256df56d3a1f3b8a4e375071d27e9edd30f48de2e1a59d8ae08919172b205236

Analysis

max time kernel
47s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20241007-uk
resource tags

arch:x64arch:x86image:win10v2004-20241007-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
21/11/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

possibly malware/klmcp.exe
Size

19.1MB
MD5

0a2ca34cb4107331c84106593c95dbd0
SHA1

fe553065040b0175dc5ba23205a0415ea320f858
SHA256

3d0a23d9564d7234c42bd437af57539b6e20728d8d906b872b7f9ab974887481
SHA512

4d2fc0d6acb542afb01986f800c77eac2756822c38973acca27ba346d7ece95a1e9d8852c61245f941aa405d4025902b79a37cb0e4e22f961fd41d1318f9e7a1
SSDEEP

393216:1E/h/ZTb0njlxPU5qXWAqCcvcAPEoV8ROsM8TofqkVkaU9Yy4A4:mhBELPU5cWBCcvcA2sgekaIY5F

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral20/files/0x0007000000023cc1-598.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
3700	klmcp.tmp

Loads dropped DLL 7 IoCs

pid	Process
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 18 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\is-1V5CU.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-0DJ8D.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-0TFPI.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-7VI01.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-AGLA3.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-OEQFK.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-K8TIL.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-5S41G.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-24LA2.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-BH7E0.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-OCQHI.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-4217J.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-PQIJ1.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-Q4GDV.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-DFBGF.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-57HRB.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-UQD0F.tmp	klmcp.tmp
File created	C:\Windows\SysWOW64\is-2B969.tmp	klmcp.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral20/memory/2332-599-0x0000000000400000-0x0000000000476000-memory.dmp	upx
behavioral20/files/0x0007000000023cc1-598.dat	upx
behavioral20/files/0x0007000000023cc1-597.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\is-29DEF.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\languages\is-DG9QR.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-OUV55.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\is-JGFBO.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Common\is-EFP0P.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-66BTK.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Icons\is-GVQOT.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\is-27E3P.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\gspot\is-37SNN.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\is-CA8T5.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-9LDKH.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\XvidQuantMatrices\is-LINHD.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\is-5GS9A.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-OLD6O.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-1LFHA.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\languages\is-0PETU.tmp	klmcp.tmp
File created	C:\Program Files\Google\Chrome\Application\plugins\is-O69CD.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\custom matrices\is-4KI0F.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\XvidQuantMatrices\is-N83NI.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\is-EN81G.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\is-7SQUM.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\custom matrices\is-CNMHI.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\is-LTFFG.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\languages\is-KKENV.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\languages\is-BA1S0.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\languages\is-H9566.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\is-6I8SH.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\XvidQuantMatrices\is-L5M9R.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\is-KH9UM.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-0A34C.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-T22VE.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\XvidQuantMatrices\is-NVQOG.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Browser\Components\is-U4RDG.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\is-0VI6V.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\is-46S2I.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-ISOBO.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-83RD4.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\languages\is-IIRI4.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\is-AJ78E.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Info\is-LQ56A.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\is-KPRDO.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\is-CGM9L.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\is-CSBEV.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-URS0K.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Rpplugins\is-0FAO1.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\is-EAAAQ.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Common\is-ICBM3.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Common\is-AGVCC.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-B0F49.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-QCE15.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-M4SGF.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-9SD9L.tmp	klmcp.tmp
File created	C:\Program Files\Google\Chrome\Application\plugins\is-GVQCV.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\XvidQuantMatrices\is-74622.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\XvidQuantMatrices\is-TO3L4.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Filters\is-1UGEU.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Tools\is-8863K.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\is-OD5I8.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\is-QQKSB.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-9L4PV.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-4CNTD.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\is-54644.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\is-CHR4S.tmp	klmcp.tmp
File created	C:\Program Files (x86)\K-Lite Codec Pack\Real\Plugins\is-LAG47.tmp	klmcp.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\is-2HJF1.tmp	klmcp.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	klmcp.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	klmcp.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.divx\shell\enqueue	klmcp.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.ts\KLCP.bak = "VLC.ts"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rm\shell	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.smi\shell\enqueue\ = "Add to MPC Playlist"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.avi\shell	klmcp.tmp
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.divx	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.tta\Source Filter = "{ABE7B1D9-4B3E-4ACD-A0D1-92611D3A4492}"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mpe\shell\enqueue\command	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.alac	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mkv\shell\open	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.ram	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rmm	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mp2v\shell\enqueue	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.m2v\DefaultIcon	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.ram\PreviousRegistration = "VLC.ram"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.ram\shell	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rp\ = "RealMedia File"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rv\shell\enqueue\command	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mpeg\shell\open\command\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" \"%1\""	klmcp.tmp
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.3gpp	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.3gp2\DefaultIcon\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mpciconlib.dll\",6"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mplayerc.exe\SupportedTypes\.ifo	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mplayerc.exe\SupportedTypes\.hdmov	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.hdmov\DefaultIcon\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mpciconlib.dll\",27"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.m2t\shell\open\command	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.m2ts\shell\enqueue\command	klmcp.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.mts\ = "mplayerc.mts"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mov\shell\enqueue\ = "Add to MPC Playlist"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rp\shell\enqueue\ = "Add to MPC Playlist"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mplayerc.exe\SupportedTypes\.wmv	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mpg\shell\enqueue\ = "Add to MPC Playlist"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.asf\shell\open\command\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" \"%1\""	klmcp.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.divx\ = "mplayerc.divx"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.asf\shell\open	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.ogm\shell\enqueue\ = "Add to MPC Playlist"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mp4\shell\open\command	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.avi\shell\open\command\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" \"%1\""	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.divx\shell\open\command\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" \"%1\""	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.hdmov\ = "mplayerc.hdmov"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.m2ts\shell\open\command\ = "\"C:\\Program Files (x86)\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" \"%1\""	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mov\PreviousRegistration = "VLC.mov"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.divx\shell\open	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mp2v\shell\open\command	klmcp.tmp
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.ogv	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mkv\shell\enqueue	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mp4	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.m2ts\shell	klmcp.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.m2ts\ = "mplayerc.m2ts"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mts\shell\enqueue	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mpg\shell\open\command	klmcp.tmp
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\.mpe	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.aac\Source Filter = "{ABE7B1D9-4B3E-4ACD-A0D1-92611D3A4492}"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rmm\ = "RealMedia File"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rt\ = "mplayerc.rt"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.smi\shell\open	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{49952F4C-3EDC-4A9B-8906-1DE02A3D4BC2}\4 = "0,2,,0000,4,4,,66747970"	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.m1v\shell\enqueue\ = "Add to MPC Playlist"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rm\DefaultIcon	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.rmm\DefaultIcon	klmcp.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.smi\ = "RealMedia File"	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.3gp\shell\enqueue\command	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.3gpp\shell\open\command	klmcp.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mplayerc.mkv	klmcp.tmp

