Overview

overview

10

Static

static

3

357b5f06e0...76.exe

windows7-x64

10

357b5f06e0...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2025, 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    357b5f06e0a084f8c37e6a38afa29c76.exe

  • Size

    42.2MB

  • MD5

    357b5f06e0a084f8c37e6a38afa29c76

  • SHA1

    e7de8b81872b571e9e0fe6dcc48c94dfe8d50318

  • SHA256

    72a4f802a0818076f00fdf7ca1710fad0f35244e472a74845f9cf6c2644cc528

  • SHA512

    ab539349cb46cdf4c2ce48569a123abc9634adebe68e0ccd19c89f008692651deb727892c1476796d0229965ed25d96b73735ce9ab86fad2bf67abd65ae9cd36

  • SSDEEP

    786432:M129ofpkXbsydPnpeWjrqBqe4k51vJ8EhsI14StdNoIvTe3HzuREJgIkH5:Y29AwsydPnpXqBq4pmEhh4Sj9Te3TGEk

Score
10/10
darkcometponyspreaddddcollectioncredential_accessdefense_evasiondiscoverypersistenceprivilege_escalationratspywarestealertrojanupx

Malware Config

Extracted

Family

pony

C2

http://www.orway.bplaced.net/pony/gate.php

http://www.socialnetwork-toolbase.de/ucs/pny/gate.php

http://btcminer.ddns.net/pony/gate.php

Extracted

Family

darkcomet

Botnet

SPREADDDD

C2

852000.ddns.net:1604

btcminer.ddns.net:1604

p2k15.ddns.net:1604
Mutex

DC_MUTEX-H0WQWZT

Attributes
  • gencode

    skMDhHCCHML8

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Pony family
    pony
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 4 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 16 IoCs
  • Loads dropped DLL 64 IoCs
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Uses the VBS compiler for execution 1 TTPs
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 8 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • UPX packed file 35 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\357b5f06e0a084f8c37e6a38afa29c76.exe
    "C:\Users\Admin\AppData\Local\Temp\357b5f06e0a084f8c37e6a38afa29c76.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\divx.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\divx.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Users\Admin\AppData\Local\Temp\is-FU9TD.tmp\divx.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-FU9TD.tmp\divx.tmp" /SL5="$70152,40413792,257024,C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\divx.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2076
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2164
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVVideo.ax"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:2788
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2068
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub\vsfilter.dll"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2692
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:2560
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVAudio.ax"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:2276
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVVideo.ax"
          4⤵
          • Loads dropped DLL
          PID:2856
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVSplitter.ax"
          4⤵
          • Loads dropped DLL
          PID:2676
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosPropertyHandler.dll"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:2584
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:2684
        • C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x86.exe
          "C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x86.exe" -ot reg -on "HKLM\SOFTWARE\Microsoft\DirectShow\Preferred" -actn setowner -ownr "n:S-1-5-32-544;s:y"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:1676
        • C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x86.exe
          "C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x86.exe" -ot reg -on "HKLM\SOFTWARE\Microsoft\DirectShow\Preferred" -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:grant;w:dacl"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:2368
        • C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x64.exe
          "C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x64.exe" -ot reg -on "HKLM\SOFTWARE\Microsoft\DirectShow\Preferred" -actn setowner -ownr "n:S-1-5-32-544;s:y"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:1864
        • C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x64.exe
          "C:\Program Files (x86)\K-Lite Codec Pack\Tools\setacl_x64.exe" -ot reg -on "HKLM\SOFTWARE\Microsoft\DirectShow\Preferred" -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:grant;w:dacl"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:2748
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CODECP~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CODECP~1.EXE
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1948
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\codec.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\codec.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3016
        • C:\Users\Admin\AppData\Local\Temp\dlhost.exe
          C:\Users\Admin\AppData\Local\Temp\dlhost.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2384
          • C:\Users\Admin\AppData\Local\Temp\dlhost.exe
            "C:\Users\Admin\AppData\Local\Temp\dlhost.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\JkRfuCdPC
            5⤵
            • Drops startup file
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:2452
            • C:\Users\Admin\AppData\Local\Temp\net.exe
              "C:\Users\Admin\AppData\Local\Temp\net.exe"
              6⤵
              • Executes dropped EXE
              PID:1976
            • C:\Users\Admin\AppData\Local\Temp\net.exe
              "C:\Users\Admin\AppData\Local\Temp\net.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              PID:1964
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c del /q /f %temp%\*.lnk
                7⤵
                • System Location Discovery: System Language Discovery
                PID:2808
        • C:\Users\Admin\AppData\Local\Temp\svhost.exe
          C:\Users\Admin\AppData\Local\Temp\svhost.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2456
          • C:\Users\Admin\AppData\Local\Temp\svhost.exe
            "C:\Users\Admin\AppData\Local\Temp\svhost.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\kFbyGHnpo
            5⤵
            • Drops startup file
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1128
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:2356
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              PID:1752
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c del /q /f %temp%\*.lnk
                7⤵
                • System Location Discovery: System Language Discovery
                PID:2592
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pusher.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pusher.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2324
        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pusher.exe
          "C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pusher.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\LWyrXbgcf
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1624
          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
            "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
            5⤵
            • Accesses Microsoft Outlook accounts
            • Accesses Microsoft Outlook profiles
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • outlook_win_path
            PID:1776
          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
            "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:2396
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c del /q /f %temp%\*.lnk
              6⤵
              • System Location Discovery: System Language Discovery
              PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

