f002752c85cbda6371a3d68916a74e1186270cd3783bf552db4dafe29cb17c0e

Analysis

max time kernel
139s
max time network
201s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17/10/2024, 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TopazVideoAI-5.3.4.msi
Size

676.4MB
MD5

a13523c5b43d371a6791d32bd67e55db
SHA1

359d05200cdc797abb09640b63b8f82cf0472bb2
SHA256

f002752c85cbda6371a3d68916a74e1186270cd3783bf552db4dafe29cb17c0e
SHA512

2a29aba7497da31e433b251bfd476374abaafc37c8f7464971af9d539d10a6e7c4bd263edfa1f9831cd375616dfc3daed690f3d6f72cc6e355890b20490fd839
SSDEEP

12582912:0j2ZWz2d51iVGgefx5xYa+gFb3mHbYu/d+0CKEF+xDFqMV9DYzpRcFPgBBwZ7jU2:/jd51i2f7KtGCHUubCKE4xDwMVNY0FPR

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	956	msiexec.exe
4	956	msiexec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	Topaz Video AI.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\D:	Topaz Video AI.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\ToolSeparator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\MenuItem.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\ffmpeg-utils.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\Frame.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\ItemDelegate.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\libcrypto-3-x64.dll	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\opencv_world456.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\RadioButton.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AI.ofx.bundle\Contents\Win64\tbbmalloc_proxy.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\FolderDialogDelegateLabel.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\OpenImageIO.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\BusyIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man3\libswresample.3	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\TabBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\Qt\labs\platform\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6QuickTest.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\Drawer.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\openvino_onnx_frontend.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Layouts\qquicklayoutsplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\Frame.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\WorkerScript\workerscriptplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\Models\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\Pane.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\Models\modelsplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\translations\qt_nl.qm	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQml\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg-protocols.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\RoundButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\Pane.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\FolderBreadcrumbBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\CheckDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\translations\qt_ar.qm	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\iconengines\qsvgicon.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qmltooling\qmldbg_preview.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\aiengine.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\DialogButtonBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\qtquickcontrols2imaginestyleplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Dialogs\quickimpl\qml\+Universal\ColorDialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\ItemDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtTest\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\ScrollIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\SplitView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\libavformat.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Widgets.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\SplitView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\ToolButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\Dial.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\ToolBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\NativeStyle\controls\DefaultTreeViewDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Imagine\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtMultimedia\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\RadioDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man3\libavdevice.3	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\tvai.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Material\MenuBarItem.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\ToolTip.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\generic\qtuiotouchplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Fusion\RadioButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\Calendar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Universal\impl\CheckIndicator.qml	msiexec.exe
File created	C:\Program Files\Common Files\OFX\Plugins\Topaz Video AIframeinterpolation.ofx.bundle\Contents\Win64\tbbmalloc_proxy.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qml\QtQuick\Controls\Basic\MenuItem.qml	msiexec.exe

Drops file in Windows directory 45 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\Inter-Regular.ttf	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\e57daa1.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC0D788BDCEEA33E0.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4D94.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE80E.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E0869EBB-A9EE-4B6B-B32C-AA47B8476FA3}	msiexec.exe
File created	C:\Windows\Fonts\Inter-Medium.ttf	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\{E0869EBB-A9EE-4B6B-B32C-AA47B8476FA3}\mainapp.exe	msiexec.exe
File created	C:\Windows\Installer\e57daa3.msi	msiexec.exe
File created	C:\Windows\Installer\e57daa1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF291.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF3DA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\SystemTemp\~DF739674EA085E13B2.TMP	msiexec.exe
File created	C:\Windows\Fonts\Inter-SemiBold.ttf	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE86D.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C3C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI50C2.tmp	msiexec.exe
File created	C:\Windows\Installer\DerandomizedSymbolicLinksForSourceLists\TopazVideoAI-5.3.4.msi	MsiExec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF391C61279E8CB41E.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF241.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\BBE9680EEE9AB6B43BC2AA748B74F63A\5.3.4\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\{E0869EBB-A9EE-4B6B-B32C-AA47B8476FA3}\mainapp.exe	msiexec.exe
File created	C:\Windows\SystemTemp\~DF589261DF2EC04228.TMP	msiexec.exe

