d50ad141854cca0a356de2c38f533ae4e87bb9379d96f656f12fb75c94024cc8

Analysis

max time kernel
1799s
max time network
1173s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
02-07-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]/VoicemodSetup_2.6.0.7.exe
Size

64.4MB
MD5

ac5c87490c1d1949dfe6f50ee007e6ea
SHA1

ecca4b6ea32fa0af34b739a1c9e93cc400651091
SHA256

7ff3b571ce5e9853333c9a1bda22070755c4ac579b9aa785e56db315e851e32d
SHA512

6ad0c745b3e49eab9587b13135261be98a858d24f797a200217a3eadb65d8219ea51535cc64426187e8cbc9a030e3998011842c18d348037e6b2dc57f1efa24d
SSDEEP

1572864:jSJjRAbmycmDxlBFllh8LRdKKPGleP6YDmq5glXg4Y:giyyXPrlhSdCQCYDVglw4Y

Score

8^/10

microsoft discovery evasion execution persistence phishing privilege_escalation

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell and hide display window.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

804 powershell.exe

pid	process
804	powershell.exe

Drops file in Drivers directory 11 IoCs

Processes:

DrvInst.exeDrvInst.exeDrvInst.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\mvvad.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\SETFF99.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\SETB4A0.tmp	DrvInst.exe
File created	C:\Windows\system32\drivers\SETB4A0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe
File created	C:\Windows\system32\drivers\SETFF99.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\vmdrv.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\vmdrv.sys	DrvInst.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

VoicemodSetup_2.6.0.7.tmp

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Voicemod = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\""	VoicemodSetup_2.6.0.7.tmp

Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 3 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exenetsh.exe

pid process

952 netsh.exe
4836 netsh.exe
868 netsh.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft

pid	process
952	netsh.exe
4836	netsh.exe
868	netsh.exe

Drops file in System32 directory 37 IoCs

Processes:

voicemodcon.exeDrvInst.exevoicemodcon.exeDrvInst.exeDrvInst.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.PNF	voicemodcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3B6.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.PNF	voicemodcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C8.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE02.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3B6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE13.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C7.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE02.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE13.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C7.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C8.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE14.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE14.tmp	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

VoicemodSetup_2.6.0.7.tmpVoicemodUpdate_2.43.2.0.tmpSaveDefaultDevices.exe

description	ioc	process
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Http.Abstractions.dll	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\is-RQMM0.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\driver\is-13I0J.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-KU4P7.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-CC9H9.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-63L28.tmp	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\System.Data.SQLite.dll	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\is-OA0BS.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-C2BR8.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Routing.Abstractions.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\cef.pak	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\System.Memory.dll	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\driver\is-S3RHU.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\is-LTT5A.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-22GR2.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\driver\is-0P2E8.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-C21LP.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-TOV9I.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-C61VV.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\CefSharp.Core.Runtime.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\zh\AutoUpdater.NET.resources.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.IdentityModel.JsonWebTokens.dll	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\CefSharp.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\icudtl.dat	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Hosting.Abstractions.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.IdentityModel.JsonWebTokens.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\locales\fr.pak	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-I08TN.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-SE51G.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\is-1BULT.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-9POP4.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-JSM0L.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-AME0F.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-76P5B.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-SA2EM.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Localization.Abstractions.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\locales\da.pak	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-CM5JL.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-6KAFJ.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-L5PDO.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\is-6IRB4.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Https.dll	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-5IQUK.tmp	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\NLog.dll	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\locales\kn.pak	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-EV0PN.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-SH9OB.tmp	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.EnvironmentVariables.dll	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\is-T9GJK.tmp	VoicemodSetup_2.6.0.7.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-676HD.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Hosting.Abstractions.dll	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-K663C.tmp	VoicemodSetup_2.6.0.7.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\locales\de.pak	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\locales\is-RGU0Q.tmp	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\locales\am.pak	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\driver\is-KGHTU.tmp	VoicemodUpdate_2.43.2.0.tmp
File created	C:\Program Files\Voicemod Desktop\is-QDR95.tmp	VoicemodUpdate_2.43.2.0.tmp
File opened for modification	C:\Program Files\Voicemod Desktop\driver\defaultdevices.txt	SaveDefaultDevices.exe
File opened for modification	C:\Program Files\Voicemod Desktop\d3dcompiler_47.dll	VoicemodSetup_2.6.0.7.tmp

Drops file in Windows directory 21 IoCs

Processes:

voicemodcon.exeDrvInst.exevoicemodcon.exeDrvInst.exevoicemodcon.exeDrvInst.exeDrvInst.exeDrvInst.exevoicemodcon.exevoicemodcon.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.dev.log	voicemodcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem0.PNF	voicemodcon.exe
File created	C:\Windows\INF\c_media.PNF	voicemodcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	voicemodcon.exe
File opened for modification	C:\Windows\security\logs\scecomp.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem1.PNF	voicemodcon.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	voicemodcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.pnf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	voicemodcon.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\INF\oem2.PNF	voicemodcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe

Executes dropped EXE 31 IoCs

Processes:

