0b3e09c258435159ddb11123

SHA1
1419fddd79cf5adf908c19019d6d82875026bed9

SHA256
a7c19e8213d87f5949a4db449798997a71c3ffeca600618c607e8aac9c787814

SHA512
ea2c3fdab25fd6a69dff7f44d5aa5df39ed62108eba27b68fd4e9c2b570b851f20c4b6100626b06f30e78fbde6f242385fb4d3c48e5bfec275c871aebf3a1fd3

Download Submit
memory/620-4841-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4869-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp

Filesize
9.6MB

Download
memory/620-4849-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp

Filesize
9.6MB

Download
memory/620-4870-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4846-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp

Filesize
9.6MB

Download
memory/620-4833-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4840-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4843-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4844-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4845-0x00007FFAC9E60000-0x00007FFACA8A7000-memory.dmp

Filesize
10.3MB

Download
memory/620-4847-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp

Filesize
9.6MB

Download
memory/620-4848-0x00007FFACA940000-0x00007FFACB2E6000-memory.dmp

Filesize
9.6MB

Download
memory/3500-4681-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/3500-6-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/3500-4839-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/3500-4837-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/3500-4680-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/4704-4303-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/4704-4842-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/4704-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4704-0-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download