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp
3700	klmcp.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 3700	4012	klmcp.exe	82
PID 4012 wrote to memory of 3700	4012	klmcp.exe	82
PID 4012 wrote to memory of 3700	4012	klmcp.exe	82

C:\Users\Admin\AppData\Local\Temp\possibly malware\klmcp.exe
"C:\Users\Admin\AppData\Local\Temp\possibly malware\klmcp.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Users\Admin\AppData\Local\Temp\is-AE1FA.tmp\klmcp.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AE1FA.tmp\klmcp.tmp" /SL5="$90070,19634072,191488,C:\Users\Admin\AppData\Local\Temp\possibly malware\klmcp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax"
    3⤵
    PID:5036
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp6dec.ax"
    3⤵
    PID:4508
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp7dec.ax"
    3⤵
    PID:5060
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ac3filter.ax"
    3⤵
    PID:3008
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ac3file.ax"
    3⤵
    PID:4904
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmamr.ax"
    3⤵
    PID:3904
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdmx.ax"
    3⤵
    PID:436
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdec.ax"
    3⤵
    PID:4680
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\CoreVorbis.ax"
    3⤵
    PID:4520
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\WavPackDSDecoder.ax"
    3⤵
    PID:2584
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax"
    3⤵
    PID:4016
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\madFlac.ax"
    3⤵
    PID:116
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\MonkeySource.ax"
    3⤵
    PID:2332
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\FLVSplitter.ax"
    3⤵
    PID:4736
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\MP4Splitter.ax"
    3⤵
    PID:2908
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\OggSplitter.ax"
    3⤵
    PID:896
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\avisplitter.ax"
    3⤵
    PID:3184
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll"
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mp4.dll"
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\ts.dll"
    3⤵
    PID:2740
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax"
    3⤵
    PID:1952
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\dxr.dll"
    3⤵
    PID:3932
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll"
    3⤵
    PID:428
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Real\RealMediaSplitter.ax"
    3⤵
    PID:1936
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\rmoc3260.dll"
    3⤵
    PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\K-Lite Codec Pack\Filters\CoreVorbis.ax

Filesize
340KB

MD5
734c8cbaf43180a90d28cb650b2d4c67

SHA1
252eb2a34539c185ce9e57c7efb1c17472dad28a

SHA256
dde7f5480a669f32fd7aa1a5e250bb05859df959276cc1ae1443d8c3b590696d

SHA512
c354183472e69b7e45ba9e5837498a5a88b244bdec3d51495abc422284a03bbbeda34cdd2340ff18bcf8dddf13ff8a2875fb10ebe5c08942967f43a8221d8a23

