734a36a2ebc369e8b681969eb810e72d865ee655d66fc1d1aefe731ee52903ad

Analysis

max time kernel
97s
max time network
106s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/09/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TopazVideoAI-5.3.2.msi
Size

676.3MB
MD5

30bf2d9d8c4a774a90a24df0ac9f5a07
SHA1

06404b151a62c354e6833e4d3d330ba0e4f0d645
SHA256

734a36a2ebc369e8b681969eb810e72d865ee655d66fc1d1aefe731ee52903ad
SHA512

21ea49b41052e3082054ae34aae71347b2e1d8eab387457784ed602dcc487bd1e9bc6fa6b9707543b43a23f85e8ab6d8a7e6c6f5f8015552a3551d65fdbc99f6
SSDEEP

12582912:jfOZ6zed5FiFigKTZ51caSElTXynnEuBzgUc6UF6TDXuGTDZixfBMlPQJBo9zjCu:yDd5FuWTzClKGnEuVc6UUTD+GTdiMlPV

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	2124	msiexec.exe
3	2124	msiexec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\D:	Topaz Video AI.exe
File opened (read-only)	\??\F:	Topaz Video AI.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\tbbmalloc.dll	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\DirectML.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\avcodec-61.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\Popup.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\Menu.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\Popup.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\BusyIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\ffmpeg-utils.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\DelayButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\translations\qt_hu.qm	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\SwipeDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\TabBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\Frame.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\MenuItem.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\Frame.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\translations\qt_hr.qm	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\Tumbler.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Material\MessageDialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\login.exe	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\GroupBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\impl\SwitchIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\FolderDialogDelegate.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\tbbbind_2_5.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\DialogButtonBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\nvinfer.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\impl\SliderGroove.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Windows\TextField.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\RoundButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\MenuBar.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\Topaz Video AI.ofx	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\Menu.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\MenuBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\libvpx-1080p50_60.ffpreset	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\SelectionRectangle.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\Qt\labs\platform\qtlabsplatformplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qmltooling\qmldbg_debugger.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\scale_video.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\FolderDialogDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\avformat-61.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\WorkerScript\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\libvpl.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\decode_audio.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\oiiotool.exe	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\D3Dcompiler_47.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\ToolButton.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\libssl-3-x64.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\SpinBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\MessageDialog.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\openvino_ir_frontend.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\SplitView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6QuickShapes.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\ComboBox.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\tvai.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Layouts\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\RadioDelegate.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\opencv_world456.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\generic\qtuiotouchplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\Dialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\FileDialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Material\FileDialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\Models\modelsplugin.dll	msiexec.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\{8705DE9A-36EB-41B2-A966-E8A79973DF0A}\mainapp.exe	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFDF4F7E77CE034C3C.TMP	msiexec.exe
File created	C:\Windows\Fonts\Inter-Medium.ttf	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\{8705DE9A-36EB-41B2-A966-E8A79973DF0A}\mainapp.exe	msiexec.exe
File created	C:\Windows\Installer\DerandomizedSymbolicLinksForSourceLists\TopazVideoAI-5.3.2.msi	MsiExec.exe
File opened for modification	C:\Windows\Installer\e588af5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9835.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8705DE9A-36EB-41B2-A966-E8A79973DF0A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA538.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\SystemTemp\~DF25B4F54CEC921384.TMP	msiexec.exe
File created	C:\Windows\Fonts\Inter-SemiBold.ttf	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\SystemTemp\~DF13B499BF76439F39.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\e588af7.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\e588af5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9778.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA361.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI106.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\A9ED5078BE632B149A668E7A9937FDA0\5.3.2\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFD8A.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6A55BDB63916366B.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA3D0.tmp	msiexec.exe
File created	C:\Windows\Fonts\Inter-Regular.ttf	msiexec.exe