VoicemodSetup_2.6.0.7.tmpSaveDefaultDevices.exevoicemodcon.exevoicemodcon.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodUpdate_2.43.2.0.exeVoicemodUpdate_2.43.2.0.tmpSaveDefaultDevices.exevoicemodcon.exevoicemodcon.exevoicemodcon.exevoicemodcon.exeAudioEndPointTool.exeAudioEndPointTool.exeAudioEndPointTool.exevoicemodcon.exeAudioEndPointTool.exeAudioEndPointTool.exeAudioEndPointTool.exeAudioEndPointTool.exeAudioEndPointTool.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exe

pid	process
2200	VoicemodSetup_2.6.0.7.tmp
4628	SaveDefaultDevices.exe
1980	voicemodcon.exe
3716	voicemodcon.exe
2464	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
588	VoicemodUpdate_2.43.2.0.exe
5064	VoicemodUpdate_2.43.2.0.tmp
4080	SaveDefaultDevices.exe
5044	voicemodcon.exe
2664	voicemodcon.exe
4184	voicemodcon.exe
4708	voicemodcon.exe
4908	AudioEndPointTool.exe
2444	AudioEndPointTool.exe
4680	AudioEndPointTool.exe
2924	voicemodcon.exe
460	AudioEndPointTool.exe
2284	AudioEndPointTool.exe
2352	AudioEndPointTool.exe
1308	AudioEndPointTool.exe
2584	AudioEndPointTool.exe
2660	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
348	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
1084	VoicemodDesktop.exe
2140	VoicemodDesktop.exe
1328	VoicemodDesktop.exe

Loads dropped DLL 64 IoCs

Processes:

VoicemodSetup_2.6.0.7.tmpVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodUpdate_2.43.2.0.tmpVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exe

pid	process
2200	VoicemodSetup_2.6.0.7.tmp
2200	VoicemodSetup_2.6.0.7.tmp
2200	VoicemodSetup_2.6.0.7.tmp
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
2464	VoicemodDesktop.exe
5064	VoicemodUpdate_2.43.2.0.tmp
5064	VoicemodUpdate_2.43.2.0.tmp
5064	VoicemodUpdate_2.43.2.0.tmp
2660	VoicemodDesktop.exe
2660	VoicemodDesktop.exe
2660	VoicemodDesktop.exe
2660	VoicemodDesktop.exe
2660	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
348	VoicemodDesktop.exe
348	VoicemodDesktop.exe
348	VoicemodDesktop.exe
348	VoicemodDesktop.exe
348	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
348	VoicemodDesktop.exe
348	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exenetsh.exenetsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DrvInst.exevoicemodcon.exevoicemodcon.exeDrvInst.exevoicemodcon.exevoicemodcon.exeDrvInst.exeDrvInst.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	voicemodcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	voicemodcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exe

pid process

4660 tasklist.exe
1960 tasklist.exe
3756 tasklist.exe

pid	process
4660	tasklist.exe
1960	tasklist.exe
3756	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

DrvInst.exeDrvInst.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe

Modifies registry class 27 IoCs

Processes:

VoicemodUpdate_2.43.2.0.tmppowershell.exemsedge.exemsedge.exeVoicemodSetup_2.6.0.7.tmpVoicemodDesktop.exeMiniSearchHost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1"	VoicemodUpdate_2.43.2.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{4D59E0E2-5AF5-41BD-84D0-D7C85F8F62B0}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\""	VoicemodSetup_2.6.0.7.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\""	VoicemodUpdate_2.43.2.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod	VoicemodSetup_2.6.0.7.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol	VoicemodSetup_2.6.0.7.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{2EF04503-52A5-48DE-868F-07A2116C00A3}	VoicemodDesktop.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon	VoicemodUpdate_2.43.2.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1"	VoicemodSetup_2.6.0.7.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command	VoicemodSetup_2.6.0.7.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol"	VoicemodUpdate_2.43.2.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol"	VoicemodSetup_2.6.0.7.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon	VoicemodSetup_2.6.0.7.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open	VoicemodSetup_2.6.0.7.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod	VoicemodUpdate_2.43.2.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol	VoicemodUpdate_2.43.2.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command	VoicemodUpdate_2.43.2.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell	VoicemodSetup_2.6.0.7.tmp

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

VoicemodDesktop.exeVoicemodDesktop.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	VoicemodDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	VoicemodDesktop.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	VoicemodDesktop.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	VoicemodDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	VoicemodDesktop.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	VoicemodDesktop.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

Processes:

VoicemodSetup_2.6.0.7.tmpVoicemodDesktop.exeVoicemodDesktop.exeVoicemodUpdate_2.43.2.0.tmppowershell.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exemsedge.exemsedge.exemsedge.exeidentity_helper.exeVoicemodDesktop.exemsedge.exemsedge.exemsedge.exe