2
T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll
    Filesize

    1.8MB

    MD5

    1368ade1a6690d364dbf063fed88564c

    SHA1

    cfa31815f7246199be40e42d69e01183dae9a473

    SHA256

    3830920e7bc7a076aedfbc5506d3472a4bcdb73c502273c5f65878ae74b594cd

    SHA512

    ae7c000444dcde2834fe6efbea1469bc8625e42eef5025d6d6a12aa2d7f5e3abe0a7e48e6836829d721f1c14df19ebbdaf3aeb2e4292da475f62310bdf6b68ea

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub\vsfilter.dll
    Filesize

    1.5MB

    MD5

    52e76ec0bb8107ccabe309cefc7e4861

    SHA1

    a3578963ac38bd97f4f838202979f63df057a773

    SHA256

    bb095360972ec84557e1cddab05a49a0b7e04def85d48dacaa8ee5a70e43a4c6

    SHA512

    6ee3e1668b8ac18ebc5860aa9a429d428abf2793e2cbfac724909b6038bce043305fd9db35727b4f8fb0a8102e2203b0d2b7ce6f18ce004206f22af241caa95d

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVAudio.ax
    Filesize

    289KB

    MD5

    198593663a47bed4d4f46e064948fc0a

    SHA1

    4027518294605a1cf1eb1df700c8814dcd912f38

    SHA256

    3a14d169012959f7116d1d3044718d57457ce5c058eff1750dd2e7a1af4fa527

    SHA512

    e46e9502b4de2f4471f281bbb4648dca54e244c773cff6f83009188adb12a6680078f407e4170abc7593145328810b571f2553147448dd80cd14923b92b88cf0

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVVideo.ax
    Filesize

    1.1MB

    MD5

    67902b3ae551c4780324b7b8c7e99bc4

    SHA1

    888e8cfbeb973c685d165b38f8d16150fca22472

    SHA256

    354a3d62498b6ef0c195010718a68f90b760d4050ccac5b06cda9ae153ccf1d7

    SHA512

    99846d50423061611846108012d670fb3737678113e7587260919a2da5e361cc40818637b2d6ef2d22d388cee01539f486c6c7015d7f607ba9dbd9bac172a1b0

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avcodec-lav-56.dll
    Filesize

    9.8MB

    MD5

    4ccef936f16fe8d13280075a5dfef04d

    SHA1

    87b75a915d95116f4a5442af04d662c1a94afce9

    SHA256

    e6a21cc3469cd09d0d8469536e208a28bba53a296ee86c930193c5f3958e6fe8

    SHA512

    d6c84312a5200216c547a074706cf7e89828c35adc34cef34dfca0e5ef9c7057134819549df1b8a43fc3db2034e4e9fa94d32b65fe67418e922e6a4a390c93dd