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\FLVSplitter.ax

Filesize
92KB

MD5
0852f64f6025e5c9a5fac9f1260b5254

SHA1
c5e3ecfbf33485bca55f7fc12a582a30be9ddd3e

SHA256
5245be0abaaf48127d367786273df9500df285776481ec507617a50e849d4901

SHA512
eed929fb7746c57b37522ce8010004bd247c7135ac02b258dc4ca02aa787f6057e9c9e370a9355f8932a4a5e4f9eed1f26c0cdeb9043ea6a7d9428d4557bb457

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkunicode.dll

Filesize
23KB

MD5
48a2007cfe0ac7109b049711cd8878e9

SHA1
e9548af4d7111e200cdc99880135fd332ede6bb8

SHA256
ec67894a20661f57a7b4306c761e2448be8188c95ac6a87b6578c36c80a35058

SHA512
70b958b358007fa04737ea7644691790fd62d7b171aca3fc64647a4cf596d5413799cf5a84a59d1a533e572bf3111662b280f3da59f0dd2df7af0f599509df08

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll

Filesize
92KB

MD5
600f0a2f87f07afcc8d9cdb8ca145b9a

SHA1
53822fd410b8a7e29a6018c5b2d9ae6f1e119532

SHA256
61c9709a606e99837bc7d0e44f6ffe5bbedaa4c73657293ec2071a5329c96aca

SHA512
966dcf0920c4c48b10799f200cc017f4a5a7440678b5441e33e77be88f510f213862e667fa169581fbd4303e91871a98a4a9948008a5dbeed2ce624c1efac09f

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll

Filesize
145KB

MD5
32490c8e20f677996f29e0c61bccdb94

SHA1
d36ad22dcad316eb606537c790485590caec7430

SHA256
13d77ac8ec5b51f8486b01e0b9c8e681d42644a8e916a4330d4917fd0c267ad0

SHA512
061125f430c78b1a7a07d7bd7a2c6a22634d29e9f30caa03e63bf6e67b9aaeb17c180f4972e1d6571bab8881af2e714af8f294abd25635cc3fa27d6f8a5d2c6a

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkzlib.dll

Filesize
77KB

MD5
e370be10ab395ee71602eab9d107da6c

SHA1
824ad35c47af461ead6260b9720fec0b252b382b

SHA256
46150d8aff6f9d3dc5adf8085e6a8f0c7ee59070ad813c01f50bab94bac28cd9

SHA512
206229fa596ad7b207e63b4b42e62602f41587c5e0cbd7250301df78e5ae47f407e42d13743064fd8f50f6f70b9c1dd0a556200275f64644ad5549fd2e2f9fb1

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mp4.dll

Filesize
93KB

MD5
a20624d6af255fcad282db284f70f0d8

SHA1
ae93f24f5b2c4310c4cf988ff0ae479708e3351c

SHA256
96752fb7582680e498faf0894992f1a1202245f3ae8de8156b3fc09c391bea08

SHA512
244b5c03481176d6e0c8335323d4cabc72f630fc2623a5dfaa3ce91dee572452f2e1a84f2cc1a8541530c6706a8d5bb9691ab272fe8e6aeded7bb0b3ec6a97e9

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mp4.dll

Filesize
95KB

MD5
d489b1887f0831a5ec03ef5117920522

SHA1
a969779ff0cebb695ad52576d79d74d7d7d7b9fc

SHA256
35a8798856a5a966a63780dca83434a22eb8100f49afbdcc6a6cf2a8929a39ef

SHA512
b65f310056a8ed2ded7684c95d3bb7a4a369e06cb99aec88970d7299bd710ec8ead918ea530b0ca3b96feaa1678add03bec4e7a89a4283c492b8f6a98dd7e114

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\ts.dll

Filesize
160KB

MD5
1c93e5cfaf44133d11c61ae74842e400

SHA1
2e20abad1e446d69d10e281178db399c3685b6a8

SHA256
c2ebc7f4edb9acaedaef9f551e526b60d9b7693d802f0e933e9eb5bbd58a4adc

SHA512
164f0d17861e4f04cfe509022e5815d2719c63981da50ca35b47e6c09454310ee311a553378d6ac928cb84ff039ae85f9635fce5c38d2de7941f132a5373ac9e

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\ts.dll

Filesize
92KB

MD5
ba99d2e2697b09719d4f75ce94a7b537

SHA1
19be4483d6e184a77561712d2265b9bb6dfb4162

SHA256
07ef99850700b9e5e9f75480cf287ddf254820fc81b474d764a359ffd452cb8f

SHA512
dd8a658f5e8fbf051bcd398396b7460d233dbc60cf008ddb4f391d9ed683d9b9068a6d0031b598cc0bf4ccd2123b6fe78c13909181013996c68032651dc59999