pid	process
2200	VoicemodSetup_2.6.0.7.tmp
2200	VoicemodSetup_2.6.0.7.tmp
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
2900	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
3628	VoicemodDesktop.exe
5064	VoicemodUpdate_2.43.2.0.tmp
5064	VoicemodUpdate_2.43.2.0.tmp
804	powershell.exe
804	powershell.exe
1984	VoicemodDesktop.exe
1984	VoicemodDesktop.exe
348	VoicemodDesktop.exe
348	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2160	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2032	VoicemodDesktop.exe
2660	VoicemodDesktop.exe
1084	VoicemodDesktop.exe
1084	VoicemodDesktop.exe
2140	VoicemodDesktop.exe
2140	VoicemodDesktop.exe
3000	msedge.exe
3000	msedge.exe
3568	msedge.exe
3568	msedge.exe
5440	msedge.exe
5440	msedge.exe
5624	identity_helper.exe
5624	identity_helper.exe
1328	VoicemodDesktop.exe
1328	VoicemodDesktop.exe
1328	VoicemodDesktop.exe
1328	VoicemodDesktop.exe
1328	VoicemodDesktop.exe
1328	VoicemodDesktop.exe
1328	VoicemodDesktop.exe
5052	msedge.exe
5484	msedge.exe
5484	msedge.exe
2660	VoicemodDesktop.exe
2660	VoicemodDesktop.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

Processes:

msedge.exe

pid	process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

tasklist.exetasklist.exesvchost.exevoicemodcon.exeDrvInst.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeAUDIODG.EXEtasklist.exepowershell.exevoicemodcon.exevoicemodcon.exeDrvInst.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exeVoicemodDesktop.exe

description	pid	process
Token: SeDebugPrivilege	3756	tasklist.exe
Token: SeDebugPrivilege	4660	tasklist.exe
Token: SeAuditPrivilege	1456	svchost.exe
Token: SeSecurityPrivilege	1456	svchost.exe
Token: SeLoadDriverPrivilege	3716	voicemodcon.exe
Token: SeRestorePrivilege	2732	DrvInst.exe
Token: SeBackupPrivilege	2732	DrvInst.exe
Token: SeRestorePrivilege	2732	DrvInst.exe
Token: SeBackupPrivilege	2732	DrvInst.exe
Token: SeRestorePrivilege	2732	DrvInst.exe
Token: SeBackupPrivilege	2732	DrvInst.exe
Token: SeLoadDriverPrivilege	2732	DrvInst.exe
Token: SeLoadDriverPrivilege	2732	DrvInst.exe
Token: SeLoadDriverPrivilege	2732	DrvInst.exe
Token: SeDebugPrivilege	2464	VoicemodDesktop.exe
Token: SeDebugPrivilege	2900	VoicemodDesktop.exe
Token: SeDebugPrivilege	3628	VoicemodDesktop.exe
Token: 33	3140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3140	AUDIODG.EXE
Token: SeDebugPrivilege	1960	tasklist.exe
Token: SeDebugPrivilege	804	powershell.exe
Token: SeLoadDriverPrivilege	2664	voicemodcon.exe
Token: SeLoadDriverPrivilege	2664	voicemodcon.exe
Token: SeLoadDriverPrivilege	2924	voicemodcon.exe
Token: SeRestorePrivilege	3100	DrvInst.exe
Token: SeBackupPrivilege	3100	DrvInst.exe
Token: SeRestorePrivilege	3100	DrvInst.exe
Token: SeBackupPrivilege	3100	DrvInst.exe
Token: SeRestorePrivilege	3100	DrvInst.exe
Token: SeBackupPrivilege	3100	DrvInst.exe
Token: SeLoadDriverPrivilege	3100	DrvInst.exe
Token: SeLoadDriverPrivilege	3100	DrvInst.exe
Token: SeLoadDriverPrivilege	3100	DrvInst.exe
Token: SeDebugPrivilege	2660	VoicemodDesktop.exe
Token: SeDebugPrivilege	1984	VoicemodDesktop.exe
Token: SeDebugPrivilege	348	VoicemodDesktop.exe
Token: SeDebugPrivilege	2032	VoicemodDesktop.exe
Token: SeDebugPrivilege	2160	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeDebugPrivilege	1084	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeDebugPrivilege	2140	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe
Token: SeShutdownPrivilege	2660	VoicemodDesktop.exe
Token: SeCreatePagefilePrivilege	2660	VoicemodDesktop.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

VoicemodSetup_2.6.0.7.tmpVoicemodUpdate_2.43.2.0.tmpmsedge.exe

pid	process
2200	VoicemodSetup_2.6.0.7.tmp
5064	VoicemodUpdate_2.43.2.0.tmp
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exe

pid	process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

1052 MiniSearchHost.exe

pid	process
1052	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

VoicemodSetup_2.6.0.7.exeVoicemodSetup_2.6.0.7.tmpcmd.execmd.execmd.exenet.exenet.execmd.exenet.exenet.exenet.exesvchost.exe