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avfilter-lav-5.dll
    Filesize

    180KB

    MD5

    05589c7efe58f97ad85231ccdb95d02f

    SHA1

    feac88506024422384aea9fd7e717b926fd31352

    SHA256

    faeb6515a9979a3f0207fecd4848536eabddb03854c3df5a9b8ccb93ebf8bfc2

    SHA512

    5390f8bdc38e65fcda5c419114e813c6136559bcc304d5f1195f6db6db8d88f5678d5ff61bda559937292b6eabb6d6aa37f9a935e9bd2fd2e6e2e2681c8b9a6c

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avformat-lav-56.dll
    Filesize

    1.3MB

    MD5

    eabef82cdde22218730ac6ddb07a58e4

    SHA1

    2733f5e3849bc07c13b3b98c9518e266156c5bfa

    SHA256

    5f40a5538df383fce822545c05069acba292a5f6468dfb42ae315d11b5f5c918

    SHA512

    25c1ab9824138bf9737ca79a1b0fa9771afe5fe9acbac9736794309493226c82c9830b2e03c46e82e4f3a45842f5c7f77d332f1f99e6133c0ab330f367e00d07

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avresample-lav-2.dll
    Filesize

    157KB

    MD5

    d7ae7bb993c289a6beaffdf1c047b0cf

    SHA1

    a5a90c28d02c24f7761a8c04299fd2aa3176f7ba

    SHA256

    dab66d4a52de0bf4f638170bff7cb105b8f2e6953024a7d13f2eaf8045de07aa

    SHA512

    fb4e3804d6571e87631e902884b97d5d3098949e87074502dfc90641089d4d22188a673b5229fd6aae71f9c7a0c1af0c032be00b30c732d39546393a6b7ae11c

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avutil-lav-54.dll
    Filesize

    390KB

    MD5

    ba88f34c14ba2560f04d11e4bb322b03

    SHA1

    b69c3b7a69b03e26ccad0888ab404d8861123703

    SHA256

    b39222340559033688394a4ceb775bbdc155bbcd5a47eb25bda9e2b5e8e514c1

    SHA512

    bb9bd70626290fafedc5362ce5c41538f06ed31f4e5628bbd3c9910902aa05f08cc84a7944569aea0ab0018f432725ed716d562b913aaf3c4ab72c93a3315e22

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\swscale-lav-3.dll
    Filesize

    498KB

    MD5

    98344db1432d0a873513715c9dc54f4f

    SHA1

    61a6ba96241172fc204907216b49ec71f3fa9e91

    SHA256

    de5b807ffb57d263524533fd53cba302fc256f0ffec0425779f357e183f84ad2

    SHA512

    29eb2f3f8ffa56e33b6136e57b9254df1b3d1b2d37e20c69d5d970c5c962c29933d99fbd4a0495b59bd10676d0955dc62d7a416d5b01dd703ec36eebe42e6cbc

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax
    Filesize

    480KB

    MD5

    db14b3840a49da053d22d734b55e5b26

    SHA1

    287287b3573f1f68275b24357a96410327f6895c

    SHA256

    1005a3e68df7d400f63dbf03cf5b0dd19bb0823664a85097e219823b9dbd6a9b

    SHA512

    d078759db8337360a8419203f823f8c9ec07cc8fef64880feec901651c73a31d16302cb82631e7354ef0832378096adf3359b5b28b791d903a3dc459e425dc9a

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVVideo.ax
    Filesize

    954KB

    MD5

    ae049a27b51ec2a7779cdfc477683b62

    SHA1

    abad08d0f49006291bf7d628581d567cd2cbc9da

    SHA256

    8d72b1ce97c36421ef3d0325249e09eee684605b0e0c1d342ed6d0120d079a8a

    SHA512

    1fcb146d43b0895266399d72b2d35cb2a63b5f79488ed7410b69b3b8e32b8fab5025872156a0d5ffe7e7f8b20641c835dbebeae17b449312aba7ff59a4b89e95