Executes dropped EXE 3 IoCs

pid	Process
5108	Topaz Video AI.exe
3128	crashpad_handler.exe
4868	login.exe

Loads dropped DLL 64 IoCs

pid	Process
3272	MsiExec.exe
4184	MsiExec.exe
4552	MsiExec.exe
4552	MsiExec.exe
4552	MsiExec.exe
4552	MsiExec.exe
1536	MsiExec.exe
1536	MsiExec.exe
1536	MsiExec.exe
4184	MsiExec.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe
5108	Topaz Video AI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
956	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\ProductName = "Topaz Video AI"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE\BBE9680EEE9AB6B43BC2AA748B74F63A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBE9680EEE9AB6B43BC2AA748B74F63A\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Media\1 = ";Installer Package"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBE9680EEE9AB6B43BC2AA748B74F63A	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Net\1 = "C:\\Windows\\Installer\\DerandomizedSymbolicLinksForSourceLists\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBE9680EEE9AB6B43BC2AA748B74F63A\OFXPlugin = "Complete"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBE9680EEE9AB6B43BC2AA748B74F63A\AEPlugin = "\x06Complete"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\ProductIcon = "C:\\Windows\\Installer\\{E0869EBB-A9EE-4B6B-B32C-AA47B8476FA3}\\mainapp.exe"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\LastUsedSource = "n;2;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBE9680EEE9AB6B43BC2AA748B74F63A\VCRedist	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\PackageName = "TopazVideoAI-5.3.4.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Net\2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\PackageCode = "B6A92B37D543A344998799454D6BEA61"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\Version = "84082692"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBE9680EEE9AB6B43BC2AA748B74F63A\SourceList\Media\DiskPrompt = "Topaz Video AI Installer Package"	msiexec.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Topaz Video AI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Topaz Video AI.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5108	Topaz Video AI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4556	msiexec.exe
4556	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	956	msiexec.exe
Token: SeIncreaseQuotaPrivilege	956	msiexec.exe
Token: SeSecurityPrivilege	4556	msiexec.exe
Token: SeCreateTokenPrivilege	956	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	956	msiexec.exe
Token: SeLockMemoryPrivilege	956	msiexec.exe
Token: SeIncreaseQuotaPrivilege	956	msiexec.exe
Token: SeMachineAccountPrivilege	956	msiexec.exe
Token: SeTcbPrivilege	956	msiexec.exe
Token: SeSecurityPrivilege	956	msiexec.exe
Token: SeTakeOwnershipPrivilege	956	msiexec.exe
Token: SeLoadDriverPrivilege	956	msiexec.exe
Token: SeSystemProfilePrivilege	956	msiexec.exe
Token: SeSystemtimePrivilege	956	msiexec.exe
Token: SeProfSingleProcessPrivilege	956	msiexec.exe
Token: SeIncBasePriorityPrivilege	956	msiexec.exe
Token: SeCreatePagefilePrivilege	956	msiexec.exe
Token: SeCreatePermanentPrivilege	956	msiexec.exe
Token: SeBackupPrivilege	956	msiexec.exe
Token: SeRestorePrivilege	956	msiexec.exe
Token: SeShutdownPrivilege	956	msiexec.exe
Token: SeDebugPrivilege	956	msiexec.exe
Token: SeAuditPrivilege	956	msiexec.exe
Token: SeSystemEnvironmentPrivilege	956	msiexec.exe
Token: SeChangeNotifyPrivilege	956	msiexec.exe
Token: SeRemoteShutdownPrivilege	956	msiexec.exe
Token: SeUndockPrivilege	956	msiexec.exe
Token: SeSyncAgentPrivilege	956	msiexec.exe
Token: SeEnableDelegationPrivilege	956	msiexec.exe
Token: SeManageVolumePrivilege	956	msiexec.exe
Token: SeImpersonatePrivilege	956	msiexec.exe
Token: SeCreateGlobalPrivilege	956	msiexec.exe
Token: SeCreateTokenPrivilege	956	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	956	msiexec.exe
Token: SeLockMemoryPrivilege	956	msiexec.exe
Token: SeIncreaseQuotaPrivilege	956	msiexec.exe
Token: SeMachineAccountPrivilege	956	msiexec.exe
Token: SeTcbPrivilege	956	msiexec.exe
Token: SeSecurityPrivilege	956	msiexec.exe
Token: SeTakeOwnershipPrivilege	956	msiexec.exe
Token: SeLoadDriverPrivilege	956	msiexec.exe
Token: SeSystemProfilePrivilege	956	msiexec.exe
Token: SeSystemtimePrivilege	956	msiexec.exe
Token: SeProfSingleProcessPrivilege	956	msiexec.exe
Token: SeIncBasePriorityPrivilege	956	msiexec.exe
Token: SeCreatePagefilePrivilege	956	msiexec.exe
Token: SeCreatePermanentPrivilege	956	msiexec.exe
Token: SeBackupPrivilege	956	msiexec.exe
Token: SeRestorePrivilege	956	msiexec.exe
Token: SeShutdownPrivilege	956	msiexec.exe
Token: SeDebugPrivilege	956	msiexec.exe
Token: SeAuditPrivilege	956	msiexec.exe
Token: SeSystemEnvironmentPrivilege	956	msiexec.exe
Token: SeChangeNotifyPrivilege	956	msiexec.exe
Token: SeRemoteShutdownPrivilege	956	msiexec.exe
Token: SeUndockPrivilege	956	msiexec.exe
Token: SeSyncAgentPrivilege	956	msiexec.exe
Token: SeEnableDelegationPrivilege	956	msiexec.exe
Token: SeManageVolumePrivilege	956	msiexec.exe
Token: SeImpersonatePrivilege	956	msiexec.exe
Token: SeCreateGlobalPrivilege	956	msiexec.exe
Token: SeCreateTokenPrivilege	956	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	956	msiexec.exe
Token: SeLockMemoryPrivilege	956	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
956	msiexec.exe
956	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5108	Topaz Video AI.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 3272	4556	msiexec.exe	80
PID 4556 wrote to memory of 3272	4556	msiexec.exe	80
PID 4556 wrote to memory of 4184	4556	msiexec.exe	81
PID 4556 wrote to memory of 4184	4556	msiexec.exe	81
PID 4556 wrote to memory of 4184	4556	msiexec.exe	81
PID 4556 wrote to memory of 4552	4556	msiexec.exe	82
PID 4556 wrote to memory of 4552	4556	msiexec.exe	82
PID 4556 wrote to memory of 1536	4556	msiexec.exe	83
PID 4556 wrote to memory of 1536	4556	msiexec.exe	83
PID 4184 wrote to memory of 5108	4184	MsiExec.exe	85
PID 4184 wrote to memory of 5108	4184	MsiExec.exe	85
PID 5108 wrote to memory of 3128	5108	Topaz Video AI.exe	86
PID 5108 wrote to memory of 3128	5108	Topaz Video AI.exe	86
PID 5108 wrote to memory of 4868	5108	Topaz Video AI.exe	88
PID 5108 wrote to memory of 4868	5108	Topaz Video AI.exe	88

