hxxps://drive[.]google[.]com/drive/mobile/folders/1B2OVD125j8babOW2t0lGM3a3CfUwe1GO

Analysis

max time kernel
316s
max time network
327s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250313-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250313-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
01/04/2025, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/mobile/folders/1B2OVD125j8babOW2t0lGM3a3CfUwe1GO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2872	login.exe
1784	Topaz Video AI.exe

Loads dropped DLL 20 IoCs

pid	Process
732	MsiExec.exe
3916	MsiExec.exe
820	MsiExec.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe
1784	Topaz Video AI.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
136	4004	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
4	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\ScrollBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\impl\qtquickcontrols2fusionstyleimplplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\ffmpeg\examples\filtering_audio.c	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\SplitView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\ItemDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg-utils.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\impl\qtquickcontrols2materialstyleimplplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\NativeStyle\controls\DefaultProgressBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\quickimpl\qml\+Imagine\FileDialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\PageIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Templates\qtquicktemplates2plugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\general.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\doc\ffmpeg\ffmpeg-all.html	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQml\XmlListModel\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\ToolButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Windows\qtquickcontrols2windowsstyleplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Windows\TextField.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\onnxruntime.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\impl\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\quickimpl\qml\FontDialog.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\MenuItem.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\CheckDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\impl\qtquickcontrols2universalstyleimplplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\videoai.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\qtquickdialogsplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\ToolBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\MenuBarItem.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\TextArea.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\openvino_intel_gpu_plugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\impl\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\D3Dcompiler_47.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Windows\TextArea.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\MenuItem.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6QuickDialogs2Utils.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\openvino_intel_cpu_plugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\DialogButtonBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\impl\CursorDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\AbstractButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\Frame.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQml\WorkerScript\workerscriptplugin.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\libssl-1_1-x64.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Svg.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\CheckDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\RangeSlider.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Layouts\qmldir	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\impl\SwitchIndicator.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\qmltooling\qmldbg_profiler.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\NativeStyle\controls\DefaultTextArea.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Material\HorizontalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\share\man\man1\ffmpeg-formats.1	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\MenuBar.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\Popup.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\ScrollView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Fusion\VerticalHeaderView.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\RoundButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Dialogs\quickimpl\qml\FileDialogDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Universal\TabButton.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\sqldrivers\qsqlpsql.dll	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\CheckBox.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Imagine\ItemDelegate.qml	msiexec.exe
File created	C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\Basic\Slider.qml	msiexec.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\{3C53F022-1E76-4492-8146-4B10882E3475}\mainapp.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\e5b1cbe.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2864.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b1cbc.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\e5b1cbc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{3C53F022-1E76-4492-8146-4B10882E3475}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3EBC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\{3C53F022-1E76-4492-8146-4B10882E3475}\mainapp.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\220F35C367E129441864B40188E24357\3.0.5\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879594119451054"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe

Modifies registry class 30 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\220F35C367E129441864B40188E24357	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\220F35C367E129441864B40188E24357\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\Version = "50331653"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\ProductName = "Topaz Video AI"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\Topaz AI download + settings\\Topaz_Video_AI_v3.0.5\\Setup\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\ProductIcon = "C:\\Windows\\Installer\\{3C53F022-1E76-4492-8146-4B10882E3475}\\mainapp.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\Media\DiskPrompt = "Topaz Video AI Installer Package"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\Media\1 = ";Installer Package"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\Language = "1033"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CD821E8711F6B4086A161E2B55ACDE\220F35C367E129441864B40188E24357	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\PackageName = "TopazVideoAI-3.0.5.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\Topaz AI download + settings\\Topaz_Video_AI_v3.0.5\\Setup\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\220F35C367E129441864B40188E24357\VCRedist	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\PackageCode = "85C917DDAF5E48C4B9917D3ACDBBD0AD"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\220F35C367E129441864B40188E24357\InstanceType = "0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
3960	msiexec.exe
3960	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 4428	448	chrome.exe	83
PID 448 wrote to memory of 4428	448	chrome.exe	83
PID 448 wrote to memory of 3988	448	chrome.exe	84
PID 448 wrote to memory of 3988	448	chrome.exe	84
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 2652	448	chrome.exe	85
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86
PID 448 wrote to memory of 3672	448	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/mobile/folders/1B2OVD125j8babOW2t0lGM3a3CfUwe1GO
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffff850dcf8,0x7ffff850dd04,0x7ffff850dd10
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1592,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2036,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4260,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4264,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5588,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5624,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5636,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4792,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4344,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5968,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5528,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4592,i,18409254383791625889,16248875609839229589,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:2608

