hxxps://dubbingai[.]io/promotionDownload?channelId=BING__SEM

Analysis

max time kernel
187s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dubbingai.io/promotionDownload?channelId=BING__SEM

Score

9^/10

discovery evasion persistence themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	DubbingAI.exe

Downloads MZ/PE file

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\AudioMirror.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\SETB263.tmp	DrvInst.exe
File created	C:\Windows\System32\drivers\SETB263.tmp	DrvInst.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DubbingAI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	DubbingAI.exe

Executes dropped EXE 8 IoCs

pid	Process
5648	DubbingAI_v1.6.6_11121909_Release_C_Setup.exe
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5860	SetAudioDevice.exe
5984	devcon.exe
6000	find.exe
5960	devcon.exe
1168	SetAudioDevice.exe
5636	DubbingAI.exe

Loads dropped DLL 22 IoCs

pid	Process
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5860	SetAudioDevice.exe
5860	SetAudioDevice.exe
5860	SetAudioDevice.exe
1168	SetAudioDevice.exe
1168	SetAudioDevice.exe
1168	SetAudioDevice.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe
5636	DubbingAI.exe

Themida packer 33 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0007000000023d70-5196.dat	themida
behavioral1/memory/5636-5207-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5208-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5209-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5210-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/files/0x00070000000246a3-5204.dat	themida
behavioral1/memory/5636-5212-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5213-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5211-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5219-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5218-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5217-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5221-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5223-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5224-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5237-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5238-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5239-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5240-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5244-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5245-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5285-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5286-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5311-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5312-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5646-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5647-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5811-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5810-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5886-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida
behavioral1/memory/5636-5885-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5964-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp	themida
behavioral1/memory/5636-5965-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DubbingAI = "\"C:\\Program Files\\DubbingAI\\DubbingAI.exe\" -AutoStart"	DubbingAI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DubbingAI.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\SETB08E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\SETB090.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\AudioMirror.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}	DrvInst.exe
File created	C:\Windows\system32\sysdbdn	DubbingAI.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\SETB08E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\AudioMirror.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\SETB090.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\AudioMirror.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\SETB08F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\audiomirror.PNF	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\SETB08F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{98c8d22a-e0f1-f34b-ae0d-fa7bb00556f8}\audiomirror.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\audiomirror.inf_amd64_fa0c1758ba5964c6\AudioMirror.sys	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DubbingAI\res\layout\is-B8GED.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\is-6PQVS.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-227VR.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-9U7C1.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-B47UI.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-F8AEB.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-6LHSC.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-9R54J.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-RVBLP.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\task\is-0ERV9.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-JIIJU.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-BN06C.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-0T4E6.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-CTPPL.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-651CB.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\subscription\is-HIR9J.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-N01EQ.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-M1ABG.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-9KB8G.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-SP42E.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\blind\is-41S22.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-MJN1B.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-ME6M3.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-RU9SN.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-KTU0R.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File opened for modification	C:\Program Files\DubbingAI\libspeexdsp.dll	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-69K8A.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-UNMT7.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\activity\is-0MIQD.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\guide\is-6AB8O.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-3PQ3J.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-T0TCU.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-SM713.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-CH82C.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-PDLK8.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\cloning\is-4DIFB.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\gift\is-UDL9G.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-RK2NQ.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-TRCIR.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-PT3KQ.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-HV20J.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\image\cbb598b50cc8ef06e80095dd92cb7a98.temp	DubbingAI.exe
File created	C:\Program Files\DubbingAI\vc_model\is-3CED6.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-NPAHB.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\gift\is-CKLGH.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\layout\is-9G9AT.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-B29LK.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-0L61C.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-CMCO7.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-QUD5N.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-88STG.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-P0HTU.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-8A8CN.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-VF344.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\loading\is-LCRSE.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-EU4O9.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\is-0NQPG.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\res\drawable\task\is-31TCU.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\image\57b7c69030d48989801c2b1cdaf95524.temp	DubbingAI.exe
File created	C:\Program Files\DubbingAI\vc_model\is-IB57U.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-MD4QE.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-K32HU.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-Q4E5I.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Program Files\DubbingAI\vc_model\is-KO44I.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Fonts\is-VB7MB.tmp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
File created	C:\Windows\INF\c_media.PNF	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DubbingAI_v1.6.6_11121909_Release_C_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5816	taskkill.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\\OpenWithProgids	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\URL Protocol = "DubbingAI"	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\ = "DubbingAI"	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe\SupportedTypes	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe\SupportedTypes\.myp	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpenWithProgids\DubbingAI	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI\DefaultIcon	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\DefaultIcon\ = "C:\\Program Files\\DubbingAI\\DubbingAI.exe,0"	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI\shell\open\command	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DubbingAI	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell\open	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell\open\command	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DubbingAI\shell\open\command\ = "\"C:\\Program Files\\DubbingAI\\DubbingAI.exe\" \"%1\""	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\DubbingAI.exe\SupportedTypes	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DubbingAI.exe	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 99152.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
4500	msedge.exe
4500	msedge.exe
4688	identity_helper.exe
4688	identity_helper.exe
5532	msedge.exe
5532	msedge.exe
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5636	DubbingAI.exe
5636	DubbingAI.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	5816	taskkill.exe
Token: SeAuditPrivilege	812	svchost.exe
Token: SeSecurityPrivilege	812	svchost.exe
Token: SeLoadDriverPrivilege	5960	devcon.exe
Token: SeRestorePrivilege	6124	DrvInst.exe
Token: SeBackupPrivilege	6124	DrvInst.exe
Token: SeRestorePrivilege	6124	DrvInst.exe
Token: SeBackupPrivilege	6124	DrvInst.exe
Token: SeRestorePrivilege	6124	DrvInst.exe
Token: SeBackupPrivilege	6124	DrvInst.exe
Token: SeLoadDriverPrivilege	6124	DrvInst.exe
Token: SeLoadDriverPrivilege	6124	DrvInst.exe
Token: SeLoadDriverPrivilege	6124	DrvInst.exe
Token: SeLoadDriverPrivilege	5636	DubbingAI.exe
Token: 33	3056	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3056	AUDIODG.EXE
Token: 33	5636	DubbingAI.exe
Token: SeIncBasePriorityPrivilege	5636	DubbingAI.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5636	DubbingAI.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
5636	DubbingAI.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5648	DubbingAI_v1.6.6_11121909_Release_C_Setup.exe
5756	DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
5860	SetAudioDevice.exe
5984	devcon.exe
5960	devcon.exe
1168	SetAudioDevice.exe
5636	DubbingAI.exe
5636	DubbingAI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 1952	4500	msedge.exe	83
PID 4500 wrote to memory of 1952	4500	msedge.exe	83
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 2876	4500	msedge.exe	84
PID 4500 wrote to memory of 3068	4500	msedge.exe	85
PID 4500 wrote to memory of 3068	4500	msedge.exe	85
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86
PID 4500 wrote to memory of 2308	4500	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://dubbingai.io/promotionDownload?channelId=BING__SEM
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd407346f8,0x7ffd40734708,0x7ffd40734718
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5532
- C:\Users\Admin\Downloads\DubbingAI_v1.6.6_11121909_Release_C_Setup.exe
  "C:\Users\Admin\Downloads\DubbingAI_v1.6.6_11121909_Release_C_Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5648
- - C:\Users\Admin\AppData\Local\Temp\is-Q9A4C.tmp\DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-Q9A4C.tmp\DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp" /SL5="$B0200,114528398,928768,C:\Users\Admin\Downloads\DubbingAI_v1.6.6_11121909_Release_C_Setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:5756
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill.exe" /IM DubbingAI.exe /F
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:5816
  - - C:\Program Files\DubbingAI\SetAudioDevice.exe
      "C:\Program Files\DubbingAI\SetAudioDevice.exe" get
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:5860
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\DubbingAI\AudioMirror\install.bat""
      4⤵
      System Location Discovery: System Language Discovery
      PID:3724
    - - C:\Program Files\DubbingAI\AudioMirror\devcon.exe
        
        devcon.exe status "Root\AudioMirror"
        5⤵
        Executes dropped EXE
        Checks SCSI registry key(s)
        Suspicious use of SetWindowsHookEx
        