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\TopazVideoAI-5.3.4.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:956

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 250F1FC3525F61CE4049740BD8B0A78A C
  2⤵
  - Loads dropped DLL
  PID:3272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 61D8DEF550D34A26285C14752F755781 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4184
- - C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe
    "C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe"
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5108
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\crashpad_handler.exe
      "C:/Program Files/Topaz Labs LLC/Topaz Video AI/crashpad_handler.exe" "--attachment=main.tzlog=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2024-10-17-12-42-52-Main.tzlog" "--database=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" "--metrics-dir=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" --url=https://submit.backtrace.io/topazlabs/b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98/minidump "--annotation=appName=Topaz Video AI" --annotation=appVersion=5.3.4 --annotation=email=Unspecified --annotation=format=minidump --annotation=machineId=efdc4609-d947-4be0-b0f4-e56701f439f5 --annotation=token=b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98 --initial-client-data=0x818,0x81c,0x820,0x814,0x828,0x7ff6af2c3aa0,0x7ff6af2c3ab8,0x7ff6af2c3ad0
      4⤵
      Executes dropped EXE
      PID:3128
  - - C:\Program Files\Topaz Labs LLC\Topaz Video AI\login.exe
      "C:\Program Files\Topaz Labs LLC\Topaz Video AI\login" status
      4⤵
      Executes dropped EXE
      PID:4868
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 471307AC82F2217F632227A8635FDEF9
  2⤵
  - Loads dropped DLL
  PID:4552
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding BDE384380A7260A328F71F54AF22BC73 E Global\MSI0000
  2⤵
  - Drops file in Windows directory
  - Loads dropped DLL
  PID:1536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x0000000000000484
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57daa2.rbs

Filesize
231KB

MD5
7b9cd27c3d59f9e5a319df4d86e34574

SHA1
fabf0b7fb1b38430142ac9b71b16ae0e3c286991

SHA256
de21eac360e7695450c049721ae857891dc39e9a343a0c801d911898662effb5

SHA512
873b8aa4a63848d8bcd8bbd6ea954f1dc42b89edf501a39c90faf6ad39f8419df907801ab0515c075620603d969f06fa91c498e3fe2bf9f6de77e8192c44f00a

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\aaa-10.json

Filesize
15KB

MD5
1610854027fc71a76df7167339dde9b8

SHA1
e8563d6f42b1835a058bcc58ed440f5fdb5952d4

SHA256
0399ac6728d5e1be09657fe1662a6a8749da42c126a2c15c8150f0291fec1ec2

SHA512
df20826a27792474dfeae5820ca84d6d9100ac42a587552696af99fcbeba7ac85c918d93c9f5dacdc5414334a2041ab15282d020de91873944d3b4ef5a4fda7b

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\aaa-9.json

Filesize
16KB

MD5
0d1081b4a3dbeca79b7baaa902e98a6b

SHA1
73f28a30c69fc95ae72f70249df4f62537b8ecfa

SHA256
4ae91c274902484463c53897aac04ace84fcdc30824999fbc202c1e276de1715

SHA512
527c87edceffa0151aa48f56a88005f9134b3f52768f30b36ce5be2cb86f0cc6eb774aee00f6f094c48f8b46d8771c2a496e9c3dbf5753969e65808db24e0acd

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ahq-10.json

Filesize
16KB

MD5
b75b78c0e10f0d1835c6e0c539f42be8

SHA1
a841b606fcb8b1349717eb84d5a80ddb4118c320

SHA256
36dc97d474febe9142e4b2525c725ec07198b6e8c44bab314358836527153345

SHA512
ca7e5c38dd3545c7caab95879ea1a2f0275461ddbe8b0f814f7a1f81ec93ae31359189758c334855caa3848b1eaac4569b08ed3b30d227f080aa9556279a591a

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ahq-11.json

Filesize
16KB

MD5
e4eeaf36b102ab7a3c666a216133a2ad

SHA1
b5b798e58035416012168768b11bb0b0dbd6a918

SHA256
1836feeacf231b57d46d9cbed760b70fb273c94cc87e052fb10ab7c8350b4cb6

SHA512
35ee5da512381a70718896e10a2990ea3c98058031be0b2104c975310ce3512507504ee5d9b781e9a242b57770c6d8dd51f87bf835da0c1825158f4595481f98

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ahq-12.json

Filesize
15KB

MD5
bcfaae93e32666a6bfeb5bd62a5cd408

SHA1
8ef62d0a95f8ca511521efe23133bf31dbaef7b4

SHA256
96cfaf32c4d3d18468c8da244145e05c740b79e03edf30f7312e148a1e373357

SHA512
d594868b248d4b7c9630adc4262c803fdb211031b718bb1149c2d775ecf4899ea4ddd7ad577c320b9e9cff13330f629c4db5a60e2116a8fad866e7f330e4f261