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13666:160:7zEvent20138
1⤵
PID:2128

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Topaz AI download + settings\" -an -ai#7zMap14614:192:7zEvent22239
1⤵
PID:3308

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Topaz AI download + settings\Read first.txt
1⤵
PID:2032

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Topaz AI download + settings\" -an -ai#7zMap22298:192:7zEvent14367
1⤵
PID:4284

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Instructions! .txt
1⤵
PID:2300

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Setup\TopazVideoAI-3.0.5.msi"
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
PID:4004

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3960
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E919BB83CBD9D9C5F4CB6FBD2F761F2F C
  2⤵
  - Loads dropped DLL
  PID:732
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EE792F12E625F605F2D1FDB1A3C608ED C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3916
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding DE61C600DD4892C449A09C781BEAC9B5
  2⤵
  - Loads dropped DLL
  PID:820

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Crack Fix\" -an -ai#7zMap8889:202:7zEvent11275
1⤵
PID:876

C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Crack Fix\login.exe
"C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Crack Fix\login.exe"
1⤵
- Executes dropped EXE
PID:2872

C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe
"C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1784
- C:\Program Files\Topaz Labs LLC\Topaz Video AI\crashpad_handler.exe
  "C:/Program Files/Topaz Labs LLC/Topaz Video AI/crashpad_handler.exe" "--attachment=main.txt=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2025-04-01-05-42-3-Main.tzlog" "--attachment=out.txt=C:/Users/Admin/AppData/Roaming/Topaz Labs LLC/Topaz Video AI/logs/2025-04-01-05-42-3-Out.tzlog" "--database=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" "--metrics-dir=C:/Users/Admin/AppData/Local/Temp/Topaz Labs LLC/Topaz Video AI/Crashes/db" --url=https://submit.backtrace.io/topazlabs/b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98/minidump "--annotation=appName=Topaz Video AI" --annotation=appVersion=3.0.5 --annotation=email=Unspecified --annotation=format=minidump --annotation=token=b060552e9793d86dec356a038dee056ebd3b4d539c702a0e5c8f3760d7a99f98 --initial-client-data=0x390,0x394,0x398,0x36c,0x3a0,0x7ff7163f4918,0x7ff7163f4930,0x7ff7163f4948
  2⤵
  PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5b1cbd.rbs

Filesize
192KB

MD5
301c1e07823f39ad2fc4c85a3f494330

SHA1
e9a0133179e94b4aaf0956833beef464d9bdc44b

SHA256
db11ae83997903c65d3356a63b69dabc77d82663d05497b606453bd5880286ad

SHA512
7c8122620f0cae002f5f2d780f8449591bed32369d7cd1c9f7e110cff5294153123833f502ad13bd444588d81dde4ec9f58a85ce94a5aebacfa5904505f1f776

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Core.dll

Filesize
5.4MB

MD5
6a1148741f3f0e07eff37201d481b7d0

SHA1
20e673e5f23124956251637c3d2207ac140e21b4

SHA256
a4aaabff8e4952aa0995d6fa314c2321b2252a0e517c85914a9af75261612401

SHA512
3064c7040b19e5e240413205cff102dc91d4fdd9ac041d456ba14725000a960af1b74e7397ffc6efa621ec83c101143cd2edb7fe2f07a91b0c0b2c03d0e1fca3

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Gui.dll

Filesize
7.2MB

MD5
c40442c7cf49b15136a49b655984d6bf

SHA1
367097f166e4724a04d9c62a3c0aeac1b8de89c1

SHA256
97452119a70faf83510d2139795062caee86dd0ef501f6b98c27fb14f6da64bc

SHA512
fc5eb7b8ed57413f7f4102e607601987ad5eeedecbd89e117b24ce569a975c019808f2b3d3f1bcec59968c95041a64d9e8dcd2bea2d23aec037dbc79efddf17e