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\MP4Splitter.ax

Filesize
411KB

MD5
7685a1a061054f8fda1dfa63f7c0d706

SHA1
cee0ed31c93a8e4a965f166d9945c6a8f42d7bd3

SHA256
6bf59d3a2db1e2b9b91e12b19c739c811e29ce377ab813c0ff1690cb4ebb8848

SHA512
1815aa33eafb89c17eafbca83d9262329e268d10bc5d45687fa9a51e965dc3d79ddec60283ca8bf388ee30b3d49b08458b8498d09ecd131be069d84d883455fd

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\MP4Splitter.ax

Filesize
455KB

MD5
4f6fda7842d73a11977fe188430ed90a

SHA1
92aa0ea7a575f1998c79efe49956450f1430a325

SHA256
683f0dfb7dd3e1f0f08590f34f634a05e344c9a6d124b20dea6a564030492ce6

SHA512
544df53b8060b799d077ca64551a1ee0422e63d01fc062e4e4117006699195b5b622a40d8a1025ac565cd0756abf6d8e4adc347067ce47be8bfb8d0c4b2de779

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\MonkeySource.ax

Filesize
92KB

MD5
6b236a547b3f67c9c077b82830c7a0f3

SHA1
1537a157fd528c0736a82f8998bda24999d69174

SHA256
e345d3e62106bddb1dcc13393bea104bfc1a3e50a897feaff8841e0bc5532bff

SHA512
862f7fa2d7c0297234391eb81d838ea85cb21f1de1ebbffa0405649b9e2609feb1bbd1993bc6cc69d410865986567acbbfb93be93e1246395af4927bc7106e48

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\MonkeySource.ax

Filesize
173KB

MD5
e14a141f614303c331cbdf38fc15b6cf

SHA1
65c9151792b9048777135c100d549fcecb49b810

SHA256
01f1840554c3207a2906865b071c0811d853e303d60b70144c181c01c5b230bc

SHA512
4b532a9217b2882e17bd373a9117396c94b4cf7638105f823859ac3cc43d87a0c014fb4c33657d8bffa380c8ad51ae825284f35a61d7de4f6ffe06c74c4a1c04

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\OggSplitter.ax

Filesize
92KB

MD5
97094622ad1f72a30c2b5c33989bc2a4

SHA1
6fa7b09a8f62bee2b27d9a6e409cde22770598b4

SHA256
2740e620fcd2d310b159b1e497e22a02482f879338354d0bdf1402ff31aa1a68

SHA512
af1ad365c5fcdcc6ee8f8056d74555ecc640977f4cfde3b62030c05ea299a6f07f8daf0d69aa4a92da2e8c451557fabeb7eff6acef48bf952569928da34a3224

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\OggSplitter.ax

Filesize
368KB

MD5
8239433da9ccfdfb25b1fba0c69fee18

SHA1
6e2b643ded401637198089844a935fa468482773

SHA256
dbb0a6891cb04732a8438485df7cb8de588e22a3bf1ac48d8269805aa866117f

SHA512
69c3272fbb5df38a216f255face18694da03dfefd205aded1e89ffcdd0af3c4381fc458ab68e2a9b41e4021aa9ccfd797e191a0c80b26b03aa700d6fda87efb9

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\WavPackDSDecoder.ax

Filesize
144KB

MD5
7fba60e461326274ff354f7537481027

SHA1
ae799a2074e7d5b88a08cf54352a3301648ecead

SHA256
96ab123167cd2495d2e181f53843e995d833dd0f033c28781fb28f0ac94ce8f7

SHA512
e81805fc4f7e0f476748919cef38bbc47b738483aff87a11d056f11e58cf00855aed3e29a5d24b41249e3d2630cc2b82f1743100ba760b96257bc7f2909dc514

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax

Filesize
80KB

MD5
707cb15443f8915701c3b0b747c2b799

SHA1
46604e40490657fc1b7fcc777d75594a17549de9

SHA256
c48781533dc9f259fb2b4bd10a0d11c3d40e90c623141649dc8608d69d6ba997

SHA512
e2814f2cfa05eadf031e51b73b4b4b9febcffa3335ffc8a71d4213e072346b86a333063243f36e399b6b0867c86bc4511c902c3775b5546334b90ea2d3f92153

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\ac3file.ax

Filesize
76KB

MD5
617d8088a67f8a1ab391e42b870d1b54

SHA1
4d304342c81a6dfcd9bf4ef63ec3d6827232876e

SHA256
7503dd3652eebbbd03bc20257f0c679c9e1f6f33f611a48816ffc0e667067a74

SHA512
b0e48704507b070469b296a54fc094437332143dd9d5f0bc50436e7cec2112a1ff1903f8c52a99611c6722c5c2e62ce6f482ccb430278f7b0abbfcb54c003662