description	pid	process	target process
PID 1960 wrote to memory of 2200	1960	VoicemodSetup_2.6.0.7.exe	VoicemodSetup_2.6.0.7.tmp
PID 1960 wrote to memory of 2200	1960	VoicemodSetup_2.6.0.7.exe	VoicemodSetup_2.6.0.7.tmp
PID 1960 wrote to memory of 2200	1960	VoicemodSetup_2.6.0.7.exe	VoicemodSetup_2.6.0.7.tmp
PID 2200 wrote to memory of 2788	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2788	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2172	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2172	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4636	2200	VoicemodSetup_2.6.0.7.tmp	cmd.exe
PID 2200 wrote to memory of 4636	2200	VoicemodSetup_2.6.0.7.tmp	cmd.exe
PID 4636 wrote to memory of 3756	4636	cmd.exe	tasklist.exe
PID 4636 wrote to memory of 3756	4636	cmd.exe	tasklist.exe
PID 2200 wrote to memory of 3924	2200	VoicemodSetup_2.6.0.7.tmp	cmd.exe
PID 2200 wrote to memory of 3924	2200	VoicemodSetup_2.6.0.7.tmp	cmd.exe
PID 3924 wrote to memory of 4660	3924	cmd.exe	tasklist.exe
PID 3924 wrote to memory of 4660	3924	cmd.exe	tasklist.exe
PID 2200 wrote to memory of 4252	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4252	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4040	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4040	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 1604	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 1604	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4380	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4380	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 1376	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 1376	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2368	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2368	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2584	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 2584	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 3936	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 3936	2200	VoicemodSetup_2.6.0.7.tmp	curl.exe
PID 2200 wrote to memory of 4628	2200	VoicemodSetup_2.6.0.7.tmp	SaveDefaultDevices.exe
PID 2200 wrote to memory of 4628	2200	VoicemodSetup_2.6.0.7.tmp	SaveDefaultDevices.exe
PID 2200 wrote to memory of 4552	2200	VoicemodSetup_2.6.0.7.tmp	cmd.exe
PID 2200 wrote to memory of 4552	2200	VoicemodSetup_2.6.0.7.tmp	cmd.exe
PID 4552 wrote to memory of 3624	4552	cmd.exe	net.exe
PID 4552 wrote to memory of 3624	4552	cmd.exe	net.exe
PID 3624 wrote to memory of 764	3624	net.exe	net1.exe
PID 3624 wrote to memory of 764	3624	net.exe	net1.exe
PID 4552 wrote to memory of 4748	4552	cmd.exe	net.exe
PID 4552 wrote to memory of 4748	4552	cmd.exe	net.exe
PID 4748 wrote to memory of 2924	4748	net.exe	net1.exe
PID 4748 wrote to memory of 2924	4748	net.exe	net1.exe
PID 4552 wrote to memory of 1116	4552	cmd.exe	cmd.exe
PID 4552 wrote to memory of 1116	4552	cmd.exe	cmd.exe
PID 1116 wrote to memory of 1980	1116	cmd.exe	voicemodcon.exe
PID 1116 wrote to memory of 1980	1116	cmd.exe	voicemodcon.exe
PID 4552 wrote to memory of 1984	4552	cmd.exe	net.exe
PID 4552 wrote to memory of 1984	4552	cmd.exe	net.exe
PID 1984 wrote to memory of 3972	1984	net.exe	net1.exe
PID 1984 wrote to memory of 3972	1984	net.exe	net1.exe
PID 4552 wrote to memory of 2992	4552	cmd.exe	net.exe
PID 4552 wrote to memory of 2992	4552	cmd.exe	net.exe
PID 2992 wrote to memory of 4716	2992	net.exe	net1.exe
PID 2992 wrote to memory of 4716	2992	net.exe	net1.exe
PID 4552 wrote to memory of 3464	4552	cmd.exe	net.exe
PID 4552 wrote to memory of 3464	4552	cmd.exe	net.exe
PID 3464 wrote to memory of 3796	3464	net.exe	net1.exe
PID 3464 wrote to memory of 3796	3464	net.exe	net1.exe
PID 4552 wrote to memory of 3716	4552	cmd.exe	voicemodcon.exe
PID 4552 wrote to memory of 3716	4552	cmd.exe	voicemodcon.exe
PID 1456 wrote to memory of 3180	1456	svchost.exe	DrvInst.exe
PID 1456 wrote to memory of 3180	1456	svchost.exe	DrvInst.exe
PID 1456 wrote to memory of 2732	1456	svchost.exe	DrvInst.exe

C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960

C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$6020A,66753197,750080,C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"
2⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2200

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=15439030-dbba-449d-b460-326ebc585651 -o C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\deviceId.txt
3⤵
PID:2788

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:2172

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
3⤵
- Suspicious use of WriteProcessMemory
PID:4636

C:\Windows\system32\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3756

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
3⤵
- Suspicious use of WriteProcessMemory
PID:3924

C:\Windows\system32\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4660

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:4252

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpLicense\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:4040

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectDir\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"6\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:1604

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectTasks\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"9\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:4380

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:1376

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:2368

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:2584

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:3936

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt
3⤵
- Executes dropped EXE
PID:4628

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""
3⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Windows\system32\net.exe
net stop audiosrv /y
4⤵
- Suspicious use of WriteProcessMemory
PID:3624

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
5⤵
PID:764

C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
4⤵
- Suspicious use of WriteProcessMemory
PID:4748

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
5⤵
PID:2924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
4⤵
- Suspicious use of WriteProcessMemory
PID:1116

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
5⤵
- Drops file in Windows directory
- Executes dropped EXE
PID:1980

C:\Windows\system32\net.exe
net start audiosrv
4⤵
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
5⤵
PID:3972

C:\Windows\system32\net.exe
net stop audiosrv /y
4⤵
- Suspicious use of WriteProcessMemory
PID:2992

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
5⤵
PID:4716

C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
4⤵
- Suspicious use of WriteProcessMemory
PID:3464