        PID:5984
    - - C:\Program Files\DubbingAI\AudioMirror\find.exe
        
        find "Dubbing Virtual Device"
        5⤵
        Executes dropped EXE
        
        PID:6000
    - - C:\Program Files\DubbingAI\AudioMirror\devcon.exe
        
        devcon.exe install AudioMirror.inf Root\AudioMirror -v
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5960
  - - C:\Program Files\DubbingAI\SetAudioDevice.exe
      "C:\Program Files\DubbingAI\SetAudioDevice.exe" set
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1168
  - - C:\Program Files\DubbingAI\DubbingAI.exe
      "C:\Program Files\DubbingAI\DubbingAI.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Checks whether UAC is enabled
      Drops file in System32 directory
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11030615330267317708,17359437264150595174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:812
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fc8b2ab2-f35d-c444-9bd1-356784500b61}\audiomirror.inf" "9" "41823b7ff" "0000000000000148" "WinSta0\Default" "000000000000015C" "208" "c:\program files\dubbingai\audiomirror"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2940
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:f1d97002a6aaffa0:AudioMirror_Device:12.33.40.11:root\audiomirror," "41823b7ff" "0000000000000158"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:6124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x558 0x538
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\DubbingAI\AudioMirror\AudioMirror.inf

Filesize
5KB

MD5
f5d9ad8275255b0fbee239f3960da265

SHA1
0f4bea0d2f4e488b66d52668a0ce8eabbe58e057

SHA256
b4216f74d8c68396e5b2ee5da78ed4802347986e4f9ebf918d783579f8708202

SHA512
2740a19538c72591c0a825b9adfb36f168df59c059ebbf8ebda6acea03e9e1016f5aac44e839a4e24c7713d27c8005e1b5e3f0b027b589dde2a18b983be5a837

Download Submit
C:\Program Files\DubbingAI\AudioMirror\devcon.exe

Filesize
81KB

MD5
816c4e245b286b4e4903131f75a94948

SHA1
eda70c1fc8a461efb0e376d42e35a72b96175e4d

SHA256
aca1bda08690dcca930254f96f9185c776671a85a58ffa1b59cf16017546f218

SHA512
d0dc74956c57403c0638e6595aaf1c2eb75233997a15170b064261a5d3f1f525a3e35e13fef04c36cc20fd1d5d1cf000a5fb7a646bf2cf1cea73817e5d3335b3

Download Submit
C:\Program Files\DubbingAI\AudioMirror\find.exe

Filesize
17KB

MD5
ae3f3dc3ed900f2a582bad86a764508c

SHA1
1e44ee63bdb2cf3a6e48b521844204218a001344

SHA256
1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab

SHA512
059c0a371aada5f36e72196109c06208b68475ed0fbefb950beb0cbea2c29595151d65b087c5113af41df926596c4fe4e01102daf4b75e999cf6d6517d26ff63

Download Submit
C:\Program Files\DubbingAI\AudioMirror\install.bat

Filesize
223B

MD5
70e7c009a4f8a420755c0efc4197e642

SHA1
6dcae12ede6c84626a6cdef9614a8ead66f42ba3

SHA256
b517734c72a6bee139b181ce8ed7926d0e2e1cf98a1e2a0bdbc28806549c3003

SHA512
7dee3e85f7b60c847c4e628f1380512e4f58d78dabfac62f10130c637b0cadf6897e8f6dc48aa4c034d013e75d187cda587747fb311688cf51a0a953c333708e

Download Submit
C:\Program Files\DubbingAI\DubbingAI.exe

Filesize
3.6MB

MD5
b61d242a9014f7c1f5cda19b4dbb8c91

SHA1
a1f712f14314c19068bcea1fe488227dd8a858c3

SHA256
1d5a3c12b782c550c4c4fe96d4eb37d1040471192187b0532fb3396c9d3333cc

SHA512
82956a76b0b3904c845308198b4c2a22c36a6cbf5aadd4f92d57fce1e0c14443949c4989321a027796f88be4abdb3e814495c79f10690779bb728d405442503f

Download Submit
C:\Program Files\DubbingAI\InDeviceId.ini

Filesize
55B

MD5
fcea6149ccb45e8d0c2f8499120b814e

SHA1
076cd7bf3aa9bc9fec75eb544446c6b9b7a69aa0

SHA256
9788c0baeef236eaa85906dd6ec7a8b702cd460307c9309545331c1da1096d57

SHA512
303f57ac3e6a98d58ffb6c414cea4a55c75b7cfe39d81a80db9f46067606f282e3e284c7a7d630b43ae863acc799324825eb0f40b091fedf8f6e23f0c8c61613

Download Submit
C:\Program Files\DubbingAI\OutDeviceId.ini

Filesize
55B

MD5
67dbdba8f3e0b467576d90f72eb49772

SHA1
a5e6917f25f24a08dd40b1b868385935b074029a

SHA256
6fe6a3137809214c22627f583b2476d346056a18f391b7802fa1ba84bb229ef3

SHA512
429d2fef3ba8b3cec7496afd2ec55bfa777bd1738fae266daad7bbe1191f13fc51a50508504b282943c42dc145950e6966af412818dbd970af4999d2188287d5

Download Submit
C:\Program Files\DubbingAI\SetAudioDevice.exe

Filesize
82KB

MD5
cb084353c30a8a949a133ce647e9d6d4

SHA1
d04d9b214b928fede9aa895e95b9fdb1f7874496

SHA256
def90008d015ea9c5b935208dacd4371c071bc96f390dd8b6a79af3a45336cde

SHA512
f2c1b43773f38320fb63c9f95272f689d59e9b8762c6534c81552fe9ca5408f0eec8fb393f9ec16e29baad7d57eb5ddc52931d04d578f383e2c57a1b711f4baf

Download Submit
C:\Program Files\DubbingAI\dubbing-base.dll

Filesize
3.5MB

MD5
fc704eeb1add0c480a74a9bdcd77206f

SHA1
4447cf1216148187dc5276e5becd082ad61fa638

SHA256
295b5169b550b364554411cca0fe5c9f57bbfe36801244889dda5b74e00d8763

SHA512
cc5ddc8af7d677b5b192cb1e9a89c88708edd8db85eb134aa2f919e5003023b32daae56e098cf7822656e241887084b7c80027db39cc4f16c091261adbafbd0f

Download Submit
C:\Program Files\DubbingAI\dubbing-sdk-windows.dll

Filesize
3.6MB

MD5
a660ee2eeefabd5ec6ca059f052a3dd1

SHA1
fe3b04c7a140d4c5b81f0122b9b853bba6b40806

SHA256
d3b17a5b4ef5441929ec54dc030b008fa92f0ef31c123eed9f39e10b5d172f29

SHA512
cb58d51562a18506da14723f684e826375beb12f10e1c4ebb8e099c58bc4c3ca22902651c3ddf5aa00a4e788b55d243ebeba958aa6be266733c0e19dd2e1a60c