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\aiob-1.json

Filesize
3KB

MD5
0a88e12fab493f179e0ede27497c1515

SHA1
bffcb270bec3ebcc9b7d43357f1f7e6675b743e1

SHA256
9aa197d49597b4029000785b9eee8165a0dac3cc1e6652b40741e47f5a1a240a

SHA512
b954287025e90568eb3429fe739fae9a921fdac510ffff67f4e439b01be06fc0658f82db0001d3566d7a96824d211596825b74cd07d7f1b7101c61cc44679811

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\aion-1.json

Filesize
3KB

MD5
c832cfdc8357e96f7712007268f23479

SHA1
de1e62480159978ce68e52a1fe77b4b2f302562d

SHA256
612bcff872084f9cd29508d77e3e88a27c83d26b8914308bcc9a653343783f75

SHA512
4b7625d2f48d43a1780109ddda830f8c17303518376ff1f9cecfab0dd1707e620f69d474a414e14f2f88029b2ba0205442976cd7b4e0249e7ea741fdbe7c4b62

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-10.json

Filesize
16KB

MD5
5efe764232a292abbf644da2fe6efa90

SHA1
bf12545035e54969c3711b0425444a39286e97e8

SHA256
3292cb0b65e4e754a89aec2183b352da6eb53df3fc7940ca84f19160cf204c57

SHA512
ac29f31559828bcee57c5a00209070592566d92c4816da453805732143779e286472aacbbc2e2c6fe99388cb42f9ca62ebc58fff48ebc79e228a87d7a0155627

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-12.json

Filesize
16KB

MD5
d23f1d42181982faa4e48cdd0b48650e

SHA1
861249a5948b8f8f434375d9dd3ebaf7c7093967

SHA256
3e1e9d2f48b7211d922c354fa7fcb7492f37ecaf33cd3868779dc2af55d4f8ac

SHA512
34384b21aca9d6373ecbba6b31375dad3c34daf5b5d20535d7851c4f6c952a52b0ef27f2d0071f05d626511581c954f8c5f676338d35ee7b01836fee2a3008e9

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-13.json

Filesize
15KB

MD5
1f8823a728afae14330023e9a29e7011

SHA1
b663d6dc0b2aed97d57b9e3c35c2eb4563f9e6d7

SHA256
05120e787e47c9dd873b6a90fdee90f539535a746b0321369511a10bd4b52755

SHA512
19d5ba1a1f3b6bf6b733980bf241c28a7c5e3722568990e57f245491ff586a83d987112dc4586bd629cf3112ed5e41c8552d34e2378283feaebf1501738c915a

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alqs-1.json

Filesize
16KB

MD5
7a7d4bac805bfa090eb67134ec0a679e

SHA1
10dd84bdc6451bfcdbc3572b916b2f8becdd2ba9

SHA256
d505ae55bbcea8f448af7b8f3c6f9cf89dd7641cf4b072f85c6ae5a03ea11d3a

SHA512
b97f08883930f4904c72fcc2e83d7dfc0fcde43f6280a9ba0bb61fb9c1d8500ee7766dd892093f5827410add657e6fd2a3d9de34465f09b41439288634695e62

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alqs-2.json

Filesize
15KB

MD5
cb5aff330f5d6cd7e2b03da4c24ffbbb

SHA1
2166c2bcfe096217c6b96dcd6bb70a3674f3b7db

SHA256
1881b9c9eddb157b802dd36c8edc65ad05cdccd2ba681bf1443ab61accc7c184

SHA512
8bb05d9e6255deeb611cbd55ed04ca8cfa3e9e75df7becba944931717e91a067f866e77bd2bf5bb717af421b0062d6b9f8c1c89d2cb811a14547893b947ded33

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amq-10.json

Filesize
16KB

MD5
0a5c32e14442df5039f9a52c1a4e1bb9

SHA1
b56bbdc02d2cf55417086c222d697620925b2aee

SHA256
73884f0d47655a631e3ab1d6182416810968c196b165a499ff12a519759075b5

SHA512
535d6be3e177b1437800ddcc71d26cd2aa75b268aed183e5881fe418699d68e6af768a524b9417260a31abddc0418bae87dfa6501fca6921484509a952eebce4

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amq-12.json

Filesize
16KB

MD5
730f7220aa524f1bb4dc27c3dde436cf

SHA1
a9ea35b837b7fa7501b673344b427c7da2eec17d

SHA256
bdcf1ca9ed576ce36887070bc917bf114d7bc25adeac1bd9675945ca339ccfb6

SHA512
749c47be319cee025274f3a13cdc2be90f39dccb2cba365e0a447453322ccf5ea40e5b3ddb7ca2b539d6cbe93ea038543a9d49ea11c664756a0bcc0bce5cfdec

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amq-13.json

Filesize
15KB

MD5
a980b9d7f559a391c142165d1df9f8a6

SHA1
a0d792e770163c70dbe3ea98f86c6f2dd829833f

SHA256
b2130bd95b7ba455e042ccc3265397052cf81c5acbbf0782eefd948c274e7252

SHA512
caba558ec1831fd3b5ead05f77df692bd26ac378f2a7e702580e424bfeaef00b7402a648b7e296ce98d232b28acd26c36668da3ff44434ad88c2fce39c7a8df9