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-56.dll
    Filesize

    9.4MB

    MD5

    c652086050df7414d76fc0d6c228ef4b

    SHA1

    f556e9e29b6a99eea52dd1d4aef3af90ed4a9355

    SHA256

    2056ed41ff28faa90d6eaa3c1be0a9b77d507bfa451933bcec62e47aa002f39d

    SHA512

    2be5fb9b7ecd5b753065165a28d8076865ffc9c1d3520b214e017fb6fd6d8697deed8fb888d87f872ee3072596638361650fb7904e4daf73480e3328fa457041

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-5.dll
    Filesize

    177KB

    MD5

    bf01b213af787ebab456d83f52e6e564

    SHA1

    38cdff5cc4612e05b90ad37a5620d4ff9181d27b

    SHA256

    60e94ff1e7896198d40983aadb848501a8c6f76070d9897090993310f9feb74d

    SHA512

    cbf70f7f3e2ab55ab81ec8024960150d99c0dfae89ca0b88f6eb7d6d27c64aa891cadc473a83e6aa7f62f6ba14eba4d2ad0f0db46551fd3248673971313e3eff

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-56.dll
    Filesize

    1.4MB

    MD5

    c4e431100317acca1db955bde74c96ba

    SHA1

    084233465566928890281cb51f24a44357fc4a29

    SHA256

    502a0f185bb3bf616bf107355d557c9c15c43d43597fd3d25d6072532798f439

    SHA512

    3e35409bb94787d02974f2abbf7614b3549edd8909ed124183494656c3e9c81f6356e7fe6951d9d23f7a527c9530b6b9b866708732703b18feffeb5683dcaa88

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll
    Filesize

    240KB

    MD5

    53e26b42caf45d340f0bb7ac0e2e5187

    SHA1

    e811ecbf0ef201dee94ad5a93049f9471e1500d4

    SHA256

    4a2f41a8a5f395811ad9064b529f2b7f6ebf89d00084badce88675f4ba0d9201

    SHA512

    3606f5c6102bae69a082d56448557f2f26ec0a48a4db9ab2e2c61fec8df018e3490a401c88bf3877169566a3eb1056e9bbdb129b21b3db23decdd94d3a80f64b

    Download Submit

  • C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-3.dll
    Filesize

    502KB

    MD5

    27550c88b2c9993678d5ff1a07b25a14

    SHA1

    58423774b030538fc5c1d3149b8cc77e5b584dbd

    SHA256

    db10df242fabd9546fee2d2a01b0fadd45d2fae587ff8b5e541387c728a9ebd3

    SHA512

    22c1dd819e094de375ac2295b6a87cea221edf189b3db9b8060fa20ac61a9edbbc5a389e5138eed3ebf6db294ef37e541b9e53d8a089d9330bc4f9c2052a6d97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\divx.exe
    Filesize

    39.1MB

    MD5

    83638209152822d2c9fe80cc7c634651

    SHA1

    c77ff7890d935d19fe2c4d3d0ad933247e383e32

    SHA256

    777159af2544a2bd9d7bff6c6c120981325c580939d276235904c8be1bc6922c

    SHA512

    34dd370511691037507eb395ba18bc5c65ff7527ec6681f1e05930a96ea583064788c1e9a380b9210971b817c9e92381019e76ba846d064dd3a2d210e937e959

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dlhost.exe
    Filesize

    1.1MB

    MD5

    29dc7c626ac48deb0283a5ae198afb01

    SHA1

    2e6fc2b2a3efd0ef5a4d37721be6922176138df7

    SHA256

    ecd5ccc6fe1e5bff9023e8026205366ab32d639bad5352a165c52f59369e9b62

    SHA512

    861678543f21a2fba0f65a0f38d031168a331dc8373579cf72c7eaa2dd44f4c128a18ca1b1103eea1da01563c4d6cc8fa0239866ee478ec04e7b26500d2fa8c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\net.exe
    Filesize