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Network.dll

Filesize
1.4MB

MD5
b3ede80457909c25262b71ae453e7408

SHA1
a56cbeafd8f8511fe1dbedcf3b53af07d520eea9

SHA256
b3046cbf3aa658acc87d624e9f1298aaad5185f74414a169e64d90c06119fcb8

SHA512
163eda08d7edf2f6938ef4b1b6febbf0bf07acff80491baa953a8fcadf21f54ecd15f040e8f7afd4a852ba43157c79a98ec567c04fb25f50259e40ffcb7eba16

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Qml.dll

Filesize
4.2MB

MD5
be1a124d661f00f0fd7196a3eb86810b

SHA1
9a6285abc7ff3ac502b2f7ae62e5eddd86504f6d

SHA256
19141e82e1287a4082b91c1241b5c0cc7fe11d0da837a7c2c83c728a672b1568

SHA512
52d0aa054ebd1d45d1a246c77910e3a93bf76885e5dbc6b685a7d3e73be1d9b4b47d28be43ff02041a28411fd9f71ffcd8522bd85b49b52aa24bc8d90be777ab

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6QmlModels.dll

Filesize
654KB

MD5
e11c6fdcc3f9ce14e36bb001603af267

SHA1
d4546aafbc0ddce301ff4a8787afb5858728df36

SHA256
13556874b84cdb25f82c827aa00264a2ced6707a665aa67b634980b5a0b00225

SHA512
2715f13e44638bd539a4087cc7a2344665649ac271d64bb60e8689d772494c822f2a95534b649b93d7173955e09de5a1d65686cd43faaa445690495f39d17fa0

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Quick.dll

Filesize
4.8MB

MD5
6f2feb9f1e4a54a655125f73206d6974

SHA1
8647ce547f390db3d9b9d18782baff9a00fe9a54

SHA256
86d67b234c9cd05d128b5d86b39e4068324179190a3b90a04e801a4a4a30d028

SHA512
e019666f320c9c59e344ce234ca629048c5b9528b7dd62b6c8084c892eafc7edf9ddba60fa49588021e3e8e9ef61b56ca8d8cc96458df50c139b81e9120d31de

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Qt6Widgets.dll

Filesize
5.7MB

MD5
bf1007fe1beafc3fd4fd5b6340678d82

SHA1
dc380efa95b200eb21eb25a0e9724bafa0fe5074

SHA256
b670d78dd99d9ccad2122bb1f261e5ef1829a19de79f47660c4a6937ef806d27

SHA512
c311d163333d5a40e0a9dc0e713f120426c34d5018fd3a4be39dbebb4ecbdf8eadc43bd89277a7a69efd7335832e3013f5109123fd6b12069ecf03b934a15ebf

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\QtQuick\Controls\plugins.qmltypes

Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe

Filesize
2.5MB

MD5
5168bfe62abbf5bd97902e055f8c4543

SHA1
fbfd73fcb46abf0401be61b53b6ab3c8fc1266e5

SHA256
4b10250db54c81856621327a59627bd76a3697bc3bf563f239cb6d912abef215

SHA512
05eaa75ac7645511282c738b80e677fe001a32fa698dbe64a54b1701445e99f512d5a69526a316d65ad398fa994dc61a12669dc0200a9c1c3a1f7662ea1a41af

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avcodec-59.dll

Filesize
23.6MB

MD5
5523d0ffa84e2408a3a12ed0a55ae20a

SHA1
361479c4647fbf0f799410d5cf93e84f9fc759d1

SHA256
ea54fd84a516dfc2b85b5f36bf930084a7492ee80a3e56ade404e99f94ed6559

SHA512
c1e80f0e83d0d386ce75416fd1ebd717c7c3422d2d68046502c4feb410980a311ca2da9a947f697209796c5b24883c55335ec9ae01602843e59be6dadf4b1dac

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avcodec-59.dll

Filesize
23.6MB

MD5
eb747d8a9ac4c4d98ebd4eb74e7be5ce

SHA1
673df2fc18047860fc112c423e816e9a0fa6e163

SHA256
567d051d5e0b1342700ccf165d0fb9a5902a5d6feba0c8853e3a60bc3e782aeb

SHA512
33d619d3053a89b07205e508dad245808d26648d5449d75705c8965bb36c1ee6916b249c85dc57e177b9fdcba42c3c0ef386fe217f0e4dc62d1f8c95a6de878a