Executes dropped EXE 3 IoCs

pid	Process
500	Topaz Video AI.exe
2820	crashpad_handler.exe
572	login.exe

Loads dropped DLL 64 IoCs

pid	Process
5000	MsiExec.exe
4972	MsiExec.exe
4128	MsiExec.exe
4128	MsiExec.exe
3464	MsiExec.exe
3464	MsiExec.exe
4440	MsiExec.exe
4440	MsiExec.exe
4972	MsiExec.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe
500	Topaz Video AI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
2124	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Topaz Video AI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\Version = "84082690"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE\A9ED5078BE632B149A668E7A9937FDA0	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Topaz Video AI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Topaz Video AI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Topaz Video AI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9ED5078BE632B149A668E7A9937FDA0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9ED5078BE632B149A668E7A9937FDA0\OFXPlugin = "Complete"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9ED5078BE632B149A668E7A9937FDA0\VCRedist	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Topaz Video AI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9ED5078BE632B149A668E7A9937FDA0\AEPlugin = "\x06Complete"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\Language = "1033"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Topaz Video AI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Topaz Video AI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Topaz Video AI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Media\1 = ";Installer Package"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\PackageName = "TopazVideoAI-5.3.2.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\LastUsedSource = "n;2;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9ED5078BE632B149A668E7A9937FDA0\Complete	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\ProductIcon = "C:\\Windows\\Installer\\{8705DE9A-36EB-41B2-A966-E8A79973DF0A}\\mainapp.exe"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Net\2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Topaz Video AI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Topaz Video AI.exe
Key created	\Registry\User\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\NotificationData	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\PackageCode = "1F3AACDD51D496842B6491AFD8E9998E"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Media\DiskPrompt = "Topaz Video AI Installer Package"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Topaz Video AI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Topaz Video AI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\ProductName = "Topaz Video AI"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\SourceList\Net\1 = "C:\\Windows\\Installer\\DerandomizedSymbolicLinksForSourceLists\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Topaz Video AI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Topaz Video AI.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9ED5078BE632B149A668E7A9937FDA0\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Topaz Video AI.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
500	Topaz Video AI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4852	msiexec.exe
4852	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2124	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2124	msiexec.exe
Token: SeSecurityPrivilege	4852	msiexec.exe
Token: SeCreateTokenPrivilege	2124	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2124	msiexec.exe
Token: SeLockMemoryPrivilege	2124	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2124	msiexec.exe
Token: SeMachineAccountPrivilege	2124	msiexec.exe
Token: SeTcbPrivilege	2124	msiexec.exe
Token: SeSecurityPrivilege	2124	msiexec.exe
Token: SeTakeOwnershipPrivilege	2124	msiexec.exe
Token: SeLoadDriverPrivilege	2124	msiexec.exe
Token: SeSystemProfilePrivilege	2124	msiexec.exe
Token: SeSystemtimePrivilege	2124	msiexec.exe
Token: SeProfSingleProcessPrivilege	2124	msiexec.exe
Token: SeIncBasePriorityPrivilege	2124	msiexec.exe
Token: SeCreatePagefilePrivilege	2124	msiexec.exe
Token: SeCreatePermanentPrivilege	2124	msiexec.exe
Token: SeBackupPrivilege	2124	msiexec.exe
Token: SeRestorePrivilege	2124	msiexec.exe
Token: SeShutdownPrivilege	2124	msiexec.exe
Token: SeDebugPrivilege	2124	msiexec.exe
Token: SeAuditPrivilege	2124	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2124	msiexec.exe
Token: SeChangeNotifyPrivilege	2124	msiexec.exe
Token: SeRemoteShutdownPrivilege	2124	msiexec.exe
Token: SeUndockPrivilege	2124	msiexec.exe
Token: SeSyncAgentPrivilege	2124	msiexec.exe
Token: SeEnableDelegationPrivilege	2124	msiexec.exe
Token: SeManageVolumePrivilege	2124	msiexec.exe
Token: SeImpersonatePrivilege	2124	msiexec.exe
Token: SeCreateGlobalPrivilege	2124	msiexec.exe
Token: SeCreateTokenPrivilege	2124	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2124	msiexec.exe
Token: SeLockMemoryPrivilege	2124	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2124	msiexec.exe
Token: SeMachineAccountPrivilege	2124	msiexec.exe
Token: SeTcbPrivilege	2124	msiexec.exe
Token: SeSecurityPrivilege	2124	msiexec.exe
Token: SeTakeOwnershipPrivilege	2124	msiexec.exe
Token: SeLoadDriverPrivilege	2124	msiexec.exe
Token: SeSystemProfilePrivilege	2124	msiexec.exe
Token: SeSystemtimePrivilege	2124	msiexec.exe
Token: SeProfSingleProcessPrivilege	2124	msiexec.exe
Token: SeIncBasePriorityPrivilege	2124	msiexec.exe
Token: SeCreatePagefilePrivilege	2124	msiexec.exe
Token: SeCreatePermanentPrivilege	2124	msiexec.exe
Token: SeBackupPrivilege	2124	msiexec.exe
Token: SeRestorePrivilege	2124	msiexec.exe
Token: SeShutdownPrivilege	2124	msiexec.exe
Token: SeDebugPrivilege	2124	msiexec.exe
Token: SeAuditPrivilege	2124	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2124	msiexec.exe
Token: SeChangeNotifyPrivilege	2124	msiexec.exe
Token: SeRemoteShutdownPrivilege	2124	msiexec.exe
Token: SeUndockPrivilege	2124	msiexec.exe
Token: SeSyncAgentPrivilege	2124	msiexec.exe
Token: SeEnableDelegationPrivilege	2124	msiexec.exe
Token: SeManageVolumePrivilege	2124	msiexec.exe
Token: SeImpersonatePrivilege	2124	msiexec.exe
Token: SeCreateGlobalPrivilege	2124	msiexec.exe
Token: SeCreateTokenPrivilege	2124	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2124	msiexec.exe
Token: SeLockMemoryPrivilege	2124	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2124	msiexec.exe
2124	msiexec.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
500	Topaz Video AI.exe
500	Topaz Video AI.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 5000	4852	msiexec.exe	81
PID 4852 wrote to memory of 5000	4852	msiexec.exe	81
PID 4852 wrote to memory of 4972	4852	msiexec.exe	82
PID 4852 wrote to memory of 4972	4852	msiexec.exe	82
PID 4852 wrote to memory of 4972	4852	msiexec.exe	82
PID 4852 wrote to memory of 4128	4852	msiexec.exe	83
PID 4852 wrote to memory of 4128	4852	msiexec.exe	83
PID 4852 wrote to memory of 3464	4852	msiexec.exe	84
PID 4852 wrote to memory of 3464	4852	msiexec.exe	84
PID 4852 wrote to memory of 3464	4852	msiexec.exe	84
PID 4852 wrote to memory of 4440	4852	msiexec.exe	85
PID 4852 wrote to memory of 4440	4852	msiexec.exe	85
PID 4972 wrote to memory of 500	4972	MsiExec.exe	87
PID 4972 wrote to memory of 500	4972	MsiExec.exe	87
PID 500 wrote to memory of 2820	500	Topaz Video AI.exe	88
PID 500 wrote to memory of 2820	500	Topaz Video AI.exe	88
PID 500 wrote to memory of 572	500	Topaz Video AI.exe	90
PID 500 wrote to memory of 572	500	Topaz Video AI.exe	90