Download Submit
C:\Program Files\DubbingAI\fdk-aac.dll

Filesize
1.2MB

MD5
552e7f3fffbc0ddd860bc59ec2beb4f4

SHA1
4b65f449b9571174f94ae8e9f17159b8619952e3

SHA256
ec2e5abacf2ef2992b0a3cde437f424a41654cb358824876a58ceab644876a96

SHA512
b3f4d19b00380ec5f0c9c082d31627427b51c6ff020d2749083b456c88b51f7b1800a6b7a0117ddea0d029519827fbed0127e95e2eeec2a84ddced1f4724d293

Download Submit
C:\Program Files\DubbingAI\image\04de9ae1fd6f4e40ca13cc8ac8b4dc95

Filesize
21KB

MD5
b742766c272c418bb6bb95b2010f78fb

SHA1
826b201b426a9587df5599da23591306c9a29b1c

SHA256
08a7a26f97c130dfe5b9fd1eb6ed9cb7ee7857800e563d39e298558be8a17743

SHA512
bc3bf22f3be73746fbedb9684956e9c6bf7f0bae08271b1b1d3df5841fa450c7f490a22147b4ecd1a0f25e5e46d0962ce7d7cb0240937653f9c5c39661a85eea

Download Submit
C:\Program Files\DubbingAI\image\08a1d53924f9a71e6b68cf73b6234e19

Filesize
22KB

MD5
dfaa4738d99c74f6a4194960b737e762

SHA1
cc0c0595a0c461f63c66fe3401ca6f2e3c9336b5

SHA256
9613339a51c2196c6a31af0be485d1210029bbfbc64a117d619fd0a3f704f3df

SHA512
130b665a083c1bf08a7dafe050a28b7507dd47118a25f2009124b60f0b22d4ae9d56e0d516554b444b31ec65af7729a3ab83184a0ec1046502488b244bec31a2

Download Submit
C:\Program Files\DubbingAI\image\0f3c72463dee5696bdd39699cf9a9022

Filesize
1KB

MD5
50f0a53f34fedd28694bdffe5ee4525b

SHA1
974c35068bb62158efa6fc4e03edccf050cb62f9

SHA256
8c51bab20b40a51e814ccc69ace9dfc9628b753a7e877b31e8cdcda44b9ffb27

SHA512
31c37d38102b8964989d1edf249bd35dbcdc10bd91761f58dde15074486a5a2a89b7419006b2fd06835d9900d61d18114755f810eb9d38b8d94d7308e98b26db

Download Submit
C:\Program Files\DubbingAI\image\16fa5bc1434109b9629f6c9877eb6bdc

Filesize
22KB

MD5
e3f9e06011b739eef3fbe17ca0681de6

SHA1
8b9122c5f119df37074beb5fa95896d189c1cb43

SHA256
cb9d2ae6a5b2054cac9b45eee451f1d1fccda605b05d55721dbac0fd63f66944

SHA512
b84f74ba890273eb7426d88e9e6787bdedda86ad68c3517a9219982507808af1b417ce01d6eb7806a5b480f60b26cecdbc6e8d77b6b78f70fb028f537dabc8f9

Download Submit
C:\Program Files\DubbingAI\image\1925586ae093c65d17e0fb689aaf47ec

Filesize
22KB

MD5
d4bd83740a7979c3f36158b36103d53c

SHA1
8bfcac2a5371225d5de6d15d8ae2777e2cf2791a

SHA256
737cda001b63ed41c53de995f21955a54b66121f0f0c37bb5be5346918be115e

SHA512
6a3616f39c6a978b3b10b6981559e96787b09089a1256fe5c0d28a80e50f5c8d2ab0a472eae8c04108480c7a1dd8496f55c897da0bb4b279d8a508f88534035d

Download Submit
C:\Program Files\DubbingAI\image\1bba8d09fc6f0b071ffd6b5562ac22c1

Filesize
1KB

MD5
d4b6a31e766135c68318287203b4aa6e

SHA1
edd0b8120c8b57429f386788ac812a4cba752a11

SHA256
0614876ccd7c7dcc4cfebf660c70436cb5bfbf1899371e02eee56d655241d325

SHA512
8b269dcc6035679fe3849fcf11dde38f91297ea4e5f736f8cb9597b919ee9a8ed710a69a3e7020103b93b57bebda1ed6854ea61ceefbb9b48410809f56e3d608

Download Submit
C:\Program Files\DubbingAI\image\2126f3ad3678d6447ba16367d13874b8

Filesize
2KB

MD5
c84db53ed3234d91ea4377189cace7cb

SHA1
46a4e128d562eebf4580cdfc2866428af7e2df9f

SHA256
02fed0d7d4201a4f382f646ebfe39f75aebfac534614bde01b2d865f70c241b1

SHA512
d9c180484fa8f25fe4720526756bd57d86f312bac9211c7a1e1ed0710c930f264eb94c68929eaf68f77ad231c88f3851961af3f993525fce0a23811de92f86e3

Download Submit
C:\Program Files\DubbingAI\image\29bc756c0b3cee54b253038da85ac6a7

Filesize
1KB

MD5
0c3278b23f07224bd065a43317874363

SHA1
b0bc2ac4b274a4c290bcdc6e38568874eedccad1

SHA256
a066d46b03515a12b35d8f4f268ab6b5732c5b7d7b206ee0b4b759ebd0427eb9

SHA512
cf64e3c369cc39def5cf84e23e80c25891a9dd3b9354e006a011321a56ecbdb960ef91d3a9517d033950d3501a20f74f423e25650829af00f2b15acb4014044e

Download Submit
C:\Program Files\DubbingAI\image\2afdc7b9c1939138f477a3f3bf0d0b34

Filesize
21KB

MD5
6cd0e4fb7623a83f37048abef001fc01

SHA1
9e4c9d35f3b0c357dcbaadf639ed016d2d11dd78

SHA256
fb1524bd29a141f7e55f3c74f5dc8e24daed6f4866e26f23d7519aef9a03a7e1

SHA512
8db85b1affd108cc513929e98754f7e4d4ff36d34bca047045e40ec61c91fc3bf463b35cd594bf7e61259040a7201065afb55e602b87e0a6a2e02edbb0ac9882

Download Submit
C:\Program Files\DubbingAI\image\2b6570931a1ca8c0a148ee789b32d7e4

Filesize
22KB

MD5
ac8ff0c12aa94fe5155f5c31d968fea2

SHA1
745feed40493d20d4ad706cc449275cd968ac8eb

SHA256
1af2b8e12ce65a5fcb639e917971e78713f3810b91d067c63b672d97e4fe34c6

SHA512
7bcb9513b8ce289f7afe38c7fb70a52519a97a80c271430dc2659bef6c759d7432a71d85b6eb570f8e586e84e62351a395fc46936741d40ef4ba6ca3e285b1e8

Download Submit
C:\Program Files\DubbingAI\image\2c8e31dc9d60123db58fc3792c87768d

Filesize
28KB

MD5
d526cc93a3238b6adf0ba731d9227870

SHA1
be4716121560a9f36d212d27372a34e0af7abcca

SHA256
755c83e2294ca35ecb38d2cd50659da4f8e0f5014e822ae8b2753cc93895f7c0

SHA512
caf6e17ec20dda9475698f569fd1648169cc269a59aece1e8e3b7e32239be85fcc10e2f48b07570208bca94b326539c4bd7712795256d1307d8f54e532f9ce7d

Download Submit
C:\Program Files\DubbingAI\image\31fc0034ad93b93fd90e0ed2a13d0cfe

Filesize
17KB

MD5
05386de426005c2da648c2d7c03d86a6

SHA1
56e77aff18da186ebdf8d34a14d3026e0c7dc118

SHA256
a52e8bf0b5d809e59887c8e64bef5291b460ffcbe7a988baf11ca148ca251d8b

SHA512
7ef71accc84a5e3947ad5b0c4d701f79ddf03d391707d246caf8ca7122e0852547b000e81e62bf793592c2436b8e4cb3cd73528c98597f07facca380afa899de