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avformat-59.dll

Filesize
3.1MB

MD5
09ab83bcbb062156a5230c7bc4d551dd

SHA1
98307490c99e505c7aa6d693e9324b9adec260b1

SHA256
b7cf1bef706620d6c16d15ddfae51974cfa7bde610568a42bc97dde625e4043b

SHA512
522c1466f0acffcb01f43eeb1645b7e4e96b1232230d837e801546344e0bb7799c4a64c6540e0e797be335888eaa9f2690198366b48fcae61d1d640295aa270c

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\avutil-57.dll

Filesize
1.5MB

MD5
b1379390f56c2a34fdab7a3c87d0c592

SHA1
4810e645adb623974380bcd7f1e20879219b9664

SHA256
0d669ea8cbc1e198b9b04082af7436d8c5daaa59af9e9e0fcf4bb122e9556ab2

SHA512
905489b349e2df0a7895a1bcf4629b0bad7b3935b6a798dd1ceb4a87171094fe4f61de545e353521b0f1678ed2fa32a99f88c199f5ef21818ab30bb6bdc8a9e8

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\opencv_world455.dll

Filesize
23.6MB

MD5
8a2ce15eb7cd07a0eade7e0ddc4069bc

SHA1
48f4ece61576701e59a4edf812abd3fdcbb857fe

SHA256
4f30b51ad1e2c25197983fa7ed734d074d3aaa6997d0433feb862d4339ed64cf

SHA512
25f365221f4b94572533804c8c4d36268014ef32c64a6e1beaeb3f3abd9a6aad2a19426dbb94a99fb44bbb5690f7967b80464d0b1521dc42081237c0eebaed2b

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\swscale-6.dll

Filesize
1.1MB

MD5
c9b78a2d629db4cd15cf4ed9d0d61596

SHA1
e8fd514806c6d266a00efe7ded4b1822e12f3255

SHA256
ec1d34de8535bd475ac64fc4ab685fe37910bfa658dc0abbeb2d66b7ed51ebdb

SHA512
fd31db175736a228ebdd3edcb9f0027a4c4539a7952886a91c647588a929f667bf5406c2254a793ff05c44d6168040db8c80ac6a1543ed1b9e757acba4f9e63c

Download Submit
C:\Program Files\Topaz Labs LLC\Topaz Video AI\videoio.dll

Filesize
155KB

MD5
2ca20a6cb767fbf592942568783babc3

SHA1
4ccaeb66d3925ad53434c2b953bfd26fd70c9257

SHA256
2e72985e7bc067f2af4e1c6c3054b1549114af18ccc485387a50bdd670a4d473

SHA512
0ed149f3dfde0bce9d3da92f141f3416e03828e1c31e0de928b063c7c7449d53c36ed7805ff79b0701fcd2f9007c12915bfc9d046799967f2dad63763570383b

Download Submit
C:\ProgramData\Topaz Labs LLC\Topaz Video AI\models\alq-10.json

Filesize
18KB

MD5
03cb8bf548cf5cd92132d66d1e74b604

SHA1
c3282596f6c15bb98a69e77579bdc22d8b3ba416

SHA256
11f5118678363e1f06a53a9aaabf26f188621d754a24afbc3c818968fc347028

SHA512
b601943f28ada3219ae69a804e9d00a2e59aadbc5cf6573c3c1912546cde850b8b81b63c8738560eab97ce28b1c0835524772810412f111d2dae4dec46fb4267

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
072e329403c1fd4de11a63651d866833

SHA1
cabc351df595fbadadd041a22f1db751d4684c31

SHA256
83152651dae6008408f0760a1674006d74a6fa6b33ee91278a3a386d411dd547

SHA512
68fe3505926f697902d97ad95457c4f40ec586f65a4af842ecb30bb0dd862542d72d6135c5759574ab08b4cacabc8cef57a41e509d63cb6dc9001f171c04452c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
727B

MD5
764861b9ff5b866ec2cf9c9d53649b74

SHA1
c9842c9f83f0887c998b49ebe63b221ce55a856f

SHA256
5dba28423dcf9218ffd0eab50e726e3b92292e605798ba999571eb3fe13b338d

SHA512
6b22382f341b409cb048353b205f52dfd941a8b051973cd91cf53b77485b6cc775b464651f70adfc8a18e26bfd43629066facf5d86ea98217ab3cf6eed0bce73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
c4549343ad9027b4840f56e3f209775a