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
5⤵
PID:3796

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon install vmdrv.inf *VMDriver
4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3716

C:\Windows\system32\net.exe
net start audiosrv
4⤵
PID:3568

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
5⤵
PID:1664

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:3288

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:3220

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:2464

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --field-trial-handle=76368,9746115217409457502,988163329435870738,131072 --no-sandbox --disable-gpu-vsync=1 --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --lang=en-US --cefsharpexitsub --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --service-request-channel-token=8974918378777404042 --mojo-platform-channel-handle=67704 /prefetch:2 --host-process-id=2464 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --field-trial-handle=76368,9746115217409457502,988163329435870738,131072 --disable-gpu-compositing --service-pipe-token=13316085170771774197 --lang=en-US --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --enable-system-flash=1 --cefsharpexitsub --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=13316085170771774197 --renderer-client-id=3 --mojo-platform-channel-handle=115844 /prefetch:1 --host-process-id=2464 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3628

C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe" /NOCANCEL /SILENT
4⤵
- Executes dropped EXE
PID:588

C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp" /SL5="$50250,115887019,720896,C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe" /NOCANCEL /SILENT
5⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:5064

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=15439030-dbba-449d-b460-326ebc585651 -o C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\deviceId.txt
6⤵
PID:2560

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:348

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
6⤵
PID:4736

C:\Windows\system32\tasklist.exe
tasklist
7⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1960

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:4112

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:1532

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:4988

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:2936

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:1984

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt
6⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:4080

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""
6⤵
PID:5048

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process 'setupDrvAdmin.bat' -Verb runAs -WindowStyle Hidden -Wait"
7⤵
- Command and Scripting Interpreter: PowerShell
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:804

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Program Files\Voicemod Desktop\driver\setupDrvAdmin.bat"
8⤵
PID:4348

C:\Windows\system32\net.exe
net stop audiosrv /y
9⤵
PID:3000

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
10⤵
PID:2492

C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
9⤵
PID:4968

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
10⤵
PID:2464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
9⤵
PID:3044

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
10⤵
- Executes dropped EXE
PID:5044

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe remove *VMDriver
9⤵
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2664

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_delete oem3.inf
9⤵
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
9⤵
PID:2296

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
10⤵
- Executes dropped EXE
PID:4708

C:\Windows\system32\net.exe
net start audiosrv
9⤵
PID:3860

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
10⤵
PID:4304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID
9⤵
PID:1116

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID
10⤵
- Executes dropped EXE
PID:4908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID
9⤵
PID:4620

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID
10⤵
- Executes dropped EXE
PID:2444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID
9⤵
PID:4844

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID
10⤵
- Executes dropped EXE
PID:4680

C:\Windows\system32\net.exe
net stop audiosrv /y
9⤵
PID:3524

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
10⤵
PID:3016

C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
9⤵
PID:1928

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
10⤵
PID:4040

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon install mvvad.inf *VMDriver
9⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2924

C:\Windows\system32\net.exe
net start audiosrv
9⤵
PID:1636

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
10⤵
PID:2532

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Communications
9⤵
- Executes dropped EXE
PID:460

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Multimedia
9⤵
- Executes dropped EXE
PID:2284

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Console
9⤵
- Executes dropped EXE
PID:2352

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\disableDrv.bat""
6⤵
PID:4796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID
7⤵
PID:1080

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID
8⤵
- Executes dropped EXE
PID:1308

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setvisibility --id="{0.0.1.00000000}.{cceb0de6-8e2a-4aca-b0f7-bc5fe11d3608}" --visible=false
7⤵
- Executes dropped EXE
PID:2584

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
6⤵
PID:1980

C:\Windows\system32\netsh.exe
netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:952

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
6⤵
PID:1216

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:4836

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
6⤵
PID:4996

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:868

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:2056

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:1184

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2660

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --no-sandbox --enable-gpu-rasterization --disable-gpu-vsync=0 --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=10480 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1984

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=175424 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:348

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=115844 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2160

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=227108 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1
7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1084

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=87996 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2032

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=113496 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1
7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=15439030-dbba-449d-b460-326ebc585651&appVersion=2.43.2.0
7⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffca8a23cb8,0x7ffca8a23cc8,0x7ffca8a23cd8
8⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
8⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
8⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
8⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
8⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
8⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
8⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
8⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:8
8⤵
- Suspicious behavior: EnumeratesProcesses
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
8⤵
- Suspicious behavior: EnumeratesProcesses
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
8⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
8⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
8⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
8⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
8⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
8⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
8⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
8⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
8⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
8⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
8⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
8⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
8⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
8⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
8⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
8⤵
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7196 /prefetch:8
8⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7360 /prefetch:8
8⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7372 /prefetch:8
8⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3008 /prefetch:2
8⤵
- Suspicious behavior: EnumeratesProcesses
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
8⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
8⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
8⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
8⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
8⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
8⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
8⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
8⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
8⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
8⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
8⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
8⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
8⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
8⤵
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
8⤵
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
8⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
8⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
8⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
8⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
8⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
8⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
8⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2576 /prefetch:8
8⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
8⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
8⤵
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
8⤵
PID:5604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
8⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
8⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
8⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
8⤵
PID:7592

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=227016 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1328