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\TopazVideoAI-5.3.2.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 10CADBAA562562384C2931649210694A C
  2⤵
  - Loads dropped DLL
  PID:5000
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 37BD5307CC2A866CA9A9784D79FA3517 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4972
- - C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe
    "C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe"
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:500
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\crashpad_handler.exe
      "C:/Program Files/Topaz Labs LLC/Topaz Video AI/crashpad_handler.exe" "--attachment=main.tzlog=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2024-09-27-17-46-40-Main.tzlog" "--database=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" "--metrics-dir=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" --url=https://submit.backtrace.io/topazlabs/b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98/minidump "--annotation=appName=Topaz Video AI" --annotation=appVersion=5.3.2 --annotation=email=Unspecified --annotation=format=minidump --annotation=machineId=4b97d193-1519-48e1-8d38-f3ecbe02788a --annotation=token=b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98 --initial-client-data=0x814,0x818,0x81c,0x7f8,0x824,0x7ff65b2c4bd0,0x7ff65b2c4be8,0x7ff65b2c4c00
      4⤵
      Executes dropped EXE
      PID:2820
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\login.exe
      "C:\Program Files\Topaz Labs LLC\Topaz Video AI\login" status
      4⤵
      Executes dropped EXE
      PID:572
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 7140C11A3C1913DE4A365F416661CD3E
  2⤵
  - Loads dropped DLL
  PID:4128
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5D692767FD3B93A6B7A1AFB088E60E47
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3464
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 166CE8F057D5CF4A77A966C94C5EC794 E Global\MSI0000
  2⤵
  - Drops file in Windows directory
  - Loads dropped DLL
  PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e588af6.rbs