    4KB

    MD5

    b8b3eaf4cd8d25a248ae35e50c60a2cd

    SHA1

    5675bea07480d26530165b3d853bb0d9b4790f1d

    SHA256

    6fe52421d30a6aeaaf9398e00555e08e1c84fd997956248b661708a55ea88d78

    SHA512

    832845e8ea1be26fc8756b7ef53ff49a500cc799fe189ba4229599702955192b4d8c87159c17cb949b5df0b4c055b798f66c174ba8cb0613e9a830168e7b3dd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\svhost.exe
    Filesize

    1.3MB

    MD5

    840a1508abc59cd1006cf7989f443dfc

    SHA1

    6277d23d77ad50718c7f38de03b0d6221e0788f2

    SHA256

    df039f2c04f986fb8e9b8fd7d734713f5efd143a614c0cdf11c0e8390652518a

    SHA512

    a562f89a82cebaaed6143f1ae809cc8755913743d8b2c2ea3cbe918a70b37ce798b1c97239fcfc828e1df7985b87663eb13c42ad1a4d2e1c34c13b4b84633aaa

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax
    Filesize

    251KB

    MD5

    550d922b2d08d6b73ac0b53a6bf043ab

    SHA1

    2d97ee2b82f28ff8a28162aa2308b93c51e09387

    SHA256

    daa614332780919e8c32b9dd8487b0caa97458aaed90a573fda32bf82385f732

    SHA512

    2cbd976fc3c691e0e13833b0b6f9d5ee03955e6b3311a1edc558f1e53aa935c22866cf7c18671d2a347fcf1c468bba6270174f7dfd6de80854dfa9b20fd31681

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-2.dll
    Filesize

    151KB

    MD5

    ead1924880fb56f052e2c685f7584dce

    SHA1

    3e8724aa6f92f425e88ca451890c61576bf66e25

    SHA256

    4abf3e808e369e83c9c4212d61724692c73e1ef753cd79f1734f562ad46af38b

    SHA512

    c84f4408decf57e96afce73754bfd972fdb61d861b29ab143cb03ac4f4e70424c19a4c7c93e638d1b425511c83e5fd6cc232eaf649cb7f50e193ebb87cb49202

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-54.dll
    Filesize

    438KB

    MD5

    e2c760c8fa62887f92a536d056d148d9

    SHA1

    5c73786780ba25a63ac29b199ac86c4d855a7d7a

    SHA256

    90647be676dd07ed7ab2360475e8a774282ca5b3080060ff44a1163f93447d10

    SHA512

    1de0ae45ae584bacac1a9e4ca3dde17aeed967c20255d1ef766696acfe3f636106f6b296310815b4bf4149546fd7c4b6ef30ef5118aecad3357e064239bc6db6

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
    Filesize

    7.8MB

    MD5

    4e2136acc844511e10793d628aacdb5e

    SHA1

    4910e3438c80615d81d1877c184801fd981abedd

    SHA256

    7f2a3ad8407b1d8db0425bb3cb8d0da993f03b55e1bb22b6f7a5e69d80bc8b3d

    SHA512

    1ea0b49a81757e96b3c551699c8b8fb2077661a440f0773e59efb369309422533f98d0e5be19c73eadc3b4b9ff382e321b541b31e64f0d405102d6f419cc561e

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
    Filesize

    1.1MB

    MD5

    8a3a1b1d58c43a45517321bc8c650752

    SHA1

    e68eaca78a38aafb62e3dbdd37a92c0477bac4c5

    SHA256

    146cfa7ceaaea25ddf2231baa14b6554a6df0b38accf3e05da90bb01b3ae223e

    SHA512

    efd40f82f2426275c8ea7cad613c1d96fc8549f855120a69397b71beb314d95c8bc8d9128063e180dcf87d0645f13b1e1b56c0b32a5a52837a5d97c131556902

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe
    Filesize

    4.2MB

    MD5

    730c21c228bc74149c835137446a14c4

    SHA1

    a5a278ff3f5a483b32f78b89544e37df40884c56

    SHA256

    d1e8e852aef324595d18a7a9bdf9f6e2c00811744e061a261b98fdf561bb5b7e

    SHA512

    13b898b51fa84d3ffaa21796790b9d7d19d2aa7f6debdf94718f59354ff4fd336a0762077e82c86df8089463c58cf94ecac9452d0affaa31d03529fcae379aa0