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\ac3filter.ax

Filesize
92KB

MD5
58580d641b6903629e2f1728fd85c050

SHA1
fffe8e0da297d862395c0fd46c0521f2d0cb5832

SHA256
dee84b28bed52f98153cef89650b578c3867420fb49d550dafedafddd5d79fc1

SHA512
918cfc5e2f95abf14c83b9592492e1a5b61a76c49e363cc43afc7426e2c3fd576fc46bec560293cdb82b231fa39b766708a6f872081762574fbc97b9fb6da959

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\ac3filter.ax

Filesize
411KB

MD5
e1692f92a11cb99b292799f041080ce2

SHA1
d2d60046340762506d093736b80f5596c9ebf0e2

SHA256
d0fe036917959562dff677a2729e82f03148681bdc239e9cb42a5929c21a3677

SHA512
93481e7a0f66d45c2433de2931800ebb32331e880c58233aed7c711c26f65746814d460d54ca7c6e2ed6cbee476bbeadc7def54b0177a530d7c388ec918611a4

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\avisplitter.ax

Filesize
372KB

MD5
531c2b0f8688b2173baf3c980a1af022

SHA1
bfe69aa72418b91a9fb5eb9bc37899c5c497319c

SHA256
37387d60ef54809466f042abedb3ab90f420ec9d10c3266b2f9ed8489fc290e2

SHA512
687491961163928925952c214b0e02feef89005e11636f2781625cdd9374bc3231253e742879c48151ee1915e2e619b8f36f973c640cf6016ed40bbccfd17151

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\avisplitter.ax

Filesize
92KB

MD5
c584e0a92f905827d26aef4ac68486c5

SHA1
0c60fadb64aed37116baffd3c326307d31cfa1ca

SHA256
d37fc7c27af9b502ef7f799c4e8b7aaaf60b750ec33b91e665adca175eb324d1

SHA512
a2562807a4334684b60f191cd4ae332477f4d64c854b59d54f12a11c1782beadc9318c3d603807f71f3d33d15521f3a443acce3398da0643d371ab0a85afc3ef

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\iconv.dll

Filesize
640KB

MD5
0d4f93fb5e4c9e01f490c9f5c16cc443

SHA1
2ef2cd7bd38977f0f019914a3083d65f916fffbd

SHA256
bb9cfdda9a21fd9ac1057ab3c559ef8f5ec6766274a6cf515d8398d7e6fc9689

SHA512
565dc595b115fe11f492f338af7e121ab782eec7d821475738356f416363933876ef56cf1ad0dc3bfd6bcb836ecb51d08dac94f7fb1d60a8cbd080dec6c77fa2

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\iconv.dll

Filesize
150KB

MD5
72348fb26c8736c01ad640be84f3644a

SHA1
4c41f926d516ef522131eba7f3bca644da4b2124

SHA256
d25daf82021de0415d09db61d50d4ad2b5de707976587a467a177d12ab6addfd

SHA512
2b29e1c1cbeaa813efde461e7eed23010508ff1bb2ba75adf34f52e2536a365b9e0fdb5a24e20f9ec0bfdedd1ae878f15a4db2242d0586b7ae4e63c3c2225be6

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\iconv.dll

Filesize
92KB

MD5
af43fc40ddbf88df10249cd42e8f8c24

SHA1
bb0b336b8ef13a05760ab5999c5bab1438bc1be3

SHA256
ef7fd9ca3db7716db92528e4854919420c2ded3b0de867f67116308e357af0fb

SHA512
82714de660438fa4ff7f7447c4132bdc2ec47690ca874ac5fd74b3a9c863178a3cbda1a47c50535ab64bfec1e46b6c8ff585ff64778904d88a8dba3bc6683125

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\libFLAC.dll

Filesize
57KB

MD5
ac28137f21933ebc5c3779b09c63ee94

SHA1
3b11aff87762de7147d8cc1598e0a1ba30d2d40f

SHA256
8831f0d093f1b47a9070a82721a90db7fc5d05763acb48c58b018abcd969474d

SHA512
4df6be21d61214ee6550a0c60bffa01297384ae8044de3f3fba95956dc63575705988920a67354763323aaf45f3e924380ce46a10bb57da0bdc384c87f7ae646

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\libFlac.dll

Filesize
93KB

MD5
33ff64ecabf8515fe84224d0c877169e

SHA1
af862b38bb26f3ee2b63a251baea30379c091613

SHA256
38280577941e2e5ee7efc627aab17363be3e7892c3edf54e31ab8e8a71d4b7f5

SHA512
c7675b0b9fb54ba9e1df782fb18415647398d67e4ea8a0793eadaf0f76492ec372df077cdcaa0a77f9f0e4160b42bbc03f5647203cda772de6f3eee33c782f98