SHA1
1a5bebc865e915d2ebedb62997cd4d65b0ba029d

SHA256
cf001cf291a32a0caa78ad3ee0867a92cfc7e1f25832d7b942368b2b89f192a2

SHA512
31697d38a424cccff3baa641914fa3eb537a60299e32c3ee9857fa06103215333313fd64f64f02ea97393e5e9afaef89cbe66c17614bf54d1e1ac3ebaf47918f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
10e47049f223c4050820fc0b25994845

SHA1
e6074484b13636276bb8b1a10f0655f2407baa4d

SHA256
e84e970cb27d816660e474016550d5d84570b2b6608026e04f060cbfda78548c

SHA512
4459dbdcdd533f45169adbd1a0d465e0d0e34521b6996d3cb8285d9f541c68920e44a2246a3b201a83d48a2defb0c05dc5bb610f60c09c95a140768db76b72e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_622FF18A3B1CFCB8CC579FBC66AAEA0E

Filesize
404B

MD5
3327f96a65144e0b50cd7ca7e3f2b4a5

SHA1
e9af9ddc353f4d591c47c585a43dce876b5d493c

SHA256
c62995a6b2fb2b29767ea603659771a7a6646b25684e45855294adfe57cda8ef

SHA512
eb3586618375f66ec61e82c94eafda38fa9d935bf0d6b0e001459009cf38b38fc278eb927a1ff4646a3ce7e1a61ff2d172261b44e6be8eb447d65d25efafe759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
60491afa94faf7c3fdadf844bcf281fb

SHA1
a145e173ff10f281a2933d620f6c2cb59140c7ac

SHA256
562898740a3ebca53e5f6887f74e64caf67cd77241d1891e7ec4dd337b630edd

SHA512
6b8882939a4df752b6106a247424a791c930de81f466176a9f3e69140e0674e1b0b8d40bd86a8e4e183fd41d672d2afdfc1f56affcd180a2bf9104d749bf8c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
51df2e0ee7bbdeb947f661c5da8417f5

SHA1
8b504516f2c0f658fb3e52ab66782e134e392e47

SHA256
13748e735758d4fd53382c868751dd2206845a744353289387356fb3fab15235

SHA512
89a7f8fb4643c8dbf9e0130ddd2362e908edb0cd22171971966db7aa755f0a085c7e9375251d8baa3fcb04b7bb29acb686a0a4dff5d44a208d362ccb4da3481c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5698173b87f2d385d50160eff6b64a9e

SHA1
bc009e5be2c81065f8f7759a222fe0b5607d52da

SHA256
b4b07a2afb1f9a38d1349129abc368122d88438fdd8f928971bb5529fda028ba

SHA512
9dacad1d6db2df82d71fb95cb1caa66ec2b75ddc1a2367560f565e607aa8d458e0354673ae00e0176a54e3aec35322dc29dd3b4971294e42d1cde65734ba1f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ea66a4f8f76087d87ce159bb8541ac33

SHA1
405f1e9366c073048ac6cb04085db39c4bba3571

SHA256
e11039e26dde409f7ed7a3f92c4c1b0cdf3a5127dfc4e0453c23a9d1262d91aa

SHA512
a18b9be7c5d1c00529268ab7fd4aacd81b37ca67934bd0ea09bb3da9de610996a6f1f1ab0045506e9f66390fda6f027c5811ce9ceb678f038eea1b52f9112010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e79e8f7e287d3919474d4230cb5352dc

SHA1
2ba29b97bfcd7df8a2b04acb0ed76701bba98745

SHA256
a44520e3b93f9d14d94e07a23bd8ee0bf5d026cfc4b41605279c919396c467ee

SHA512
12a516cd7dd4ef19f889d8a03a15cf55c517fbe378eedc88a40926b4793027fb30b2f507504cf96b04129156b0edb8a64e3311433bee525f6d5c4e0bf8f2e38b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ea159cd1d873baf6f2d426f3bda0d917