Download Submit
C:\Program Files\DubbingAI\image\34554ad8b51cf96ab877ea9bdbab1a43

Filesize
32KB

MD5
f0069b1f7373ce95167d095ba886bd15

SHA1
d3f08676268ab7ab7b45ea33dcc31fb11a6f3118

SHA256
687451c6270a17661cd00524bf1ecdbe4682adbbc4375a78d8fde3ae638a7fc7

SHA512
721052672d41d6eacaeb87fdc19935c8c3ce2609d69cad482865c874fd51a1ae624b0d2220f32893121a42f1002eb4a09975ebb4d3befb66322026a52fd8969e

Download Submit
C:\Program Files\DubbingAI\image\3835d15f3ba0e4d5c84ea26fed7e2633

Filesize
26KB

MD5
fe80dbb25f67d214e5da0c2aaa99ea30

SHA1
3e25f8b9d46352f947de7c551a0eebd29b04201b

SHA256
eee9653b4f4d2d27e6ad1346429ab41dbca741380cc5aca532df16aac741529d

SHA512
e7631478dc82970f2e6d1fbfa2c6ca65c32dda9abd4e1449e30e55f6e8cbf93c044563f31a0e51e2e3a9cb09075060e5a27997d3914b458a546d71f9ebb622d0

Download Submit
C:\Program Files\DubbingAI\image\3e8157b10a2c69533fd01b68197c3195

Filesize
30KB

MD5
d33d0fe9f09305e1d2f26c8a31e87bbb

SHA1
04a9d974140283282ca84c77df397becef283d66

SHA256
d85f1599c48c0c4d3db93e4d6ea6c0fa4ed3647820f40d2a7fbda947cf32e720

SHA512
d8754ea2815430fca19afe21a226cc8b9bd573624f0bb23ea47965cdb4674ccb29e1835f20d9a497e1b48c200c1fbfaee5ed90d06b6cd7fa0bf66fb7ce1beb9f

Download Submit
C:\Program Files\DubbingAI\image\4eaff0924add5616a328d4bdb7269258

Filesize
24KB

MD5
a8d39256c83345e0e049712b395ba5ba

SHA1
ed5a79053b6048fc87a6bbb48e137cbd02d786b9

SHA256
26184f9ff31e623dd5fa83cc8cfcf6acf71780fd690b44163165ec858fb5b05d

SHA512
1f4bd55eb4bbbb0f0c43b238d041334a246ff0c2605815dea6cd78f7a0d649f3ac82386c636534a0c8ee742e1a2b3b0b0f8919d2d737ea8e88c96453836851ec

Download Submit
C:\Program Files\DubbingAI\image\520927e0c54523cae1d168d3b8de8bde

Filesize
20KB

MD5
6192a307102fe9ebc3d1f5dfd0d65a9d

SHA1
cc7d0e5ba86743195d727a209f97a6e434344d31

SHA256
4110ddb316f137b1ea4e07d4ad5189130bf69d04555380680010d18389408aa8

SHA512
718ab0bed926dde9d73b8350ed80d479d50bccb09c875e3739c6c98e384286a0d202268ebc54db6594daa8dc6d5a8083f26b4706f108709d8116c0d88636ae17

Download Submit
C:\Program Files\DubbingAI\image\57b7c69030d48989801c2b1cdaf95524

Filesize
1KB

MD5
0b9692b0cbdb66ee6e81c5afe0743e8a

SHA1
780d1b93feabdba2e6cfcc2b2136f5690b407d53

SHA256
46456b038dfbcdd3b4ceb021e81b77cd9344a3d8ab7d98517e0df8f5001f46a4

SHA512
e2ba20b0b11d5364668340b3bf3fa3529a17144a982777fbd7de7bace554b71fe0adeb22e0e93e1b6a3cf0d19ba035a65792acc01c4e19fd6e605f6432aa53b5

Download Submit
C:\Program Files\DubbingAI\image\5bd1386907859a45cb6ea0f7a5687a5e

Filesize
56KB

MD5
26508d92840802f1883783674320f069

SHA1
d0db6fd74a5a9ae7a6cd282f2fd5302116e7a964

SHA256
cf6edb1bb71f6d7605907b54cbe9dfdb05b21671534fbb0ec7243359f01070db

SHA512
abf0ade25b3e58e4b6d423e67ce4bc6481ccf250fbef18aa9fdf9562fb1f69580d7195b98a1ee272661602de201de6373729c302091fca007ef86f6a8f6ae341

Download Submit
C:\Program Files\DubbingAI\image\68b54b2b9cac254455eed9f0c8a52ed4

Filesize
2KB

MD5
00903ade1b0fae12a40b7d1ff77cd9fb

SHA1
b6fea4cda193149134849a42ef5d8229e1f39b2c

SHA256
afb0375f479b5799fb78b63cbe2b7d522079b2bf93a22acc5a993a1b1f6e3fd8

SHA512
91ff561c5fa283da24ed9448aacf3279541f1da3e52e3b1feac2acbd0ea73f1a9c66401cedb913395e0b4172c1ac09bd8b4e74bfa439da5eb5b3a7849e63e1e9

Download Submit
C:\Program Files\DubbingAI\image\69ec799d4b2bd7eedfae1e840f5694ce

Filesize
2KB

MD5
c6fbe33685474278844a07b88f6688e6

SHA1
2b3d76ffb207ad8b6fc9343663ecb5c7f90d294b

SHA256
bc94a35035311f901bf7a3f180da3fad7cd213d6ff4634ad549b17b1a70be260

SHA512
be5852dae5350b581658e08297f245fb1178756d8a10cd6a51a82763c399333d3af7264e59c17da55ec64a854e80d2de92e2c5c13dc5a63050d96f2fc6457c0d

Download Submit
C:\Program Files\DubbingAI\image\6ff04efb0954dfe7ca55f90888cc7b48

Filesize
25KB

MD5
d7afb23935409c06f2a51cc86f0da8e8

SHA1
26e6a4d14513a3648cd8ac2ab4575006ce4308a7

SHA256
9781ed0de344e27d14528e5295fd6c5ae371584bb0bf17c2f2ed754154504abd

SHA512
b76247dc495222e4e0916dec1eb6b56b12d9360be2c6dd78586842b3867d817bda8bb6d2e93bcd31514f126b7c95378605ab23abf63066af26abae6e8cde5565

Download Submit
C:\Program Files\DubbingAI\image\72225f9dfef43ae6c6d1d9e055a66ee7

Filesize
25KB

MD5
0f06eaa3c0e6ec4363139883072f0b2c

SHA1
3afab25b6bce220dec777dede718fe37c30129fa

SHA256
aaf515830e937c3870c76a86ce24c33aa3a723b6c77eddac186a1efb4f4e2d0a

SHA512
3d3f92752e7e6f1d67c41a601ec7efc4cb877faa2a7f4613f93968d4643bf8fc896a994d1d3f925c900687988ddfeca192adb38b0d0b1b3fb7180de9a195a95f

Download Submit
C:\Program Files\DubbingAI\image\74d79240e8b47fe7e50db43d4649bed3

Filesize
29KB

MD5
97f507feef561445fed94d125878221d

SHA1
46d261470355e484a001f0e6d8f4ebbca5134654

SHA256
4828011c873c202493fc4223198af9d2a47975a5cef79c2b8473df54ffcc601d

SHA512
11905adecd1a1faae55998f4719ceeab8cf4760317031cfe89bf16d208ba787ff19a73659717fe1db4cecfe84e1722f9ad7f399c89f3b71e99b2f689204a2053