Filesize
231KB

MD5
312d3c8e43d31ada99646b6b004c465e

SHA1
b7f90dcb6cbf9b87ec8d5966680c8eb9189fa12c

SHA256
0819a37cc9ba28fe888fc70f15d296813c6d9431c6f0f76a7358e25abc80851e

SHA512
966bd363d08c52748ca95de8d9bdef732011a6d6f796068e4cf471243f089a9ca2d2dfe2d1aafc16b528809979c4b36fda8272383928feecfacbb95faf8e1466

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\QWKCore.dll

Filesize
111KB

MD5
61119e74335ec6c141a27565e0126eb9

SHA1
d3de28bacea3b921365b42d7aa2c714d949ed7ed

SHA256
6a053c0cd8768acee34c74f6fdda4f9fc8929dab0453e3c168079e142a4556fd

SHA512
9d611908520965d30e55f2568d3f2c323776c368c41a3c9acee1d2ff945a9f838eab6a6a5d4a16093052fc8347fd1a96203bd977a1781b9ab646abf584d552d1

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\QWKQuick.dll

Filesize
47KB

MD5
0651f5c2e41ef0213ff8f4abb3fd2dbd

SHA1
d73f1bd6db8112fc1f1da5020888516d4129cb14

SHA256
78b51e3a35fdba5f3f6cf544bdab767991528dc432181209823be7ad245e5381

SHA512
6ec59bb926dce24d404e8138ce755a00575ff90e6e110a273d77872afd952ae4ceb384001fa33e2b4cbc008b224e17f00ff69089dca841e0d255eb050e074530

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Core.dll

Filesize
6.0MB

MD5
82372cfc9a3a4328f90bf954a1cbd5fb

SHA1
3ab798b2f28878b8426c531efbb52410ae6af1e8

SHA256
03de8bc94e2c8f6a91026c5b3b227f7eea5dea077312201b32d76057aaa0f72d

SHA512
51a818094ab544bad647167a77a0035990e8c544d2e7250db7e8f42dcf68fccd6b42658f3b41e83182f453bdf8b4dc17afa6d973f1c796b67448b4a7570d8691

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Gui.dll

Filesize
8.5MB

MD5
8e273e9071d0e1d351a4879493c0d266

SHA1
bce41ded0109a42dd52bc81bc3a507c95a5db8b5

SHA256
3b9b409655b99587ba3cd1bf624b9b38eaa177549c82ee4ef27dc8b7076ac83c

SHA512
07684d4105685e6417946e99b6e8a1f7557c8713793ddc00957ce4994df77f17d2590c7d5951826a285dbab006705b442a1fa1c251a81e0ac085f4f53ba7406b

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Multimedia.dll

Filesize
814KB

MD5
b4bc68ad63e9ab22de51cfa7dcfed4c9

SHA1
24fa87ce964b28a28c559f4f3248dc2b39cc9d8e

SHA256
a0a54380af21608f0bd68b51b085d39040bc8b41ce6121ba68258586e855b0bf

SHA512
5a1e2e5e548ab1093599664f603fe6e0a63ff912d77c7a13dfffef41785d81e55ac0cf419998d7f7adf73a05054d9386dd88b8b4e7d932a51e88a0b519f8ee0f