SHA1
0e8301d377f2d564ecd116b375a9646b558d9348

SHA256
4f38499b551bea88112b67b2aa642732943efc0a72aed163be26f0f93520e87a

SHA512
fcefaf8b0793b87d17a7a3fe40febfe0eb6377ca1e0a8ed7e1d8acd1a0077b89a778180309aaa3a6c77dc75e5ed1b01c7ee704f5f51ea33cca10c3dd616e5587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9d56571c8e889f061595be5c2b0229d1

SHA1
f26780dd15cc6e276505f4f6c70eab7e2152f0fd

SHA256
685084657e4cde5c5620f2c455d5dc32708c1f01e3a2fdb44e3018dc523d154b

SHA512
ca701f498b909f5a9cf8ae513662e95d52dfebbebf2d9df57160195c11ae9a4b7b0a443e6e5b8f86b0e0a48ecefb37100b5dcd1e5960bd77d148f8681d3063a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d1cf0019ac56628aeda49c4bec9962ec

SHA1
b0cb1b5183997d06227b98bd33e4f17a1fe1ae4d

SHA256
bc88f06b9128b37a975cf085cd01098a4c87f406544c48450999ec1012c84fd6

SHA512
9dabf47e5a7af14b3a32f593011e57a2406a307ee7dc527b02c61274fc7893d80f1c02cc7fbfdee71195878bbf06a07d305d645c6caab595239ce0c17a2b1e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
59f9061479c181958d0ef40e24f0c254

SHA1
1a329da658bc8636485316e01f0d34aac8ecc079

SHA256
c59c25f1c4a381ae87ade9e722db20b90f40af10398928d6768bffd16665bba5

SHA512
f81c62f7f11d7ef818fba5d1f1dd91e273a5c7a9980cf7466fa610332944ebb0011ce0721e4cb5ad2683848912e37f0ef81f7f2ccdb6bc82bcb58b3f16241980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e091281a33cdfea9f95a88a9d9fbd2fa

SHA1
41cdaea490db2b04e445e45faa4868c0e902168b

SHA256
5e3dbd47355abf1a9f16d09c2dec04cfe2311201abfd0b33bbfa53afc53e0c9f

SHA512
02ebd09368c0a0a3e99696b69b8ab8b3ae10714cafc19a70d26e1148159fd736841188958e4c1edc35621ad25a810288d2f195ab78e7454d2ec7ec0ad331b91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d0481f9a33db42c8e18b41bae6edea6f

SHA1
d8e56667a396c12527672e6a265ab7d94e2c6f68

SHA256
d6030d1f13d78bbdbeaa3a3c44872e17dc83133ada0dea86db02a3aad3e3393f

SHA512
e1489af221448f395dbff7f289e5d1047b59391963a239b19e6e5dacc7650d3d62bcc7b3f5f2073dd38c2ae21c1ca1d0dd99e69584a5de715855f49894327011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580124.TMP

Filesize
48B

MD5
d451f51d79d745bc1a234f58bdd56953

SHA1
a9f1c85910f0835e158b10ebb0fd2da4047e8053

SHA256
5e9f71d25904aac416f1191e06ca95a1ba10cea3e337b71b64004932b30f33fd

SHA512
e25d1f5c0f9eaf3f06ba0401effb7bc7826210d8e97e92784671d53b2f1c8af3c1ae57d44bc723bd9536903f19cde09a897d069927e2801b1f2940df6707feab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
680170078573adec1081b7d099f1628d

SHA1
e39b258839cc9185e8ce99ff2cc66b1916c3a8b8

SHA256
7bdab4f3de3e16303bb38138edf1ac02e853cabfe3dcc2dd6120c33b3852d3c3

SHA512
3e59e6d07b6b164e9b49dbefaa4f39830f989a410f70e028f00023d27a36d8700c71f1d243f88f6f3c86c85aef4e7121c679484f2386782d1959ede1764df1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
600312492a7807a5002a55158c9f6fee

SHA1
42da4293382a9fe767a7edf61f31adf37a5a303a

SHA256
5374677a9d3c07f7fc0b1dfda986e9857ca8a19c312afafd487f0b0bd026f32d

SHA512
3dcd4470d8f933ca4c890909303da1d0366e125e99898d6a6684151cfa146a19ae83293434477bcd8ca418d35e9beca141bd03d9455d626d2c7762001f418064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
675b4f75b135318ac3594831904f4c11