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
6⤵
PID:3048

C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
3⤵
PID:2468

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:4788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a7bd73e8-490c-a545-a4d0-b2f18a550b44}\vmdrv.inf" "9" "499a51a03" "0000000000000140" "WinSta0\Default" "0000000000000160" "208" "c:\program files\voicemod desktop\driver"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3180

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2020.9.25.0:*vmdriver," "499a51a03" "0000000000000140" "3349"
2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2732

C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf" "0" "48643ea57" "00000000000000F0" "WinSta0\Default"
2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
PID:2808

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\mvvad.inf" "9" "499a51a03" "00000000000000F4" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:232

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2022.6.1.0:*vmdriver," "499a51a03" "00000000000000F4" "3349"
2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3100

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000518 0x0000000000000534
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3140

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:4004

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Voicemod Desktop\AutoUpdater.NET.dll
Filesize
405KB

MD5
07809155502ca460862d6c3cd554200d

SHA1
a648d3dceaa0dab29bdeb3b08cfcc05b816dd28a

SHA256
4afa1ef0f2df936fe2ff026d73b9630cff0d567cb66e3e09ed94783c0d3a054e

SHA512
6314679bab44ac165e77689ee8265f3687b8e7636a0b0fc688fc1b4581ba376c612e8d117dc50e8ae447a36e161167fa4b7d3365e9b92cc7d80f56a8b57d0e08

Download Submit
C:\Program Files\Voicemod Desktop\CefSharp.Core.dll
Filesize
1.7MB

MD5
cf23cc10046f463ba2f929b3491be3cc

SHA1
1763511c3103f191d046ae8a25b344755d042ff5

SHA256
e1c1c19da47f763b207569eaaec7ab26203720fea2546178cf30630292de22cb

SHA512
a6c190e8b9a2fb59174abef52cbfcdbaa4618019450e860ec1b490643ee26ab33c9352ccb376edcc52ea1d659ac5b8fa8fa9560a25f616dfe098b7455118ee55

Download Submit
C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll
Filesize
26KB

MD5
b8ee3de827c9828bfc4ce2d1232110a5

SHA1
0a017aab404c48f9f11b3e7e0a29e0c558e8cccc

SHA256
6b007d59cb09c077e94bc32ee74b3ff03af07422dd50b40d2cf39573140022fc

SHA512
13dda00459d9fa07d8123a5b100d9ec1b046e470d978e37a769308424c3986bfdcee5515cd32fd7b14b8eee3e9ab4ded1f0ae5939522926bf7a82daeb914123b

Download Submit
C:\Program Files\Voicemod Desktop\CefSharp.dll
Filesize
200KB

MD5
a8caf7f548b13fcd2d676c9c2550e352

SHA1
0274fca4d6fcf58f098053de1bb921f18c7d66be

SHA256
073028a525cdeb485a183a714289199e5650aadcde6bd90fa2726339e139515a

SHA512
c4f9ddc0ab33c1a10522670586857004d39a13c9a8cc44fba8f1f254fe8896b86e79a8ab5bb4843df3fca5bdc3abaf35d061954b429923faacea4ea99f4408ad

Download Submit
C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll
Filesize
47KB

MD5
fa43b31fac519d4537325b2d77595c3f

SHA1
dc3c0912d2275684a95816401f63e155fe2b5ed1

SHA256
ce4721eb7591c77ec23650c079c25730bc9e4f2af440ed0ce913258151434cda

SHA512
e9e050ec7bd310ce3c5c13ac7f3849dd96ee34ca68a91956b956eef6c228a23d790736d05f07562b039a888471f823107d11384e72e172f505192964680335f4

Download Submit
C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.dll
Filesize
31KB

MD5
b7f13cb30356dbe3e3bf7c01e2d8c7b1

SHA1
712900d638167a85017ab7f99119964d84e0a39f

SHA256
9cb78661a77fbbae56de368f018ac9b06e6a171dab37e49091ac4abc4a3d1126

SHA512
6df9337d590adb72df002cd64005a59f60ba064b2ae2d207559f0b43c9c8978ae75b22115556f0f4e7567b7b7862b99fe069ec92b3c98752623636bea92d1bb5

Download Submit
C:\Program Files\Voicemod Desktop\NAudio.Vorbis.dll
Filesize
14KB

MD5
7721decf5f28e1470d40b912b2253779

SHA1
04536a984d29ad5bb1939ab83a1c5eea501f2670

SHA256
ca4cceb6a39d5b511abb897d8bd3c1de6921cf8a284da73be2f7ba79ac377b92

SHA512
2aa81e5a800f804ecbb206cbd2807d4a1987341dd211f8c493b6d5873e7d3d35f4db8c27b4d67631c592861eb3fa05037ea93d02585870e6354054df687af076

Download Submit
C:\Program Files\Voicemod Desktop\NAudio.dll
Filesize
501KB

MD5
047bca47d9d12191811fb2e87cded3aa

SHA1
afdc5d27fb919d1d813e6a07466f889dbc8c6677

SHA256
bc4bacc3b8b28d898f1671b79f216cca439f95eb60cd32d3e3ecafbecac42780

SHA512
99505644d42e4c60c977e4144165ea9dea8f1301e6456aa809e046ecc84a3813a190ce65169a6ffef5a36ad3541ec91002615a02933f8deb642aa3f8f3b11f2f