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Network.dll

Filesize
1.4MB

MD5
5566d19d04c54bde54a0b1675f1494a0

SHA1
74b6fb8b4b5c61c5d5346ab3dda1c50b6668a71b

SHA256
36f9b104e116b1e85e3f32ea05f6efb07dfb826ee2b53b8ba441f36c88966ae5

SHA512
e6f405421703efe5a8c5f9ac3f956ab93a5429e2e791df165c7bf0644affc04ba75dc11bcfbfb0f2f2a95760b3ab70308ad5c41a33f331107c1a425d8bff2998

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Qml.dll

Filesize
4.8MB

MD5
af132b27fb4b65f388f9b72c15b41d38

SHA1
f11882543cf25261bb69ef82f09df2848c737c32

SHA256
85b4a65e03c41c6e23a63293ca44657c3d2a50b78b9d01d448dc18167e9d2022

SHA512
bda6c50092e1a2ed1b2ee0e115aa1af1836d4ae75a4b9f6822aea0893e5561a1fbbf5a3003759e4fe35d31f83a0866848bbe782ad13c1e643fc84fb55fa6e403

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Quick.dll

Filesize
5.2MB

MD5
dc952c172b53ef850a42821008ee0baa

SHA1
0025f94ff6d4474882a838dcd62eaac11f2014f4

SHA256
9b49f20f52b1e02159e0256202f4c8cddd87893b021a8a2e384079e5532c38f7

SHA512
ec25c5eb8199c8a906b5aa7aa7dcc92d36321687033fd66671e7b57bebcc29a2ea279761e3acaddbab2447477f763bef5e3035c1b7ff18dfb351c86c18adea18

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Widgets.dll

Filesize
6.2MB

MD5
d519147e644c4da97846955b83b47f90

SHA1
5415ec991a8d4a1feff64f6f35a39114e89f9e92

SHA256
4244f12bd663d6b0eef9581d4cac5ef70e5084a2616ea625a8700a4c9667fc34

SHA512
0086347b1bdb98f2169fe22e8dcdaeaf15bbe1c7392160c1880d02fcb7a10f51f751d8f268b4eba8fe739f3bb4ce742076ad66148de584f66554de3fceebff05

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe

Filesize
12.0MB

MD5
1ab79c10571c11deb7808b0967387223

SHA1
f908997c9ac3035c8b0f16a8982ee7ea14e1d93a

SHA256
59e4e652315a4098d9e4ba47fee227b4fef4cb14b5e2a4d4d23901b0aed8d2bb

SHA512
5ffdf7b3f0d473ee212000e7584bac0147435ef80a918e0177ed5fe9fb224b86f8395e4192bee09691e6c3b3e17649e8016ba3c0ca69409d285ac8bfe6ff4c4e

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avcodec-61.dll

Filesize
26.3MB

MD5
5fb4ac375cb5cc691cdc8d2a6ab971bd

SHA1
454af366523272cb1053e476e8f637111a3e53a5

SHA256
725850d67d27c6690b0cf8d460398f71a708f9abb869554c7ddc937e0fd57eb8

SHA512
de1021a58afc43fee838c4745d310190587382daae00eba6d954ca16fefd8bc65cba1c867fd91c316f897aea7be496b44e53b4db847a36a9174ca9880f9dc4aa

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avfilter-10.dll

Filesize
5.0MB

MD5
329648b8a42ea88fc9eacd769b692c80

SHA1
5c5e876c52a5b771d935c34da3fdf10639b32f88

SHA256
07a8c0cd28350299affc6853233bb201580268364d7b844b6952b569f79919a8

SHA512
19a8c4506a60d745bed7f095e78e9d1b4e7e1de114f45ae726236cf8c782b4af90518429fe197f69967ee6ddc2705d09d56825dfc8215eaf8d6df66231eb5441

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avformat-61.dll

Filesize
3.2MB

MD5
cec22c608f889b4ae697f6e8c636c780

SHA1
949704ceeba0bb0132a265ab6919d7ca9c8209cf

SHA256
d79dc516b519b878431a47c5155a69dca069e4e799c9a150bb5acf1256857a6b

SHA512
12f30710608c2b45f177b94cd6e14d0753a8acccbb02ad8ef7d23c02bc4da36c9059f6a9d2255b0231edb9f8bd2fe093efe8bb9b7f7d98852265f0b6c0e34cf4