Download Submit
C:\Program Files\DubbingAI\image\7741191f9c2086257ad96a2b541c0b22

Filesize
29KB

MD5
702d2efe97180eefea0ad6ae2419a1f6

SHA1
4ebf28c70e1c5c239498296dd598276747d008f6

SHA256
cbfa409f1699cc86c653390af17956a97f0164646243419ef3e5b45da463c55b

SHA512
b06fac1c93e50b1fbb0d130df96b6a89c2a92d88236c941cc4556eb1a151425407fa8bea8b5be8efb72dfe96f82e3eadf0437e031345a404c4e580d88d0c37dc

Download Submit
C:\Program Files\DubbingAI\image\800dbca1847d2e25a75b39be1c2aef27

Filesize
1KB

MD5
b4437bdf1a0603934f207a026fd21bf7

SHA1
6bf792e3ad44c31b8a9bf396f19f31eb2a681c3b

SHA256
46de0e4dce083bdd356cab1cd18e7952a69e2bb57c9d2d58c51d5e10cb5f33eb

SHA512
20459b4b8b9c399f8ded277bc286173ed3ac89684f0746770e03a6e9a267f695b1a8b25269a5755034d5b9dbb624cf5865effc16f24d0a9de231a465eed1b4e3

Download Submit
C:\Program Files\DubbingAI\image\898a3abc8265cbd53bc140fb5599816c

Filesize
19KB

MD5
246e0060827e9fa68a7e37816c6a87d7

SHA1
79d619fc2fc6c7deb3ddb55f7ff980750f647a61

SHA256
e824f94069c5b6a467328d12d428f186d9dea1e625aaddab3071c07f03813366

SHA512
809361443ffe9fbdc830c7793fc2040c29d8a6316bf4c4adeb9b6008ebaed48195da4672317cca10fd54a3d78ff2b3de830c84a46d6b9b5a8e3d5dc33b972b5a

Download Submit
C:\Program Files\DubbingAI\image\8be0edfa3589a360ec95b890c6b24f74

Filesize
1KB

MD5
aeafc8ff427d3b8653152b46f422501c

SHA1
97fa3c549f9e290889a18c19c7ae75fc878da109

SHA256
57163f63418c46405957aac21cf41b37df0ef4551e7831757ecb4e060af20cdd

SHA512
e7902c0d988ecb8e0ae0a2482fc9804cfa59f6829b9a6878a7eea971087c76a278d3ca74910edea5e86cb8f86fc02d3d8381704bf640118b82865232132b6372

Download Submit
C:\Program Files\DubbingAI\image\a01cf1fa41193b015f13096570ca4e0b

Filesize
1KB

MD5
417de7206f8e84355645c2787c0cf668

SHA1
24aa8b8584797148ac7de8231dda38e12803348e

SHA256
d08d1b2f1dc301ca312fe2037642be0aabba831759326dd18d49acb82ee4aae3

SHA512
0b167c11837a47252c12c115c52555cb15b7be2e23e716ef32be9c3b159df6e13372d0db7789083f49a1148f5cb867d203cf2ee3b48ff1819c9715a3b3c06bdb

Download Submit
C:\Program Files\DubbingAI\image\a84800358e5c802a575cbf7c03eaff51

Filesize
15KB

MD5
1098560cf4f966ce2755b4f7c21f4cf1

SHA1
e42eb7d5d0004266a564710515a276cd9a72c9cd

SHA256
6bee49f45f52a1538915f12f9d3e8d4435b4c38b5f06867295a81bf3fc4b23f0

SHA512
f3a1758479ef5b63eaf5a40c240a716cf79e86c1a86731cf82af349d3599042f8ce4c0d1b5981c42a881bd57a8b94d3e8f77a6606c0e85dd61d609ad10d2aa85

Download Submit
C:\Program Files\DubbingAI\image\ad33165d6103e0e8b380f128a79b81a5

Filesize
21KB

MD5
fbd4842408ed756aa846d47b0ced75b4

SHA1
f03a792201562ee1383d44f9996fb38363367f85

SHA256
a2f843f12b4782762c3bde42ce212df2acaf13bf3abdf789e7f3eff6a5d3bf98

SHA512
bfc6ae7b996802736e79d835dbfc42a40b9d233f281f4e62808d5609a3b2e07fd182e07ef1827ac3beb2e3fee007fcebf9818db8415a524199348b6d240738bc

Download Submit
C:\Program Files\DubbingAI\image\b1ba724b0fb1bc172b5298122d8a2452

Filesize
27KB

MD5
9763590b71cd34c06e6ece890ec1fd55

SHA1
fefb8fb9acb8a5faa12152703f1d3fa93e8d0882

SHA256
0e1e3947046268574e09c8b3ce323b9f8b8fbb39419f9f9a3079efe03526ad08

SHA512
1863731a3381d2410809b9f630a29fda4e57dcfb23330531b7da1623908f901a98ca5b28e0d1d95466a11e401ed0d848906097c568a266994c97aa4c485b340e

Download Submit
C:\Program Files\DubbingAI\image\bc45bc9cab6271f0d3323f33ea9dce0a

Filesize
22KB

MD5
36d8074e253a1ab4581469ad98b5d252

SHA1
ea70c7b9a3074935d4923ce05c677456e95e7c20

SHA256
18c3bb40761cda28988fcdf3b3756504aaf1600984d93162bf07ec99c2b791e0

SHA512
df678a05ab1aa4c6e89675bed84f86eba56ff7d4516be301a1c9625686c39837dc39296bdf843f8be5d821504b71cbc48cce8551e77b6e9555a8d7e8c19c9558

Download Submit
C:\Program Files\DubbingAI\image\c11885e653b69b961dfa4bff35df9133

Filesize
2KB

MD5
8dc29fbc48bb4439b5678f1c2e4ec407

SHA1
bb4196b4afa401be7bac2a0a245584fb71691dfa

SHA256
425b488adb923d410287c3aa63e0f1645644e514b243784aec1555f875ddb5d4

SHA512
d9e10a5d0714202206031be0ac3ada59c229050e4fc655052b6e1b2b66258d6651101e1b6931d82b3f8c0bc1c23f3eb3398f865c1a51b583e6c696d1bcd1db01

Download Submit
C:\Program Files\DubbingAI\image\c44608e2fc629b9ceed6d25042b688c8

Filesize
22KB

MD5
e130795edac87f511b5acac0514ccdf0

SHA1
047897c23aaf526d0e95080cbd264d672506c1d2

SHA256
4ae2d307377d0104e6c8bf634f09a37a610d43acfbf708ded051824e1e2cf326

SHA512
762078effa498cefc0fc4a56a865c84c04f6cfacc36a0d7b0af8a773ac4ccf694b5ebb9fce05ff990fc5cf7e58c25222e5688225e4e8b930546554ca6b19bc90

Download Submit
C:\Program Files\DubbingAI\image\c726894ec81ea9efe9732647949589c8

Filesize
23KB

MD5
5fd45dd715ed9fd8d3ebab025ab392f1

SHA1
fd53e3a9f43fe0abf52f5aaab76463ad0ccc9f68

SHA256
1105927a785d94688001db4873fd990db432bb58d508066ffa59e6392364db20

SHA512
9e4447d1541bb4523d8980c54886bbcf7e2486d89e31803c720314f2d3de46749d5ee7a31653a322d2840ba470a5b6d571e86dbb0d37976ddbcf8b9c5e3cddb6

Download Submit
C:\Program Files\DubbingAI\image\cbb598b50cc8ef06e80095dd92cb7a98