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\madFlac.ax

Filesize
411KB

MD5
464aa6dbbb07ec09d909a11e51d30225

SHA1
fccc6a874de9ba766462a569111b44c1d6c703ed

SHA256
3ac83d3170db2ac8cfc7f40a62847fcbb0c8d19ddb4bdf834cc211a84bf84146

SHA512
fc1a966644336d1252cf327b5acb5d66cbd397147ac1b771e69e3f0ca713f60b79a36039b893fd8bc8a74b095777f421825b577255a10724669dded656b8b71c

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\madFlac.ax

Filesize
92KB

MD5
4f693f6f03c637260ab0b9c455bc39d1

SHA1
ca6fd2c79dd758d74651d8e5e4328a300c381be5

SHA256
c002f55c948c3f6699cab530aa722dc010cf7b6b817babe4a2fcb4232778c52b

SHA512
1ce13e9b6ac931459902c5c3933d2c01eedff62c1129314458eb1b3b9f9411488e0b10bb894a4d59b7b9249d16e87f43215aa8c63739d546e2cd183a0cae3cf4

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmamr.ax

Filesize
661KB

MD5
31c16930f4c111d3ae8414ec3982ed1e

SHA1
db1671f3d88680e6c680f791bfa740a4e51c1ac5

SHA256
7b1359593f83f447aafe30cfab4dc8bfbcfbef67d0335e76b5678b0cb9e19a9e

SHA512
b0ad3cad3b963b793678e5d8dc420dd7fe864743a1f30b6993910fad12892c382fe6659ab1ef7679fce0528c2e838d52d6a27657b27914d0533c3930cb1486da

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdec.ax

Filesize
92KB

MD5
584d7328949ea8a132ef9181c07ec963

SHA1
75ad4571a7f4f121f8eaee9bbc2c926bb30b4599

SHA256
a6548254d6a99a1ec34a9ca0fdb5835f833e2f98b95409753171a10d408292e8

SHA512
c78cdae692b9932ae3fcd59cdb2d67e38b33b8288462446e58c55c7fb5bb4f2f1cba539cb43fb1caf991b8e2cc297bd5758cc8401e3fa03aed069e9c56d1e1e6

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdec.ax

Filesize
149KB

MD5
a0b0d79f815a5d82d972f730d92b1919

SHA1
e46a6c9e3b5a88586c75b3f8b1111d8cf0ea1ed7

SHA256
82ed4a03c9454145dc362af2b985794c6bc7c3eca7a8fed193345f9662b79f9b

SHA512
60cfeb9d2ddd03d96189682b4c749d8e072e82e7f221e8d3921496dc9103cb2f0be540535b1fd6ad2a370bb4d2a4b3e0e5e34652c369e102192456e5a263fb0e

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdmx.ax

Filesize
92KB

MD5
65595ae168a89424932253768be21f95

SHA1
fa674a87c89dc80ce399ab61132abe904b9f8135

SHA256
c7e279502a8fd2103ed61afb7f41e4be8ac40e46dd29b4d405576f672fab3f68

SHA512
5342ba202586bf5af72e4e5bab55e4fef6865fdb17dd9e7fd7129b53ecd04a5212d1e0669cca26d184104ce5d6b1d01429c9e6743b09b389a44c8c556814dca8

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdmx.ax

Filesize
308KB

MD5
cfd49fa8862fe327e1e3e79de3fbd6a7

SHA1
dbda50889ec04b93418381ad2b18c6d654ee03de

SHA256
4737216017bb948adcc2413d5898f9af16a751d240198bfb0658e3ac46e72726

SHA512
9c3e09cfcc3543da815fca961dbe4287b74c7bb642e6517c9bfe5f4877489f4af37f68fdad533af33d7851a702e7428b0e089640373628e52e4ced51390b4119

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp6dec.ax

Filesize
149KB

MD5
b5e2b7e6c28388dd8efc7f119b16ff16

SHA1
469658948f3e72155d0113c098a23f6a3546b4ed

SHA256
794a172a1bf22136a38e3a91610ebb3102f9c49a1e7ecdecbdd4bbe101ced514

SHA512
96fb1fa6f83f77891bf14a2e82833473d0eafe9ef64c610d576aebc512c1e4370c26bbc4ce7956fddc6920d63cb22803dab0fa8908dbc4d5f32d72d75e5d421d

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp6dec.ax

Filesize
85KB

MD5
2397818e3ad775945d7fe84189cea920

SHA1
692f5093cac3fc78f4e5acde49a17d29595977af

SHA256
5d229d2b352a7982f78a4b033bc368cc788e1350b183ae9c261b72b7f88460ed

SHA512
be758531b914fde7299b64da7b229834cdbbdaec1516d5a398cf8110f7cdf0172b53c41ce9db92e1e75b1ef4efae5641ce05e49e445ee39803b80f9f2367d4b3