SHA1
94c7aa77644fe021a0856341a53899c5dc6e6eac

SHA256
6cd1e081cd5497d2cbac25d1010b4c5abdbdb9e0daa4a742d9f7c7dc8f64f279

SHA512
e316a9ffd8905ef67db7722b46ee2585f535889a59bdec9b3e608ed442f46b1e6f7c8b4c9ba1d123988ee1f4ea4aa5d03d20ae49914c26aa03a30cebabd07ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0d5cca28d1f8bd4e0d488b711cc37d54

SHA1
76fc02067a9ed71432d4bd03d079b5840df5737c

SHA256
0f3bfd15ccca47376a630e85baca37c394ea823c60cc423cd774dc4af4243b83

SHA512
389ad1ef2f570235600ea1d75482f387a75ae3cf6c92e160963e2dd4fed55896eb7d493ecd1251c20b90dc0b6bd2977c3cc58ea371868448a1e417b8b0809bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI240.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE7A2.tmp

Filesize
1.0MB

MD5
1bb5afe18815f2ca0ef94be920211ca2

SHA1
4d662bb7f8d40f18deacc3cbb8258ad2fdc3ead7

SHA256
0695edc556bab3ff8d47db39933b00ee36081b1ebc8dadb443895fb0c83e7389

SHA512
a8bc7c763339c8047fbe7545e60c56f8123460d8e1a501b8ce47a66d8e1a26c949ef98dfe2b065405b013a91eff03cd6066db878881b8005c23af0cae0c1109b

Download Submit
C:\Users\Admin\Downloads\Topaz AI download + settings\Read first.txt

Filesize
241B

MD5
d9448c6add408944183cec55ced32ef8

SHA1
37f9f95aff58cc904b0bd8f221238a926e0f47be

SHA256
e367f4428bc932ba57b35910fa64a708944900f8df406bcff091211aece97028

SHA512
ac0452029e3262aa52f22d5a84d678424ca6428ee71c176b9d906f9ab4f121ca7108fb815482192757b75f396570edaa2fa56d31f3171a045c6606fb5e0680ff

Download Submit
C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Crack Fix\Crack Fix.zip

Filesize
538KB

MD5
94d076b339d12bf146417634483bb58a

SHA1
72e600e87dbb2ff86fc44d6870f703d63ca2f0f6

SHA256
3ec06dba3310631ce2c2bf567d360989973f2be7eef9a10f39065ab179f693d1

SHA512
31b8ccd6c9fa5ed512d4d00a54f8e5838138926cae4b8c8a856ee1495ddd2e7c7be3b36a35d0d5cbd4cf8a37b75b929233c4f791a76aaa19cfc17654bc9fa6f8

Download Submit
C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Crack Fix\login.exe

Filesize
4KB

MD5
17ecf1d0a235427c5481879c00c79b7e

SHA1
affad21cdbcbe0b49220109ceabcad9db2a3cc9a

SHA256
f7d277f2fd97089eab7e05fb7691548a3d3d22e20aa66a6a27a92df17b44ba06

SHA512
f02d40c671232c89a0166f0252d2cca082772fb3b494c100871084001c2e1960e0d66da783ef548c3747f5f204741e288f9018bdda1579b5a5a81c2db7c02bc8

Download Submit
C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Crack Fix\videoai.dll.BAK

Filesize
474KB

MD5
22a0e56cc30079a7738d0566bea9c1ec

SHA1
5005076c350f97759e4ab3423318dd5399e6d32c

SHA256
2fb1ca920cc3c73ece6776a3aaf10626d422b8b84092f62e771f906301762023

SHA512
4be548e50a5517d1f24e78bd05bc80204d28def4375decf50304c250ca49a70b8a5bd3cd81edb305928ca956fd00bdcbe3d9b21aa9bf883ec6e6752f0915f7ee

Download Submit
C:\Users\Admin\Downloads\Topaz AI download + settings\Topaz_Video_AI_v3.0.5\Instructions! .txt

Filesize
351B

MD5
23773b3a95bdb06a82f9714ef3cc47d2

SHA1
78e11bf06cd72a95abf38ec225e93991abafca8b

SHA256
092fb28064a96464fdbe0de3060af3e9ad1e6cacfb984c4f0d18591c0cd75d1d

SHA512
1b9108d6baccd858d2602e8519cff408cae900f304c9cf7b33228e81f5deae7175fc19682cdc71e3fb56513fb72efcd4fd418dc6bb26e2fb3f74f27ba26963b0