Filesize
1KB

MD5
f8fecb6e7c8ee6536c27d89bb6151808

SHA1
ad6b6f521b178cd8a801b30e62a01cd1fbdfb009

SHA256
3f3db057299f3565fadd752d14c706e46c54dd201234e4966a6941f37cabd587

SHA512
adaa07b77f8bfe9d8a8357618c2b2b59071a12bf9a0218e25253f5c5ca54afe99bb9bdc958fe75eef672970e4c7b8f7eef96198b0b7b518167613b85a56eaca5

Download Submit
C:\Program Files\DubbingAI\image\cd30bdc192c99aaeae058eb25d0967c1

Filesize
24KB

MD5
520879ac4c479bd23857be2d10ae8d51

SHA1
2e1a1e2595adedbbde24e8945d40a8114e2520ac

SHA256
2c6a91efd180d05a281482e195afe898abf17dde8ea7672e371f9a548a965e76

SHA512
6fd3431d53bdfa2588376748c3e2bd04e887da78a68899034c67466063aa04bf5ec270efec62cfe76188bc6d410affac491984a0b5f94e17df43ec81e7c7b50d

Download Submit
C:\Program Files\DubbingAI\image\cd727e0b00d546de2382520d943f51b0

Filesize
32KB

MD5
512ca15c63965c578ffc11eae895fe58

SHA1
fb986160728f4a4e5b77d32ba5437796df913e63

SHA256
6cff3dbb404112d0a06135872c4d866ba230c08857f55ee1e292eac55d5ec52c

SHA512
582f425ab03c1eccde80f3788c4bb93e16552cd204fc6f345f8e13e3cb083bdc64fcd26efdcadfc066467306dcb47253460a0cae87c5468a8cd20d833947ff50

Download Submit
C:\Program Files\DubbingAI\image\cdb5e27d937a463d4fcd5627daad47be

Filesize
22KB

MD5
26585ddc6763182cc6def3de39cae299

SHA1
b4e5d1a20a519d00f6e6b86473e90a34bd1cd8c0

SHA256
cfdac5806a9910ba3f75db29d68ceb760eb8f9eb3111c80d49779e0b2a9ec606

SHA512
9d7e85bdb45e5b29fb7e896ea44a47b5ab5ce6801554d42ef862cd62e2d40c1fc79880a539f754daa9b7af8d8ad85c1b752b193aefee50621b0c15f196d174cf

Download Submit
C:\Program Files\DubbingAI\image\cf5068e88c12162980533946fda92ac3

Filesize
21KB

MD5
85650e0b51c77ababd08a85397da8faf

SHA1
8a6b76b372042b986641b8ecb24c94bd1b8d24d0

SHA256
b69ba7c60022f0ab6ec729748c3e1dd211fd7e8ce2060d8d00441188a2415154

SHA512
0c464cbcb76680e3825c9e7ccbebf15a7f49acf02f16f0b2e3da11abbd62e06ae4c0b51d0ff864fa34bdb869147765ce527d5816fb5466cb8dd25cd984372fa2

Download Submit
C:\Program Files\DubbingAI\image\d0f855895f86be7dd0b48764f5958f95

Filesize
27KB

MD5
e21c949a59a49e212dc706001a7d5cf0

SHA1
e871657e2ccf76c0c52940182288ee831b575cf8

SHA256
8940c348884d94635833949279ef2d1eab6dd1d90c3e88e5ba96283f1a7c5948

SHA512
47c811b3ce6541b59aa4009f2d775edda1897203d41082ca03174e8faf3b35908e2ebe307a5d06f1aa935ff3ab9d974da363d7b7e1e13eb96ba829b9a3606575

Download Submit
C:\Program Files\DubbingAI\image\d2ad093897e4a4239927a13afc4801af

Filesize
15KB

MD5
45d1d6bd5c5164c94b0101f72d726a3b

SHA1
2c72d8dbd5e0ba2df3baa2f19e4265d7365efa73

SHA256
7170ff49dd4196300edcc2a0fdd84dff9578c98700fcf254f15ef4e421c5d1d1

SHA512
f06a6c803dc63d6b3d58c2a98295a7047a899702506b283162c1b98e31ca156f433a67281994969cfd27d7fe8bc1715773f55fcfff137b10b464db264174ddd5

Download Submit
C:\Program Files\DubbingAI\image\d39c8ccd1f438adf3a8c746bc612638c

Filesize
2KB

MD5
1e9b65a5419094eaccdb4cb7820c3cac

SHA1
72ca047f3a9563903f6a411654c28fe81dfdc7a5

SHA256
a2a83f5e5838e152de1c143d5dd241d3d7ee9fa54255b121125f49d981b456b2

SHA512
300fb152d5481256b5c2a2bd21f202a2139455d8eadf4c03da9ebc5a3a1ae1ef40984c194d653386ed9454c3a8993e4ca262ac2b37c388c68b21a2acb1a88028

Download Submit
C:\Program Files\DubbingAI\image\d5c6d617cefd5a37cddad3c65cc9f8b6

Filesize
24KB

MD5
486b0c07e12d8b16401139e9c4f54201

SHA1
b5972d3f8962f66c886c8d2d8bdd5c378191d582

SHA256
6c3ea64f81b80c74f22f01a4afe7b2e33f672f059cf2a7c05a72c924caa44e83

SHA512
30e81b35f4de7444af4695ca98ba6b55fe89dc54cbd5ed53b201e596e814ca4f59454aee0a5c3c7bdb3b069b821b9e4405e755a2866b45eb79502c98c2a4a55c

Download Submit
C:\Program Files\DubbingAI\image\df8cb8eefafd7ff8464f7e8370c40d12

Filesize
18KB

MD5
6bbb630a776c2234286bb5c27038f28b

SHA1
f0a02fe4414f08764ad3154886dac1d0d1d103b0

SHA256
0fcd0e3740f929c9cbadb4a95378e693d20ac4852f1d532f5f00af891084ebdc

SHA512
dece99054353d5d7f5910407a61381c4a0d279ba995712e03e7f58aad1e4edf9bc4f446d66344192c960bd618a0675ab8c84f6ac956923f9b58be2a48973b51c

Download Submit
C:\Program Files\DubbingAI\image\e2b602f2d5e9e50d6ba1d3fd5a286a7b

Filesize
23KB

MD5
9e3290b5bec7d0415d94bf9a0b284296

SHA1
99fd3ab7c48a6018a2c26a587d70cb358117960b

SHA256
76448259dd67e328688f788f51e4587cd7a6d3535ff6fa95deb863dbce7a8b29

SHA512
a35be2577ef0b218188d092f4c4b2e28fff24c96891baf08cbe0711f1db2eaaa848e4284665c3a951d842a41fb94ba15c79eba0c6251dd9b85b5047ff0231bc4

Download Submit
C:\Program Files\DubbingAI\image\e505c7d6ab801eaa528abfe8b86a6206

Filesize
23KB

MD5
8eff9bbb8701a8b8cf011ee9fad47f58

SHA1
3871cfc87b5fc8d45886893e1d109c1d0d267894

SHA256
53b07323998d0a6902aee4e28e22e99f4e279b1cfd45bc57814ed764ae7018a9

SHA512
c3bf00bc3d0f2717e52cf0956359a75572ab6c5ab4c2bd1d56545ecdd3e237c8d223c2395205a4cedb962007ea7dc152181b90b1a72432c356898fec2be0fd0b

Download Submit
C:\Program Files\DubbingAI\image\f046f7f0287829f5de83e20dbf9cf8a2

Filesize
2KB

MD5
e1a50089193ae18496d81f2e9aef0b1e

SHA1
5417728e25ab8c30f7d730a73cc2021e86754b71

SHA256
1564755d7ff9c1b87d72129f60c6247d43ac1fbdfba0aa497f41aa5b0e884f9d

SHA512
f172eddeb48e50fc30dbc775f9c506b19b2f1b5b20a5d2270dfa67727175782b07803297215b31519bfb55d24374537d3862a5f61aac8a70b2127765b3159ebe