Download Submit
C:\Program Files\Voicemod Desktop\NLog.Extensions.Logging.dll
Filesize
44KB

MD5
95e7f2457da5b9e710dac09740c16463

SHA1
1e81f71d1b69951517eae13cf5e96acd28faeb99

SHA256
544aa327ea022e6a8046f2c2fbc822714415aed716f1f0ec37cc707043cd58cb

SHA512
97b14ee4d1fffa4331ae911ddeb0dd4e2b8eb5db10f3d2ddd8a7a3b562a0110c5be19a72b3365d4f12b5b2543a9ce323143dc4a349c0481c93cf1c56e19bb5fa

Download Submit
C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll
Filesize
42KB

MD5
ec154043dd58f7834eeb093bc4d0d7d3

SHA1
052f320731f3f35dd10de4149b27f0c8437a21d2

SHA256
4442104e5a3620b5e927b50c02325d4a2f873851ce73bd063b7e17f2a344bc2f

SHA512
2cac794852cb182004fc01f7061563dc8512c60591e67249e7aa9f4fb4282dc71142ae36a371daad32fba719a119055886ec8a63c31dacf0fc8eaaf7551d0513

Download Submit
C:\Program Files\Voicemod Desktop\NLog.dll
Filesize
818KB

MD5
b70274014c925937f0f2e79de6a17615

SHA1
f0c7f4d5f977c99a3205ee5c1c8c838ba4a81bce

SHA256
08f1f52716216fdbf4e918c88bedd87c13d06d914e4f39673f2528237638107c

SHA512
7cb67d07c136f48231da2a2fdcb7f93e8a63a391d09ceb56c12287b93a58e3fe9117313da4578f2225b178adb2bb5e0bf8d75d076c79be7823ccd42389f5dfdf

Download Submit
C:\Program Files\Voicemod Desktop\Newtonsoft.Json.dll
Filesize
659KB

MD5
4df6c8781e70c3a4912b5be796e6d337

SHA1
cbc510520fcd85dbc1c82b02e82040702aca9b79

SHA256
3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af

SHA512
964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

Download Submit
C:\Program Files\Voicemod Desktop\Sentry.Protocol.dll
Filesize
49KB

MD5
c3b6084fb4a7ad53d42b6301bd19ac43

SHA1
8b528d371629c1aa1a31d35d7a257813a90b6846

SHA256
60857310276b69557d2596356f78b53b74f8ff8a905bcc5ac57b84b2fddc064d

SHA512
63e37c164561fbc9136244b1cf7c581fc4fa277ed5b24f9b767c126970740e358e340ba2609bc7f10523b48eaf3bb873fc4ce01094d039e43110263817c4b964

Download Submit
C:\Program Files\Voicemod Desktop\Sentry.dll
Filesize
86KB

MD5
a3571d57212d66885f7e19ca16c76d19

SHA1
32017244672e20e5e99d35aa05907f835f1246ae

SHA256
4890f2bed66f98c4edef6174a9500a3b13d5a5419204003507468b45e946582d

SHA512
317bb735044b78603f8b2ec750ed98e240ba3eeca8f36fefe47af06b15975f402b6f5852ba8c5b8b345475ab3bdd9dc3faef17669a17fd028f0b9b1655dd67f5

Download Submit
C:\Program Files\Voicemod Desktop\SimpleInjector.dll
Filesize
400KB

MD5
799368d49236de4022d232fbb6a4de38

SHA1
3e3181dcfc62a9067a0265385a6cd5e228626ce7

SHA256
0414c6cc3fe30f6baf019e30148a6c841358b6f3ab570b4419812eb7350b6a19

SHA512
9bb4b681cacd1c1361080fd3e768ea524a11fd284ea9795e04a5173e1ff326bda17c18debd26bd146f19eaebdd10f6c275fe0b2dfce88b601e9c9a2bb9fa91f8

Download Submit
C:\Program Files\Voicemod Desktop\System.Collections.Immutable.dll
Filesize
295KB

MD5
d8203aedaabeac1e606cd0e2af397d01

SHA1
eef943e4369166a039dee90f2d81504613d49ca0

SHA256
2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57

SHA512
ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6

Download Submit
C:\Program Files\Voicemod Desktop\System.ValueTuple.dll
Filesize
24KB

MD5
23ee4302e85013a1eb4324c414d561d5

SHA1
d1664731719e85aad7a2273685d77feb0204ec98

SHA256
e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

SHA512
6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

Download Submit
C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll
Filesize
19.3MB

MD5
948fa7c2a1fc375157bde5d8d44fe162

SHA1
9ed97ef0eb84d52bb5dd0b2343c9deac4bc2b1e9

SHA256
9908c60efe2d8dd716e6654ea09e8a19ffce21273aeaa239473c549500479ba4

SHA512
fdafba662dce2b913d29ebd1d9b80eb41c4c8a1b09444c1275052fc436079dbdb4dc6a3a8021eff0768767bd9c8efba789a865a9e814299478840d12797354c8

Download Submit
C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll
Filesize
11.3MB