Download Submit
memory/1784-1552-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1525-0x0000017BB41B0000-0x0000017BB41B1000-memory.dmp

Filesize
4KB

Download
memory/1784-1553-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1556-0x0000017BB4690000-0x0000017BB4691000-memory.dmp

Filesize
4KB

Download
memory/1784-1551-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1550-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1549-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1548-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1547-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1546-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1545-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1544-0x0000017BB41D0000-0x0000017BB41D1000-memory.dmp

Filesize
4KB

Download
memory/1784-1543-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1541-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1540-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1539-0x0000017BB41D0000-0x0000017BB41D1000-memory.dmp

Filesize
4KB

Download
memory/1784-1538-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1537-0x0000017BB41E0000-0x0000017BB41E1000-memory.dmp

Filesize
4KB

Download
memory/1784-1535-0x0000017BB41D0000-0x0000017BB41D1000-memory.dmp

Filesize
4KB

Download
memory/1784-1534-0x0000017BB41D0000-0x0000017BB41D1000-memory.dmp

Filesize
4KB

Download
memory/1784-1533-0x0000017BB41D0000-0x0000017BB41D1000-memory.dmp

Filesize
4KB

Download
memory/1784-1531-0x0000017BB41C0000-0x0000017BB41C1000-memory.dmp

Filesize
4KB

Download
memory/1784-1530-0x0000017BB41C0000-0x0000017BB41C1000-memory.dmp

Filesize
4KB

Download
memory/1784-1529-0x0000017BB41C0000-0x0000017BB41C1000-memory.dmp

Filesize
4KB

Download
memory/1784-1528-0x0000017BB41C0000-0x0000017BB41C1000-memory.dmp

Filesize
4KB

Download
memory/1784-1527-0x0000017BB41C0000-0x0000017BB41C1000-memory.dmp

Filesize
4KB

Download
memory/1784-1526-0x0000017BB41B0000-0x0000017BB41B1000-memory.dmp

Filesize
4KB

Download
memory/1784-1554-0x0000017BB41F0000-0x0000017BB41F1000-memory.dmp

Filesize
4KB

Download
memory/1784-1524-0x0000017BB41C0000-0x0000017BB41C1000-memory.dmp

Filesize
4KB

Download
memory/1784-1522-0x0000017BB41B0000-0x0000017BB41B1000-memory.dmp

Filesize
4KB

Download
memory/1784-1521-0x0000017BB41B0000-0x0000017BB41B1000-memory.dmp

Filesize
4KB

Download
memory/1784-1520-0x0000017BB41B0000-0x0000017BB41B1000-memory.dmp

Filesize
4KB

Download
memory/1784-1519-0x0000017BB41B0000-0x0000017BB41B1000-memory.dmp

Filesize
4KB

Download
memory/1784-1517-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1516-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1515-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1514-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1511-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1510-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1508-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1507-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1506-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1505-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1504-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1503-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1502-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1501-0x0000017BB3C90000-0x0000017BB3C91000-memory.dmp

Filesize
4KB

Download
memory/1784-1557-0x0000017BB4690000-0x0000017BB4691000-memory.dmp

Filesize
4KB

Download
memory/1784-1558-0x0000017BB4690000-0x0000017BB4691000-memory.dmp

Filesize
4KB

Download
memory/1784-1512-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1513-0x0000017BB3CA0000-0x0000017BB3CA1000-memory.dmp

Filesize
4KB

Download
memory/1784-1206-0x0000017BB0BA0000-0x0000017BB0FE0000-memory.dmp

Filesize
4.2MB

Download
memory/1784-1208-0x0000017BB0FE0000-0x0000017BB11E0000-memory.dmp

Filesize
2.0MB

Download
memory/1784-1205-0x00007FFFE41D0000-0x00007FFFE4694000-memory.dmp

Filesize
4.8MB

Download
memory/1784-1203-0x00007FFFE46A0000-0x00007FFFE4C5F000-memory.dmp

Filesize
5.7MB

Download
memory/2872-1165-0x0000026C54380000-0x0000026C54386000-memory.dmp

Filesize
24KB

Download