Download Submit
C:\Program Files\DubbingAI\image\f88c88e42f4e4a3d091b3290204bd3b6

Filesize
20KB

MD5
c045e64da5ca91bd0846bf5ebb224751

SHA1
0492d81e3c4652383db2f2cf4d7e91ae37780c83

SHA256
5e1e80b7eb07badce9c0ff35596a37aded5426abaf986c891aca3ae90ce51766

SHA512
355ff152092c4a6f46700acec0a8b1c6e2147494cdd9af310035c0b19dc26d8d2f859528f69a392465d2b80c7eb1a2c1b98e6cdd609aa5d47d9ddadc376c16ec

Download Submit
C:\Program Files\DubbingAI\libagora_audio_processing.dll

Filesize
9.8MB

MD5
934eb15b076f39cd5e0a4563d4c26070

SHA1
e8a1a75400e49ddb087e6d63236d853a3c3a4e64

SHA256
867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29

SHA512
19ef605f0364fd2bee08adfef0d69a124c5a4d58faef7f915feff49d2314929e8a6f5defefd4035ea3195d07cbc9f4214542e4c6300a27e4d4e5d6d9df94aeda

Download Submit
C:\Program Files\DubbingAI\libcurl.dll

Filesize
369KB

MD5
79da7507ead61b2b6cd2060a2ffaaa5d

SHA1
bd6aa8c56c3bba171a23d14db6e5cb60d014ad57

SHA256
aeed15aa1949050d0c2bd3b9d2d7f0af8dd2cb544ab0b7efec070da533db5a1d

SHA512
26b8d4d35c1c308b28d7447777e14acde4edbfda8c441cc89bb53b0e386e2e083d0670839324e00eea96618b0e31df2f851cedb19b63a4c2360fa938d11183e9

Download Submit
C:\Program Files\DubbingAI\libsamplerate-0.dll

Filesize
1.4MB

MD5
a3152f39f57ad9419e24978073de8f88

SHA1
5b1428bfd1a5de018d43e3f3925d2750f326ed4a

SHA256
c395fa20bb73ea23ff0b1a796b6c067cfa547e51fbedcf837b86578867d96325

SHA512
ad797813e5b4153280e39c18751756010cf00c8a05b7efb24aa28e4a3a64e6e56dbbbe665555fb17c43696b6d495f6c2bcd24e5e87d285d0430e62ea34e601c6

Download Submit
C:\Program Files\DubbingAI\logInfo2024_11_20_05_38_46_447.log

Filesize
1KB

MD5
23fcb254da679800c34e1ad5dc14ee8e

SHA1
aed9eae9ca157d13577abe38bbd6d4fcb1800438

SHA256
769cf10a4ace5bcb13284ac5ba80325cb506b2cdd2d9f55185a11c1f8d978b96

SHA512
4b4b043ea46f2c9ba398cfa6ef2281a2e6180d6ed134b0eb79c0a1339f55ac74e9d3f7ffe125a81bdb2b18deaf10b6273054aea73773fcd378d498736fbbe86b

Download Submit
C:\Program Files\DubbingAI\logInfo2024_11_20_05_38_46_447.log

Filesize
2KB

MD5
5238417f0f2bdd6f890944999c6b9156

SHA1
631dce876d8423bb92aff902571f50ceac075085

SHA256
a5b2843776b731be2034ef54fff13ae5da4b335bd99900ed65881c10448425bc

SHA512
77956414cf0f28c5c2917c46607a79ead0da3de0a1967ccb1e1bc4ad33b8155ed2eee32f3df09049dc62f52dba957a1f5e6325debe93f4e945b1c2650257ee71

Download Submit
C:\Program Files\DubbingAI\logInfo2024_11_20_05_38_46_447.log

Filesize
3KB

MD5
b070e6ede28feedcb7af9363499befa8

SHA1
5c67535d8d6b53a7b0116205fb694bb1172575e1

SHA256
1e24fadc4bb3a5232278dffe8697dbbb0cbc75db528d62029890c14811dc7cd5

SHA512
8ca6dc5ae1da552688871d3502c784cec4602330027fdde421db331e9428fe3259a7155cacaac55279a3d4d34fa6e9acf6149319c0e01df950d66386b4bafcc6

Download Submit
C:\Program Files\DubbingAI\logInfo2024_11_20_05_38_46_447.log

Filesize
4KB

MD5
59f8eabbe2d3e645fb84a9d167233889

SHA1
e6530f08c6f994b88769da03687e3c0c230e41d6

SHA256
ac89176d2614412b99fdd0fcc5121ff20bf5a3cfb7ffdbd7488abad4a8145738

SHA512
6c501c61cf733f22457cbaf63abbc405f8d9813fdc49b383421a3e418b5fb3fe2f8cce88fa26d08c16f9d1831d19423710ae333fe53bde1d5de91ee1cfc76df8

Download Submit
C:\Program Files\DubbingAI\msvcp140.dll

Filesize
555KB

MD5
0d9ffc3f4d6a9e762282891c7b4c61e1

SHA1
15468bd1183b091b92f9e9a3bd352c0562b5b9a3

SHA256
b2bd81e9ae5cf2714c8a245428ef22fa5eab3e3b92a926ef395e1f3733939e25

SHA512
9d8529f9f043196b101a2bd3c9d13a5b8b9e09bc827f5afdd86894998ca1463fc8f74fea66c5b33498b2685294c2f90c75ce9efd77f7bccf19337ebd37ea413e

Download Submit
C:\Program Files\DubbingAI\res\drawable\activity\is-B5O96.tmp

Filesize
746KB

MD5
7ea8e439ef714dade7e00c1aefc313e7

SHA1
c4a7e150e5ffb5aefca59147181e0c472a266e46

SHA256
91afd6efa3185d9d3db776bef4979cec4be6841b3e0079b7f1e3ab466d57a9dd

SHA512
81758102715adade0d596ab0c32d341cedde3ab799c478637b2c8ea4261a7b52386be8fe2dac844ca95c72b72305ec85f6d1890ee38dd2586306c5412d82bc36

Download Submit
C:\Program Files\DubbingAI\vcruntime140.dll

Filesize
96KB

MD5
882da7657405a220fa53d14d663bb216

SHA1
aba49ae69d6c5622ff0598de541aa4d126a4a16c

SHA256
e808fc3824026ba2216c89d3eec46c8202d5eef8d47f797b4f0e7ffa4644cce2

SHA512
833d5fded349da03eff8b20bbdfffc39acf79fb813f506956e28ca064247e5cc2b0ec959f7133ea89448d2ba06d3baad7cb1f64ece37b1cdce52b69bf898c966

Download Submit
C:\Program Files\DubbingAI\vcruntime140_1.dll

Filesize
36KB

MD5
ac5f3720519c641e361ee6ec12d1775a

SHA1
74634eb85c3eadfefe7bcd4520526eca266a2990

SHA256
07ac39c0043a84bd55acab926e84068a24f7824376037da8e75535c2ca7b0c01

SHA512
a024329a567c92bd3f018f9389a6f5043d7194bc26fc7569c3519208697cd84570e0e6f94c4ae34e7ce0e3bc3d26503351493127bd5aa727dd9b1eb2d84f996f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
814ce11c89bc8151dd5455dc08a451c4

SHA1
154cb200a319832415e03abb4ccff51823eef55b

SHA256
05f7ee8928fd1ef2c362d3bd0074559ab5ff9e7f6a50f85e9d298b43d2986ebd

SHA512
dea5de9fd9f51ccbc89d5960fd8f8137b1d8fbead40052adbfd9020b48d3cc1004478486de33a2f4a0070af2f05f20775b982dfd5556826cdb223ae54999e5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
827e4f76acb04a1ff3ffd3515bb2df44