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp7dec.ax

Filesize
232KB

MD5
085574f70323b1842f076e6de899a78b

SHA1
748b2393795821f6b999ad55a476b2d2e480fe86

SHA256
1515637b179101c72e0a258b054d73b076b51b70c32aab686ce0e9dd9ec54b9c

SHA512
0e99fb46525d90cae9c76fcaa4531ba43b6613720527a89d8439ae52dfee2e1a23919acc08c74dbb2dec039407f48d27c4e31409d09b35cf2f6bb787ec91bd4f

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.ini

Filesize
22KB

MD5
20b5b14a0410b1cce8774ce17ffc851c

SHA1
1e7153657e60bdb2b6554104cd578bff38dd649f

SHA256
08c351eae0729cb9ec6148b77111739e5c77f5e4b7249b6b01b496a49a007510

SHA512
c6f267c1de614232365ce72ceb0993f4bd7e86f01f92cdf923b5abd27518e04c3f179fce0aeb8e019793a3959198c43a503d37428a7e66c233274f36cb88c6e9

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\cook3260.dll

Filesize
64KB

MD5
8bc5f371287336342c06b52828ef7ded

SHA1
bf27598eece58b3df3d9bcea4988fd74645f56d1

SHA256
0a8c69d30260a72ea3e23e8b8c10294d0cc5783cd58f1b80fb5f0ef319e47dd2

SHA512
2d1d02a1c9e385432d55765a7dca76196552856ad091631e34ef5ff0bc077a1c77c6abed845b6ba591519e3dac912be41698485f2b9194395600166d4507b8f9

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Real\Codecs\sipr3260.dll

Filesize
136KB

MD5
477b8f42f07ac5c022edb00831772f61

SHA1
5539402bd7266c8b7421116cae4fa61c8d637d08

SHA256
0d78d1da2979b332234e0942c479842fe4333d0d5197c3bb6b54543c647bebbd

SHA512
6817c1f141432ac2f1164489c20eb10d0fc38d47391009778a234771636335aff80325cfcb0b92f379f0b71fb293d0e8d337c137518bc9b401807f6fda6fceba

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Real\is-KN2GQ.tmp

Filesize
12B

MD5
fa02fd8eb45f6989eb896ff1f384304e

SHA1
a9791dc2ce214268475c6613651b81217e9db5e4

SHA256
0c5b84dd007f1ec82417146e19f0963556c834de940a1d1416c04556e6c16878

SHA512
447d036abf18efdbd64ecc56b4f769b58eae463f5102fb87980bc037e340bb04eaf1ec389a272a241b9870c26dbaa7e1cecc2a47231fc6424ee3f6075b43776c

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\Real\settings.exe

Filesize
669KB

MD5
52950ac9e2b481453082f096120e355a

SHA1
159c09db1abcee9114b4f792ffba255c78a6e6c3

SHA256
25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

SHA512
5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax

Filesize
512KB

MD5
c26a66ab65946793b78b8fc52e6c17d5

SHA1
536434f702d260cec13642467c3406626930a07f

SHA256
d21585b972eacfe4bbd1b081e411129b4eab35baa886056d033472ffcdd62af8

SHA512
6fbccd9bf590cfbcb4956ad884cce68b5e862d05a696ea91230bb3ac5f8a096c442dbfaaeea78adec1afd2e02ea6850855053df1c0e6388ea9dd827a876e4381

Download Submit
C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax

Filesize
655KB

MD5
a4298a2dbdcee32bd32c0c1a9c7efe7b

SHA1
f9da00396767adb57d2061477b925a88743e44ad

SHA256
dfdf10ba64aef6dc9749d582bf26e38af6415591ec10774e88d4c4e640771bcf

SHA512
7b8b1c2ac24a290ca7352d91364da8879b13944b538933b9c269dabc1a267e1ce68478c412216489a8534ab2566bca25faf247f4e8dcf190f8b726ffa0fe590b

Download Submit
C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll

Filesize
141KB

MD5
5db82b8c515c875ae58e1b8b5997416b

SHA1
e97525a75b61921c7922d1d435392ad7a2572e46

SHA256
80df6dd09ac6b6d9e253f5c88cc564c5c3f3db3c11213223f40c003d0d2fa18f

SHA512
4c1e924cd33a7506947a4dbc02618f66965de24412875d85dfb094f768d465a8aca0d9d672c81d762ede79d2ef16e1493a22d4f0623221bb6f4502c06606acee