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avutil-59.dll

Filesize
1.6MB

MD5
2dffc0b5c367c7c2346de935a3629d88

SHA1
fd2139bedf5506788cf0f6d9098c3510c0371a34

SHA256
eedee78bb283fb7df98e55627678788aef36af2cec15c09610fee1a18fdd7049

SHA512
6e844b0aa5c1c81fab4128129d8e1176d98e5d084e50c0e5e2f864bb60b89bd53f652db88bfadd6bdc58874f0bc4b299cf5349db082be06361255ff88f2bf134

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\cloudprocessing.dll

Filesize
585KB

MD5
83a38c5290fa5ecc4c6e299134f9ce05

SHA1
51b8909f8a7776164d8da6fb957d5683ceb5e4be

SHA256
605d23e6ac587d17ef799139d524f98ddfbd1cc416d080383cc5abfbb2862f0c

SHA512
a6b5e0a0fc276d91997bae5f51a383a5f8e37c695227765a491f959331c5d9f9c5222d74c0373912e2d603c69deffc7e210d9016e3ae1fb6001410ebee4d1bb9

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\libcrypto-3-x64.dll

Filesize
5.9MB

MD5
fe3e5a04f1fa1ac0cac4d081b9169d25

SHA1
767d9772b08045a22c4f1414ebe38c66b85e2397

SHA256
94a49fbba502f08bb941b59775d885c9f24d38051bfc3b00c2572016829d27ac

SHA512
17bcf531d26ce4bdba5dcf4112e782f78ceff3a863eb236c9b1e451a9006ad77096ef5220fe5bc1b1eaf48c158d0f14af7459f04c414dd6f1d114f4b45399584

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\libssl-3-x64.dll

Filesize
768KB

MD5
ab108fc22c3aa085b41a20ee0c15a0f5

SHA1
96487f98a21c78562459623269a303e253b9cafc

SHA256
bade610a3794a22ff871f5e277231e5e113badf0b95a284552a726221655efc6

SHA512
0b96ebf2c29ad667ec8d934a56d7e32700e0fb38cf80288e0b5d3be2b04b7debaee33d21a05b883f4fb7fafa67298fe8309e47417206f0f4cfda22d5e170ba6a

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\opencv_world456.dll

Filesize
25.2MB

MD5
147e49069e5dd0e282586b18ae47b40c

SHA1
a9c3ab744bf4b4c73a744d8d3cb85bc85e2d0326

SHA256
748be73b1dd6e5c22b3ec6d1e9197db1081b905efadae6a11a1c3792c678e329

SHA512
5bd8186825f3168861becd84a9d68482853f20c71b417abc323156a872f7a9591a1f40e91f0f4f691555cc198df7c8a6f036623273cee5ad3d91c8afb0dcb8b8

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\swscale-8.dll

Filesize
1.1MB

MD5
7d446ba45e03e589faf4a9e7eea637f0

SHA1
eb86d98eddecf83ecbcc514198be179b023ee458

SHA256
916891cdb28e4f9f2b984fb30ec6cd99649f8255b1f94916784393b0a9d5bd0f

SHA512
185788bca0f55f50c960bed3e9fe66d90f2198f96992b0a5ecbd696f1bc5a08048d9aecdc4b3b60d6acfa90c18e8f133d0ec558453f65493dd5850251cff995d

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\videoio.dll

Filesize
519KB

MD5
bf6e885c9b9da9724e3b66cc7feb8142

SHA1
d736726c73175c35d8c0a16291f4ca1faa3fce82

SHA256
c2ffd0b3d6e84645143f87c67249dc9e2e506f7e6bc8ad80528ebf6697ca88ad

SHA512
98606ecb8385468a905aa20629e604f80ecf5be3d4b91b678f156c07ecb4093542b6a86175ae71e2fe25fb9bcc57d97879a4a8361e50db0b27d6fc65e48ae04a