SHA1
3010999ffeff94e10747681fa906a3cebd958e14

SHA256
aab3a60a0ff260a33ba238058d1b23c9dd29c0e37224099be433f6da8ccc6d3a

SHA512
a5753b90deb725974aa5ed45bfeedec3be2e79255acaf920409086140f60277df7981b859cc3cef66582c344a746aaffb1b7b06b09bf0092479e13beb2bc3ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8e0aa26de7a77708f3b916e02be5071

SHA1
1518f196187840760ab5f50e1a14bb2f4eca4ab8

SHA256
f8c0d0049f6b554b4357c31ae0bfcaac449c1e7e477b4c216029f80435ebf278

SHA512
76e6620423f56a328aac0a7371a3db89815ca7add2fbc5114d830f618af434d215046c51a2e3b3b4b048f05886a5013dba9deffb6b96a085577068a8586c5015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
70ade0b0668024c963ca53c9caaf37df

SHA1
9fd41774cbaac24d4fd29a4c7c2e529c94020611

SHA256
bfa9758b0b5291825108e3195a6b369905e875e83471d0945ea43f8c425de2e1

SHA512
10d9ca999d9894fdefdb7db54c707e4f832ff7f360418246b01d7909ea0c260c55a06c1372e47a6ef8daa99bff53ca96f05aee195ae502fdce5dbaf654b3bd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9cef88a1f5635252fd6a837780595a33

SHA1
54f08273bf70157ccbcb29bd0ca415e229a9d955

SHA256
0d4353fc446250e3d26d986be3a9d1c1d67538c750520b3413a13b26831af489

SHA512
7018264d7f9725c6f1013856697267efe2feab5afc82bcc73ee07cc3c9ecb61718ff899e87643aa1f70d1dbf89cce7a87e96a160a5cdfacacaf105f98183d9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580db7.TMP

Filesize
48B

MD5
44cb9fffd74298ffa44c4e9bd8eb939b

SHA1
44589efeecb07cc3e98e95b7fcb37deb3f10593d

SHA256
1feea1ee92258e8dae7f8fc367cfc121484f3480057457faeabbbbe715731dbf

SHA512
c3847a8d7a2415589f458ddbea871ffad49cf34b8bcb6a82788ee2c5c06f66d5d1ef3de4226f84edd093df9d7465bbc6e246de60df8f00a015a870fc9a150bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c5fd05fbdb634bcfd43f06691ff73e9

SHA1
858cc6b337b37d20a22b955fe0ad48811fca1444

SHA256
56bca5dc2db81a86b29384e66222f210b1c87b427c5c375307abd27d482dce55

SHA512
5cc04ca1a6dbc1f66646b21911547c866450efa35adef7f1d793ecad0776addb10ebfc6a42f8a4e7039c7049ee28caa31273444a98c2c2e590399f4b8d03547c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f2061366e3fee7c387b1631fd8d249f

SHA1
ae448ff194fbd582d180cf3165dabc1ba6ce1549

SHA256
86da9b865594b9182ce8a5f41bad2213917838fa556b24480c2bb8075282af5d

SHA512
e4eddff77a1af7f561246ab0030dfdbe1773e8113918503d5187aec55a5484c6fa8b147a1c57623e5bf199cfcabbc12769ca6b26c9040b9958a70f7806ae8e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a0f5d1401d7ecfacdf88b651e1d0f4e

SHA1
a8d08cb44e07eef51187b827877ad083d2874044

SHA256
3c75ccf6f96f87bd0e1bc63044fe1bf0effb6df2bbffb7f80e305a1f352d5cdc

SHA512
051275840e43df27ee810cc52b37b051276bdd92db71092113507f60c3a2e8024885cec64c10bf31b0a82b3866f0c8b1616778c45e90fb6aa840effdc706aac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7CDS3.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q9A4C.tmp\DubbingAI_v1.6.6_11121909_Release_C_Setup.tmp

Filesize
3.1MB

MD5
864a2dca58f9c1e4069d876493a19c6a

SHA1
83898cd0e2578d4e4b7a536a6dfef23f71c99901

SHA256
632b446e3df75e386701b2c8a03640b2b491c6b1a37235e7a79d697831bbda00

SHA512
fcba9ed033601e406d9b80121c73702195fcc458e8e26b90a6895931b2a7e46e6c3aea1c09b0b500cc9102f18e62f3c90aacfdbcd2f433b0304698d70eb45e91

Download Submit
C:\Windows\Fonts\SourceSans3-Regular.ttf

Filesize
421KB

MD5
c056d313af09e05a5912778e0834bece

SHA1
f63b2573a8d85c28fbe8fc15d732e88b381faa4c

SHA256
4644c81b86ec9caaa76b634889968ed3c4f4f52f054855933acc7c2b21e53b0f

SHA512
4cfe3f262c5fd33405af5ab3dd315e291738088f569cd5bd99946dd3c9959e95898f5f1c6f6c7d23494a9b013d5475c8c954686abd560870f3339881cd158318

Download Submit
C:\Windows\System32\sysdbdn

Filesize
68B

MD5
b16753bdb14cc201d1c053792119a59d

SHA1
0a10faee94b80a20383d67bfb427474730724990

SHA256
aa356116ae7c36d3cfb145fb3044bdcac22f1a094fe8033fc5c144965dad9efd

SHA512
e7e949e56155c5f3843fc3b3c1235355fd7946da31fde96fd5f86c312aecf5f0f4821caea3d32ca8a80785ac584f3eaef2171ecfa4e5ddc745c55cf9f0667df8

Download Submit
\??\c:\PROGRA~1\DUBBIN~1\AUDIOM~1\AUDIOM~1.SYS

Filesize
60KB

MD5
52d2a437987ad25f2089ab0ab72f05f5

SHA1
3bf5aef0a7b31ab8da46174a0ede8d52384d629b

SHA256
9ccc1546f7df007944af1fe77e1a7769b3b692167e065af53b0c6fa43c180490

SHA512
7a3eea971aaa250997aa0a7fc7201908f16dcd58f355c9781d31a5b96cd949a71b5f8b0f9d185ef2c4121c953229f767a649363cdaf25bb17eb51c29cfa2f119

Download Submit
\??\c:\program files\dubbingai\audiomirror\AudioMirror.cat

Filesize
11KB

MD5
8caa25db0b3e09c258435159ddb11123

SHA1
1419fddd79cf5adf908c19019d6d82875026bed9

SHA256
a7c19e8213d87f5949a4db449798997a71c3ffeca600618c607e8aac9c787814

SHA512
ea2c3fdab25fd6a69dff7f44d5aa5df39ed62108eba27b68fd4e9c2b570b851f20c4b6100626b06f30e78fbde6f242385fb4d3c48e5bfec275c871aebf3a1fd3

Download Submit
memory/5636-5207-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5217-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5208-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5238-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5240-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5965-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5311-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5244-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5237-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5964-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5885-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5224-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5209-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5245-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5210-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5886-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5223-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5646-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5647-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5212-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5810-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5221-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5811-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5213-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5211-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5285-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5312-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5219-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5239-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5636-5286-0x00007FFD29890000-0x00007FFD2A2D7000-memory.dmp

Filesize
10.3MB

Download
memory/5636-5218-0x00007FFD2AEB0000-0x00007FFD2B855000-memory.dmp

Filesize
9.6MB

Download
memory/5648-5220-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/5648-181-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/5648-146-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/5756-5216-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/5756-2545-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/5756-5165-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/5756-182-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/5756-5206-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download