Download Submit
C:\Program Files\Google\Chrome\Application\plugins\nppl3260.xpt

Filesize
6KB

MD5
811ba568e7fc0a61b763fd21906bd258

SHA1
cfda4c02785deec27be3ceba854989c27aa08428

SHA256
68d36aa053bd715a7b3c6b64c43182c6d6c3f50429a3ecf80713edba3e31ec93

SHA512
180d1d02bf8528ffeb513a5f11087eb6eb3e1ab020d0fc9e64af60e8b1f3cd6ab5157a0776eecc3ec177027bd59011149c83ea1f51cd413d36b4c5f189dd154a

Download Submit
C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll

Filesize
92KB

MD5
2cda67c1309ca966d8efee4ee0d6ca92

SHA1
12a98fa32d7095f7c5c3041b9c389b60d859340a

SHA256
c89d9a50f022ef0d19a6cb436ddda796fd94cdec3cab1d949a2a248d209b3a20

SHA512
38140502302cde335405a2a16d47b663883b2b0fe2c06ce4123f68b12cd53cabd48db83d5ba5a6ed4655bd9e06e48c39271c8564bca247b5384d72e98c9a68ee

Download Submit
C:\Program Files\Google\Chrome\Application\plugins\nsJSRealPlayerPlugin.xpt

Filesize
556B

MD5
2997045bced819dc37a5d234515a7c84

SHA1
35553012297fe340222805883537295678b18c68

SHA256
eb0f2fb39b84600fed5a8ae7c7ba5a64dd0e9ce796f82d0c7e644401186eddc4

SHA512
351f3f75e9ce23ca4dc62d2a4f99f288738adbf9147355e78c656e95178e0b8e62fa603a623d79ae79cb34667fa89d626c8031fa54e84a06fd61778e9b20c665

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-66TM9.tmp\WinCPUID.dll

Filesize
56KB

MD5
22eb46911320614e971c05a21c649837

SHA1
35ee160ccd5edf0bf30f19ae2cb923e4c5b0d6ae

SHA256
55dc7047acae697ddb1cd0b912fcf9d470ac5eacefa2fcc7c8cf2a6c37ada202

SHA512
722a172c96065e81661520bb215838243bd9e4744bdb42e5f2c8e5fc5a746292ad75d114d1476fbdbca7b8f04b8a498dce93b2f1d52475f6392a90d8580605f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-66TM9.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-66TM9.tmp\ffSpkCfg.dll

Filesize
40KB

MD5
313092dcc48091a1259a4c9dbedc5b76

SHA1
086b57788bb83123570755bf23ac17d23ad7de79

SHA256
416ae1233fa908b72a75891599cb6e445d50e9e02cd1938a47f09ef8f2588323

SHA512
2eba04091f03c8a9fd5888890b834663b3e25d1e8469020d27d0315e0086ca805f4a4a3f1431d5652efd143c0763fa5e1e39e5b39adf8b4f7100008afe7a7708

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-66TM9.tmp\psvince.dll

Filesize
36KB

MD5
a4e5c512b047a6d9dc38549161cac4de

SHA1
49d3e74f9604a6c61cda04ccc6d3cda87e280dfb

SHA256
c7f1e7e866834d9024f97c2b145c09d106e447e8abd65a10a1732116d178e44e

SHA512
2edb8a492b8369d56dda735a652c9e08539a5c4709a794efaff91adcae192a636d0545725af16cf8c31b275b34c2f19e4b019b57fb9050b99de65a4c08e3eee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AE1FA.tmp\klmcp.tmp

Filesize
804KB

MD5
00f2e43591f0eff61f55aafe90dfc43c

SHA1
db1f55df4237b5b3e37590ebcec92c9e2287f531

SHA256
fb8e849f0aec45d0090635d61f11f2c3a9a663546be2b32d33549d43247bcc67

SHA512
467b471af672209c4a22efe4be77ccd39ead317928e69a743f70c6a9bd9499f316e604fb68afa90fa57bfde44001fe35d8f3b66584a7fb18004f2ed4edba5ab4

Download Submit
memory/116-594-0x0000000002090000-0x000000000210D000-memory.dmp

Filesize
500KB

Download
memory/1480-624-0x0000000000D90000-0x0000000000DA6000-memory.dmp

Filesize
88KB

Download
memory/1808-615-0x0000000001070000-0x0000000001086000-memory.dmp

Filesize
88KB

Download
memory/1952-628-0x0000000000C40000-0x0000000000C56000-memory.dmp

Filesize
88KB

Download
memory/2332-599-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/3008-577-0x0000000002340000-0x000000000241A000-memory.dmp

Filesize
872KB

Download
memory/3700-43-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3700-651-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3700-33-0x0000000005480000-0x000000000548B000-memory.dmp

Filesize
44KB

Download
memory/3700-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3700-37-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3700-39-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3700-41-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4012-652-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4012-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/4012-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4012-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download