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe
    Filesize

    5.4MB

    MD5

    8425490a24aa98c7239cdcfc018bc31c

    SHA1

    430229ab3a69e80c4d9be3e74425bd209706a8d6

    SHA256

    07f1d8531db037d7e315bec6085182845589cb11df1ebc003aa12e71eae5d991

    SHA512

    b2aeda5830bd3f41233e44898503c49e4113587bf59d4f046551b3264618046b84dd1b1812d4bdeead0fa47215c331d263332cbff3a9d205e449227139225107

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
    Filesize

    1024KB

    MD5

    ad937f57725167e2d5d7be534feed706

    SHA1

    18668605af8ec081eb9cdac5b0a6aced6a2b600f

    SHA256

    e28bcf9b230c537525e074fc82c84cf1df56f27dc3a05fc62615b9ddaceddd6e

    SHA512

    cc417d4b486616014a9e44207f3c71168623023337fc82305854f053d4a3b9ab1bc4f5027802dd3307f3f609b79602e6e1944a2ddeeaf1ce19abda3f155f1069

    Download Submit

  • \Program Files (x86)\K-Lite Codec Pack\unins000.exe
    Filesize

    1.3MB

    MD5

    a8c2e9a11ab557ecfe425da7ed2c56b2

    SHA1

    63fd99a2c72b6a87c6ee6df3678a0dec569e5235

    SHA256

    15d778b5957798013c8ed34cf69b552900a3a26c313c933bc615f684ed8b826c

    SHA512

    c6039fb2b43c315d980191a139b4c88c83f7afd385689b58b60fb1767a367eb7fc4611abfc91b6d13bfbc7ed60b1bdbce7e4cf6c0bbada0730f9d6f20c29d54e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-FU9TD.tmp\divx.tmp
    Filesize

    1.3MB

    MD5

    77d3db03dfcb155bfdc21eea46158565

    SHA1

    7ef9f5a1ed81052c8a7a53c6bfbdcad46817f971

    SHA256

    58e366192e500acd1c9e8bcad208ec4b36e19072ca03a1f8d9da99e4002c6d45

    SHA512

    546b71cb5244e9813501e425437b0abd5041be313a1bb12e2976a471c6fe83ac083849d72686ad7401289cf164eef176d830e81acb90a6e7ff8823f1bbc316a8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-V7314.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-V7314.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-V7314.tmp\klcp_detect.dll
    Filesize

    55KB

    MD5

    5b4eaa57dce5f61687513fdec129282e

    SHA1

    66f2bd1b49c3bdba54923e93cfcf3548748b99c7

    SHA256

    7be1d61459c0ce007aa12d0fe0d747775897827f0da6c90c3a189f02b878beb8

    SHA512

    9e62764e241aaec8b773699097465f21a7abba0e1bdf00af1fa1d4e6418475199e9acf2e568a819f875ca8227ee23dc203a45c923fa83c4185a2375a96518b00

    Download Submit

  • memory/1752-517-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1752-518-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1752-514-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1752-548-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1752-512-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1752-533-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1776-571-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-476-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-478-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-473-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-541-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-471-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-469-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-486-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1776-477-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1964-526-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1964-529-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1964-524-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1976-507-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2076-36-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2076-38-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2076-389-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2076-398-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2076-40-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2076-16-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2076-34-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2356-543-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-496-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-506-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-505-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-500-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-504-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-503-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-498-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2360-32-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2360-399-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2360-10-0x0000000000401000-0x0000000000412000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2360-7-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2384-426-0x0000000004190000-0x00000000042A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2384-430-0x0000000000400000-0x0000000000512000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2384-421-0x0000000000400000-0x0000000000512000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2396-479-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2396-490-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2396-483-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2396-481-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2396-542-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2396-485-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2396-487-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2396-489-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2452-539-0x0000000000400000-0x0000000000512000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2452-429-0x0000000000400000-0x0000000000512000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3016-420-0x0000000003A90000-0x0000000003BA2000-memory.dmp

    Filesize

    1.1MB

    Download