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-1.json

Filesize
17KB

MD5
a4d4bf4774a28073b2956b02d463067a

SHA1
8a75246c634ed6d7921bb40ec0c956fc5448b6fe

SHA256
db132914558bcf4c0652d224128e206f7a3dec9df3dc3e31e247af02edc4a75c

SHA512
482dae8659fbf08dd0a3e010893a00b313afb287138b706406566d99ffc20403e3c324d246b8f89fd45fa858505a271c880009b0955e273d4a31e72e7143315b

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtvs-2.json

Filesize
16KB

MD5
145a5494ff51f8c4a8c209f31a98a5e4

SHA1
493ed36e8bf2727c8de4c45890b33310dad17144

SHA256
615b2cc830a891777175a9321eb9c6b9bedc777343ef1e4f0164309c094d79bf

SHA512
2e5bdbe040ebb8038c6a3dd901f2dcfe720a95e15715a2756e7a157b876e8a118be593a3b344e464657cc6f87a949ad2c4e79302b35f2e3a33a187e5b89a7191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
de65f746c23b98635cfcde2a14b5734e

SHA1
fb127faee607e73b75027ff219fd311ba3d2a154

SHA256
ad7354e08d296817d6946a4e66dcc35c00e62e57aaec1b3d83cc9b17fa7e612d

SHA512
634dbcc86e3c25744f65879b461151fa3c8dfd6b562810352020c6f8364a0efe2a86518b00208c1c5f9e4dd53180ff16d6eca9cabc65c68b36e9e855b222afd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
727B

MD5
77917947ea05f5afbdb132b543954802

SHA1
2f79f3f191a06863940f204cf7ea18a8209c330c

SHA256
d729141e1457b2e21c08a37776fd58e8ff305f7940c1452ce1cd6b80f81c24a0

SHA512
274472abad53e7c04350a2dce06e8557694d3749baf1be36d5be3ccc1b9ce017c71c19e6e76f09f9ccbbb2b4d19015f68d826cd07ca8a741480bf6a0003ff363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
9afe06d446f0a065af01c048cbddc393

SHA1
8fafc942adfc79cb9c0b86b39516ce2fb01bb3b3

SHA256
e231799c5142390fcc9633c021efcf9ecb58420da4a22163e8136eca0d93355b

SHA512
69e76904187b8457c55ead8a6ce1444f9b900536d22143c5cacebd5c343216aead5f84b6e6b9f46e3a8ccdd9b3cc98bde775f1961cb8b433cb17cfc299406279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
d56e634b15e6673f4b16f8ad86bd1149

SHA1
c8a8962603df2fc4250d51f8e9442dddd2e6a9bf

SHA256
2d7d052c0f6fb5f14dcecd370cb7c22fc0a9dd4ef6f8fe9c8cb0d9ec64f99b67

SHA512
c7ee6a55600ebb658e4dd1f5f4019a232e25b1e819b16cfd5436ec038368f1d1fd9b5df87cda2b1c06ed39af449915531b9283f742e9c814cf4f4f0ccbd13942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
404B

MD5
3e4801253ca61efe0337ba1d1413074a

SHA1
3da4578b965f45da860d86087ba189e4a075cf0f

SHA256
6f37d92bd81d475feec14111e68e74de363c7475cb319c1d677a66d5ef461591

SHA512
a6fe0c923ab864048ac33ab2843d3cd0c0949951fb8858970e97229b1023e8265c90d0a2df41eb36f65987685a2da1d312dc7be60b47eef82eb55b8e4bb59e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
63af2cbe6a0fc7fe2b38c663a64065f8

SHA1
f4c139ac81bbd5b93e4bfcd924f8c8c71626a1b9

SHA256
ce54eb2896e5cc78de079de96d297a2ab6403c179f16ad65c85de7fcebb655df

SHA512
ab1617b56182bebdd9d7e2b41546a91e9a9e59623fb0e20090c9735e9cd5e0727012312dd8b243fa4b74abb8e38833a527d08152cd057ee51495745627d38a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7ED1.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE927.tmp