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amqs-1.json

Filesize
16KB

MD5
a4c4b31c497be8b9bdb41550c3d69330

SHA1
c9b65d79f79d0bc9076e39501b7610d67c0a85b1

SHA256
fc2d3c287aa078a195bf6192600a689a686750df5ce80ec73d50b1a30bcd68fb

SHA512
bbee351854445e51af1acdfc4f6271f77914799c679266c3ccd1757bad3278419febb5453d21537ed6cbb00fbdd71a9dc9152cd35d879c1048b9f781ae7c9ab8

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\amqs-2.json

Filesize
15KB

MD5
2676ca678c429d7b6ec492bfcee70d37

SHA1
c589df32510dabf072201dd5d184dde0efdb1812

SHA256
6daad44517f48d52ef9745f1dcedddc4445bc01fc0094ebfe3152ff82ca125e2

SHA512
7b12a6043c873b2e442d75f599d44bd18b830e0793497c1611a082ebbee4831436c1ca77a5f90c55d75da84eff2a9ae29a260bee1722c33af53a0aca2360d398

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apf-1.json

Filesize
7KB

MD5
2a1f74958c7f0e99eb33c9abb420b362

SHA1
217ba5788c0f0e1ab6f184308fb094c569400895

SHA256
91edf7ba0031535455b5086fe63f752ad729bfb4a7db21fd476b9bb699c52361

SHA512
ad5f440b4e5a36a1c1b9305c924bda4851ee98b0078dcb5dd826fbe03905096713add4d094af596a689935653249f440b584f2f7f4500d3271d2dd313f4c92b1

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apf-2.json

Filesize
5KB

MD5
aa984cd18d40fdaf3edd271c666be0b8

SHA1
094d91b52f32b98f944fd712126a64f17b7c300c

SHA256
0e8ba99ccb1bf568e1df2ce96996e2955134824c412d680239f70af906686fcf

SHA512
119bd6710c33d5ebb8b45350d4d742cc052002fa45b1cb16f5039a2a601310f7674d2547738df14cfd3bdd2ee17a39994680a9ad726c53d663085f84d2f7b6d0

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-5.json

Filesize
6KB

MD5
f8bebf7bdfd5b785b130d9a9d55efc1d

SHA1
8e58ac923790310fe14027add261f30c87da8cf8

SHA256
7af23e45c8dc4513f59b3d3106d4cf744c66a3fc51d89c79cb9b75c8f3d92619

SHA512
590258c29b07739129a04fc0cddfd30ef30d973bf6295ae590bc9248f0b8d2b0be2597161ebcebacf31c2b5870c6ebf761aa112697cea067e723aa8b374d7403

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-6.json

Filesize
6KB

MD5
138e7de0526469f6fe30be3a7a916da1

SHA1
f57986d034af2cad48f18c0731dc7e1bb41ecdaf

SHA256
9d792af085369c9aac64f8f058054b4f1a1191884bf649d26bd6702d94569948

SHA512
a61b7d1b00bc94026d0b3a3869c40791c950820efe704694afeba9b7506585fbb4c10ead520afeae42293b2b7be82fb179e1c29339c0efcd498b03a55dfa2b3f

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-7.json

Filesize
6KB

MD5
3f2fafd095c8089f10d0d9fb26fa6c9e

SHA1
53ab664ecf33b88d5ff002cafd4c28c37a19a543

SHA256
288de57ed3791709f6871cccdb0e033f97fb4f1d8d8459786385e2c7216134be

SHA512
1784b98d41450da47014c5e956efdc81cf64439d0151dcba6ee4c46c65d1aba87a588ec7d3790301a876a47f4a23a647ebaa9e3e77a6e6d496f73b8b79aec574

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\apo-8.json

Filesize
7KB

MD5
24fffa520cd11fa736dc05d5efa5c79c

SHA1
d4018712e585e36154cb45902b7698534aca50a5

SHA256
97f0ebc357553c7de9a1c365fb359c3d5899e789d20b259f1737c51d04885f6e

SHA512
75bda7e7c0d32666e6fa87e4897235039a1f1da07fb18d9d3f985f242f91f20e0c14926c9ec111670c7304b971685044acabf3d014f18185730683d8aa8e5410

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\audio-codecs.json

Filesize
785B

MD5
7c7b86dc885096030fe894c2b85239bd

SHA1
53c7b53122adeb80b6d54567d15f9d24054ec17f

SHA256
4a6034be779a311d4eeb60010c4719b026dca670a435d156587cafbf5e655643

SHA512
e0095c0acd2b3918adeb1b72aed929474f5de5ca79c8814f18d0a706ce5ba4ceaa01778b550c57645ef348e449c4bed40ad1b1d4ae88231fed9e8b292510c942

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\benchmarks.json

Filesize
2KB

MD5
17b9192d01aa3faa43c6211e91ec44f6

SHA1
2e0ca5e45c2feb5902bd780b4397d17072b27afe

SHA256
e5eb84914d7a7a62c0b4800ea6e55145969c80d15c580c552465ecb1e8c3d2a9

SHA512
5f8081f0928a94e695a1564224a77b59239bbcb8e423591f6af83a96b78411ffb7728603c70df37cb7761880abcd93e0fb32b90752880444c02817cce46558c3