Filesize
1.0MB

MD5
0fba69949edf06f59edb0803563f03b5

SHA1
4f8e5c2f7f928a2b56b75372da5691df33b4fb23

SHA256
b341479d95ec9d03791f967d87f9b38f713806a7044a0c0cdca7eefcbfb63562

SHA512
5aa8c7a50bdb48ab2121a91d7b5d3552cfdead3a2b380bd7c21a3d81f9c2f96b7b07e7be893c02ea3c40b1a39a8218ed4c943365bd44c3bb8b356ab0df71fdfb

Download Submit
C:\Windows\Installer\MSIA3D0.tmp

Filesize
234KB

MD5
8edc1557e9fc7f25f89ad384d01bcec4

SHA1
98e64d7f92b8254fe3f258e3238b9e0f033b5a9c

SHA256
78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5

SHA512
d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

Download Submit
memory/500-1547-0x000001F75D6E0000-0x000001F75D6E1000-memory.dmp

Filesize
4KB

Download
memory/500-1527-0x000001F75D270000-0x000001F75D271000-memory.dmp

Filesize
4KB

Download
memory/500-958-0x000001F75AD10000-0x000001F75AF12000-memory.dmp

Filesize
2.0MB

Download
memory/500-955-0x00007FFB35340000-0x00007FFB3596B000-memory.dmp

Filesize
6.2MB

Download
memory/500-1507-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1506-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1548-0x000001F75D6E0000-0x000001F75D6E1000-memory.dmp

Filesize
4KB

Download
memory/500-1551-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1550-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1549-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-954-0x00007FFB34910000-0x00007FFB34E53000-memory.dmp

Filesize
5.3MB

Download
memory/500-1545-0x000001F75D6C0000-0x000001F75D6C1000-memory.dmp

Filesize
4KB

Download
memory/500-1544-0x000001F75D6C0000-0x000001F75D6C1000-memory.dmp

Filesize
4KB

Download
memory/500-1543-0x000001F75D6C0000-0x000001F75D6C1000-memory.dmp

Filesize
4KB

Download
memory/500-1541-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1540-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1539-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1538-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1537-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1536-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1535-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1534-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1533-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1532-0x000001F75D6B0000-0x000001F75D6B1000-memory.dmp

Filesize
4KB

Download
memory/500-1530-0x000001F75D270000-0x000001F75D271000-memory.dmp

Filesize
4KB

Download
memory/500-1529-0x000001F75D270000-0x000001F75D271000-memory.dmp

Filesize
4KB

Download
memory/500-1528-0x000001F75D270000-0x000001F75D271000-memory.dmp

Filesize
4KB

Download
memory/500-956-0x000001F75A8C0000-0x000001F75AD02000-memory.dmp

Filesize
4.3MB

Download
memory/500-1525-0x000001F75D260000-0x000001F75D261000-memory.dmp

Filesize
4KB

Download
memory/500-1524-0x000001F75D260000-0x000001F75D261000-memory.dmp

Filesize
4KB

Download
memory/500-1523-0x000001F75D250000-0x000001F75D251000-memory.dmp

Filesize
4KB

Download
memory/500-1522-0x000001F75D260000-0x000001F75D261000-memory.dmp

Filesize
4KB

Download
memory/500-1521-0x000001F75D250000-0x000001F75D251000-memory.dmp

Filesize
4KB

Download
memory/500-1520-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1519-0x000001F75D260000-0x000001F75D261000-memory.dmp

Filesize
4KB

Download
memory/500-1517-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1516-0x000001F75D250000-0x000001F75D251000-memory.dmp

Filesize
4KB

Download
memory/500-1514-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1513-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1512-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1511-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1510-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1509-0x000001F75D240000-0x000001F75D241000-memory.dmp

Filesize
4KB

Download
memory/500-1505-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1504-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1503-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1502-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1501-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1500-0x000001F75D040000-0x000001F75D041000-memory.dmp

Filesize
4KB

Download
memory/500-1560-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1559-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1558-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1557-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1556-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download
memory/500-1555-0x000001F75F780000-0x000001F75F781000-memory.dmp

Filesize
4KB

Download