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chf-1.json

Filesize
5KB

MD5
95edb9da265c288aace6d503375f3a2b

SHA1
4c794eb7cfab95236431914cf3a00de8c4e20f21

SHA256
d073b682ca710a2e218bc44fad0bcec7717a0adc953728782f8858dc9e03c0f2

SHA512
96a5891c8305db859e66a8575020f42d2cf0c92c7d0ca62036e4feca75ad90f62dbe5f67121857195b7430d6c9f4a0b6758390ade9f46bd1f4b3dc0cd5d9749c

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chf-2.json

Filesize
5KB

MD5
cb0dbb84a98e34a7d216b80c6410086d

SHA1
fa61f351ed77a2b61de9021f446b44027847eccf

SHA256
65c2000fd5b39fff34430de6015a160b99f25f794e758acb93723496e91738b1

SHA512
6b60a18fd78dc2ab1f52c86d9688f14b64a3048984f206ec84cd86ad9a1c04be25d9555a71e07fd07a5a659de3753d67dc227ef169819b1c7cd137d5a02dfca5

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chf-3.json

Filesize
6KB

MD5
6a5a5b5957b87c67bb19196994b8f00f

SHA1
665be7c5667e66a9eed9e1892309a931d8fbaccd

SHA256
f75a5ea5576c4077ec55e7eed0a3dbf23c1d0b8abd2585ef1b9b0d5aa5925096

SHA512
5d6548ac03216cf14acfa1e76cd29d59e0743c8564c276437861fe396d4b13b62e368e52736d328b99583df0019066a74306fc19229ae3f1047b9a35f534a5c1

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chr-1.json

Filesize
5KB

MD5
77fa409e8e15fa6922e6060a0573ddbe

SHA1
ebab63cc45a4767d9d27811fe11185b7a8730bae

SHA256
36d351db704395ad1f085f1aac653c3b75b4cbbc44e676701bf20dc8b196f751

SHA512
d5a47390c6321a7ff6ef85f83856d3932d6ebf502c043443bbcefd7617f453560e04d3059ecb06da9b2c7375452b0b960fb11d03dc921c33ec3337bae7a6d810

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\chr-2.json

Filesize
6KB

MD5
608c21974b1f7d71f02c6f1ca9a3e0b3

SHA1
305bf15112d338c5250703734988714d5fd9a354

SHA256
f7b3141bbe3d0fafcecd3bc85c56fce4bb209c5517d94de401c8a1843b73a64c

SHA512
7d855d8581604b8bce4fa3095fc26f0d8e61833e9bf295bde62a6183783005d2ae0c82a3409dd6a0c6f6760e211b7c97025a69d78fb765fdc06c37bc43f3e2ac

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\cpe-1.json

Filesize
3KB

MD5
4fc5b03cc4a91ef843a62433ef66f861

SHA1
f612b833ae923b14b03cfe5bc5f7faf5a580abb6

SHA256
06434f4426a38fb50fa35940650fda60de0aeed5bd2a613e9e11a80b35a898d0

SHA512
32359b087d866339a22863222ae4ca57428affcceae13aeec2539ca4014baee895f5cf14575096e8124ab15010e0130eafecc939ddbd400b4da8528ebc5026d2

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\cpe-2.json

Filesize
3KB

MD5
ba85ed32ddd8751cde31da2c0eace2d7

SHA1
996f21a603f0db04bd62be874d99fa63a10e1e2c

SHA256
11461468fb3caede43be491734095e0789dc1ab4634929216b2d0bbf272f1efb

SHA512
0d0dcecac6fb746a445703600f0f358cbd641c3cddfe5899fb5e2570b0825e399f65c67cac5bb29501149a7bbbed4bea15943f2f098f071b13db56fa5c3c6939

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-1.json

Filesize
17KB

MD5
a4d4bf4774a28073b2956b02d463067a

SHA1
8a75246c634ed6d7921bb40ec0c956fc5448b6fe

SHA256
db132914558bcf4c0652d224128e206f7a3dec9df3dc3e31e247af02edc4a75c

SHA512
482dae8659fbf08dd0a3e010893a00b313afb287138b706406566d99ffc20403e3c324d246b8f89fd45fa858505a271c880009b0955e273d4a31e72e7143315b

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-2.json

Filesize
17KB

MD5
d2b47f9be57e1bfb348176f28f56028d

SHA1
d4c68c391a9c361c68a341db1e33f512dc58f34a

SHA256
38200a80ff930569f924c1660e6d307f1ce9a16229d631c2d0c20cb906c9f397

SHA512
b17e7153a3e78b1658f333041dd86ef37d9c04162feab62a4c8c5fb75e8a7ea58582ae8c146834c7d0e6ea3f448bfa8e8151e46a298038eac892c5938e601678

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\ddv-3.json

Filesize
16KB

MD5
0c1d841439f3221cb8766945db7f766b

SHA1
5b4202c91b0547097a595cade88ed47c57212fe3

SHA256
3fb29f95615b11ecfafccc1c76aa645b1fe41322312154ae8f106dd64d46857c

SHA512
ba4883c460f08f5d7081df4fe40d87accd8c7c7cb304eb0c5124fd863bd3a3de026863331796307ed27f684b460fc0113d9c573bf825cc86abf6c0c4d1ba6be9

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtd-1.json

Filesize
16KB

MD5
ade0e41e00bcb4269d3dc71c65bb31de

SHA1
cf82dcbc77dc339068201645628ccdde53f72b51

SHA256
0ee835f0707ca361c81cee518c81c22c7471da04bbbe0c218b1d32a7bfbe0516

SHA512
bc1169b3418758ab6581b8634ee6c3f002556a80839088c144ddc4720f5aa04685077b1b75df64658f2ae191facda3a21b262908540fd86b702243e9a764fc05

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtd-3.json

Filesize
16KB

MD5
2b513fbb105388c6c91d3ccabaa421ce

SHA1
195f3fdd275a073f6ebbdacdbb58b435e8c58084

SHA256
fe117ae1335d02297a36a12906e8daac4d174a7313511bbb78580110fa2c353f

SHA512
8322fd42401679a6c0c562d765e26670143e38a445aa19684d683ab8dc078804d3f562b1ae8e02d51453a78baf4ead4e4e791fa078ae1671d7fc91c71034a20d

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtd-4.json

Filesize
15KB

MD5
97d9a9b2c606eeb19d87d2a253735bda

SHA1
a50827c0f4833063519d55310f4ef18d79d123da

SHA256
4a90a35e6a8a73e98cff4637c87e000201f54ec1fa7b0ad7f2ae1f1356951d61

SHA512
6e2af393e9022518e58aaf00721af076846e397596d9842c8691135e4b07fc37aed6e62deeb06ddc82d81ddd39b9b08f1a0e6c64269ae36cfd0aa89f58cc0f0d

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtds-1.json

Filesize
16KB

MD5
bd38533dcf457c3d648d6356c4b2ea8a

SHA1
33c625074c3811c1cd6a0ea7624ef3d32e413385

SHA256
79b47da55c14b09a60e76e531e57bac869893c3d03fdbfc1da825101408759b7

SHA512
572f28c0a3b3153c2d63a30ebb4b95faedae274b8c951a672d2b86d00c8932bdd255eb9cf6c365ca0e1048c1ffa74e68ab8b74bebf3237225997224502159e75

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtds-2.json

Filesize
15KB

MD5
83c8d2c967860bc6b06250984c600dbe

SHA1
a01e08b69f71dc120e56ee8a00c4e014ed8fd415

SHA256
d0a163e73cdb1a5ff42b3e04d1913d91834197d0f26b7e7428794a7bfb4e5c97

SHA512
79321d6f9fd4a0d8e482364bcdf2729a486ab9b9ebf0619013b113f0baddb4aeda2afb3a35a58bbde6965264ea161618bb9005a22071e80ea8986bd2e886c08d

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtv-1.json

Filesize
17KB

MD5
fa3689344434b6b4e63ea48d3bb5aca7

SHA1
ae707a29b92ced7e881ce371b8743988dbc78ed6

SHA256
3937e7dbaf13fb42f0818967b013cfeaaca179fab36b31e9d7c9db01711abb5d

SHA512
4422ba3d6afc3c1855c0b2d803018d770420ef3504cf4b4d98ecea70b2682766f2fbc4d8805d40f06f8287c718d4090399cc222c78a6b7ada46a72613321d0a4

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtv-3.json

Filesize
17KB

MD5
ea1aded31ea35c48a4ff2356f6a94e75

SHA1
d336593869cb55d6872b03389cb01b00acf78a06

SHA256
836c7507eb6ef8d0e5e86c97e9635c011805fe487323a15100ad4ed745f1b25f

SHA512
868c9218883dab37722b66c2205dd96359d09965762e90e4c61747f15468d73c874bfe8e793c234c69cac739396484031eb42bee525c4d2ce70b75e00991a085

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\dtvs-2.json

Filesize
16KB

MD5
145a5494ff51f8c4a8c209f31a98a5e4

SHA1
493ed36e8bf2727c8de4c45890b33310dad17144

SHA256
615b2cc830a891777175a9321eb9c6b9bedc777343ef1e4f0164309c094d79bf

SHA512
2e5bdbe040ebb8038c6a3dd901f2dcfe720a95e15715a2756e7a157b876e8a118be593a3b344e464657cc6f87a949ad2c4e79302b35f2e3a33a187e5b89a7191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
65e2192e4dc04fc206f436f9a86e1023

SHA1
6435da8290f576c8604ddcddbb40bacd19458c8e

SHA256
8df5fb73b8f3f863f2829e3911cd5446c5426437ec869bb87309c639ede8aec8

SHA512
215b8f9c268587b4ba022e2d5374cfaa0d680a7f5277db9207367a4d9387d91ddefb4686c4449a6e80e473be6d67ddb7d80247586401c4dce9656a5e17290a31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
727B

MD5
90d9d9e5322c7f6d53b5b5171ef7c804

SHA1
c4c59c702635a5c4d80592383b602abd47ed588f

SHA256
447a7dacd9b46ce5a60facfdc71c064f10eabf381cb805713172d9b1315e2e3c

SHA512
7f2bc6f4f92ac0e02785b2f10ccb2abb385c2c4e9078e6b94cdbaa38ca6c22e0a8ab8ab900547617b56691f226c55f96a09965f191f4625591040edc45b6938d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
72db13da5fff7268cc2462be217daac9

SHA1
3eab5c472f6a341d752a3c38a9447db3eaeede10

SHA256
08441bff263e0edff40c3d7b80737a4bfc3a0c93832daf1166bb512045282735

SHA512
7d88cd7fc9371eae08d40e19f4d9f2204fa83716056d8ba5ba332eef278861907bc967b3e8f74c8a12e1be15f481ea7216c3ff669917943d462df3bc0c25de89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
0c5c65e2506666dd4a19d017ac190802

SHA1
9112592e4a8cdd3ecc089b0375b6c081a3379e34

SHA256
44d69e7cfc8c94f4f1efd8a2457b50032e3b419134c1d6433aa452953f92aca4

SHA512
7db83e37e1ed62ab1b3339c46d776312e1c0d625a21b7f031c7a2b75918dc461185d4451494a9b7e5ed06c2f7344f01fce70343799997b8c2824b55145597bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
404B

MD5
a6a8db78b4f175dcc2cce527a6873320

SHA1
c26c1e8ceefa9cedc4e7027e13737372b442c047

SHA256
79e760bfc7d18924054d25f9f8072c17eee9cc40f0f11f957db8691f5a7fa48f

SHA512
4ac55e05061e30b78bf35faf91192dfcd4ec794325ef4f829fb3e821fe431f871000ec1298eeb94de53d84989915712c19f7c31f19653e12ce63ff3d8f375a45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ff066403412dd76402987f7dfd0d2afb

SHA1
cda26d1db1af0da8c0e32ce2582e8a98d1918fea

SHA256
71446f595cfaac4085fae98d08346fffc1f7bf7be6efa450dc2e337d1cb33c83

SHA512
f411efcf6fdbb2accc05a56da5a8e40cc050c7ac897f1d42212fee23e50ceda17235c1e8e3136d1cbb86af1a35d69592fec789c46c34edddf0bfc88a8597412e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB640.tmp

Filesize
1.0MB

MD5
7b269dc43386d749c69d6c7032b5d69e

SHA1
33fe67ce3629bf6d350150b4ce03c066fb068f5f

SHA256
3e97760c51ee6263498b03e6fa353856155541105600946dea4a0cd0b9b1f792

SHA512
136149782dd19297028db427ff941542362890d126fbb720135c50c39f952dcbbbad1f493dc01d12f62e596a3a5b282fb34f5c14440cecec1b2c990297e9345a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC748.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Windows\Installer\MSIF291.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
memory/5108-1524-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1531-0x000001C008D50000-0x000001C008D51000-memory.dmp

Filesize
4KB

Download
memory/5108-962-0x000001C0068A0000-0x000001C006AA2000-memory.dmp

Filesize
2.0MB

Download
memory/5108-960-0x000001C006450000-0x000001C006892000-memory.dmp

Filesize
4.3MB

Download
memory/5108-1504-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1508-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1511-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1510-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1509-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1507-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1506-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1505-0x000001C008B30000-0x000001C008B31000-memory.dmp

Filesize
4KB

Download
memory/5108-1513-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1515-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-958-0x00007FFCA65F0000-0x00007FFCA6B33000-memory.dmp

Filesize
5.3MB

Download
memory/5108-1529-0x000001C008D50000-0x000001C008D51000-memory.dmp

Filesize
4KB

Download
memory/5108-1528-0x000001C008D50000-0x000001C008D51000-memory.dmp

Filesize
4KB

Download
memory/5108-1526-0x000001C008D40000-0x000001C008D41000-memory.dmp

Filesize
4KB

Download
memory/5108-1525-0x000001C008D40000-0x000001C008D41000-memory.dmp

Filesize
4KB

Download
memory/5108-1522-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1521-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1523-0x000001C008D40000-0x000001C008D41000-memory.dmp

Filesize
4KB

Download
memory/5108-1520-0x000001C008D40000-0x000001C008D41000-memory.dmp

Filesize
4KB

Download
memory/5108-1518-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1517-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1516-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-1514-0x000001C008D30000-0x000001C008D31000-memory.dmp

Filesize
4KB

Download
memory/5108-959-0x00007FFCA6B40000-0x00007FFCA716B000-memory.dmp

Filesize
6.2MB

Download
memory/5108-1530-0x000001C008D50000-0x000001C008D51000-memory.dmp

Filesize
4KB

Download
memory/5108-1533-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1534-0x000001C008D50000-0x000001C008D51000-memory.dmp

Filesize
4KB

Download
memory/5108-1535-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1537-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1536-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1538-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1539-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1540-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1542-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1541-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1544-0x000001C0091A0000-0x000001C0091A1000-memory.dmp

Filesize
4KB

Download
memory/5108-1545-0x000001C009190000-0x000001C009191000-memory.dmp

Filesize
4KB

Download
memory/5108-1546-0x000001C0091A0000-0x000001C0091A1000-memory.dmp

Filesize
4KB

Download
memory/5108-1547-0x000001C0091A0000-0x000001C0091A1000-memory.dmp

Filesize
4KB

Download
memory/5108-1549-0x000001C0091C0000-0x000001C0091C1000-memory.dmp

Filesize
4KB

Download
memory/5108-1550-0x000001C0091C0000-0x000001C0091C1000-memory.dmp

Filesize
4KB

Download
memory/5108-1551-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1552-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1553-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1557-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1562-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1561-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1560-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1559-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download
memory/5108-1558-0x000001C00B260000-0x000001C00B261000-memory.dmp

Filesize
4KB

Download