MD5
a8e7088990c747bc8fd07c1c93e8beb5

SHA1
3c028409a4979829f4b2019cb9d30a04194cd5a0

SHA256
af5edaf2769d35bb0fcacafb5fb0491a665d4293c77b462d6ee5739398f0a34b

SHA512
19aba1c87b6ec35778bbf5f8da21773a103d91cb34408529de90a767998df575dcd5ca31fb5be91c68296dcc0d9a2e250addee2cfdbda1002529cca5b890610a

Download Submit
C:\Program Files\Voicemod Desktop\Voicemod.Websockets.Fleck.dll
Filesize
80KB

MD5
aa81651105606461eb63db6d423fb2c7

SHA1
c748d7a703df483a99f2d434d1a45fb3d285b4c7

SHA256
138e544e27ee059ffef19809c54f48076a0ddb29410549b658b3aa67a18d153e

SHA512
1118a9b1090ff72fd15b269eae7f0d8085ef624fd34318f5c4499dcbae37531081c8060182cf37ca9e114c05eafdbbfb8477cf1ba2a88225106d587caf141541

Download Submit
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
Filesize
4.9MB

MD5
d20afc7e984fef3a2b2ed3dc0b4c0ef5

SHA1
484da3d185b8b87620d4d2d6b7ca4266a651bf21

SHA256
fb737bdab9bf40f95dc999adc48cca3855fea1290c4bf51629f0298660f92cee

SHA512
e9ab6c311f73bbbd9640be6275c66ce4bb4aa73124e46eb7a3e7a8083bc8de0c461555ea12205c6ce630aa4e783bbea6112fca700f58edb33f0c82142dad127f

Download Submit
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
Filesize
7.1MB

MD5
40797c8e92d0ce07d0eead04513c7bb3

SHA1
32927f08995b54c3d5417626d2c212fa03812d90

SHA256
cd53d7e811e6ed5f2dd8963590b3dc3a7e76dbe426c9f47f62eb3dc5d296e264

SHA512
65f671b0992077cf80a4daa3eaa5edb97e063de670ded6e50b9190d0dac0542d10d42201492b667a2772fd8c6f5b123726a0c3c58199a4f58b8e46b11a4cdbb5

Download Submit
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe.config
Filesize
6KB

MD5
06e40dfadc011f07b0a8bcb910ca62ee

SHA1
a4574e90d61339b3eea2cfd11ed12e557f7f477f

SHA256
ae74231a8e6bd0acff9fb074427be26a73af20885cd23cfa6a636c9df4333f59

SHA512
ae27cc72c9afdc89a5ef8bf2569284d7ca6cfbcb30a5cd4ace0da11bc79a35f47c65a5f414f84f95f8696822242d3b9718dd860413c55cfddc1cae37d8c5350a

Download Submit
C:\Program Files\Voicemod Desktop\VoicemodSDK.dll
Filesize
5.7MB

MD5
39844565ec5c8cf05d62ef399b011754

SHA1
23ba2573016c6fa7344f4d422d86a76b5216363d

SHA256
f0dbf3861a5cae109edef2e78fa2b9f7c4353025bad314cf3afb3fa173a4f5af

SHA512
54b5a16b55491a59e6cb7f4172557efc470d6c31f503b7c8767f0ec410f128a7b98bf4191ba8176fe39f77deb6372788797f0dffbaae2041338af63eca544e0f

Download Submit
C:\Program Files\Voicemod Desktop\VoicemodSDK.dll
Filesize
28.4MB

MD5
2bf54840de051a2d293e421cd49d0eba

SHA1
b4dd90e42eda8e0401885f4d5637fa79892750fe

SHA256
225a00a907fc3c88ef4607bb3b2e3876499bd0679908ab48b1df0b08e2c6600a

SHA512
9eacfa6be037b5e00d62d317fa9c7919ddbd6d8014f4d85052eeee39a929c9b6ae353c41e114827f4ccaed0112ccd8cdaea3064db7d81a0ec1c599c9539d8dfd

Download Submit
C:\Program Files\Voicemod Desktop\cef.pak
Filesize
3.5MB

MD5
3f25f3cb727ec8a91891f8ec21657212

SHA1
09f37afff84b2445f0afa8cbb803d53bada62080

SHA256
f8a79e0f94e8a6ef849aed1910040c7d8a4c8a61487eb67163509008c9cdb33b

SHA512
c931c465c0bf1480978df9ee192bc52be82613707bd9ed813e7857a66c55386498825fa300f028ab59d0a64a1f7b5e3936ed777e97f1aee42f9a2ef8fb68827d

Download Submit
C:\Program Files\Voicemod Desktop\cef_100_percent.pak
Filesize
719KB

MD5
cc741473d2d075fdc2be804eec407a12

SHA1
22a96140286fdb004540a2051b93432aa133843d

SHA256
6107c1bfdbf2cf351d5281073422b836d7a547e81345bff502fd31335d7fcbb3

SHA512
31977768847821379aca3a49a30d6dc25a31621d96b618c4a9fc71bf7eb7f9999db87603190140fbaec8beb103cd8ff793d5144cbc68a7ec7815db64aa530437

Download Submit
C:\Program Files\Voicemod Desktop\cef_200_percent.pak
Filesize
844KB

MD5
065140de55434f35f9c5c10764c29ee4

SHA1
4bb734f61c04bfc68f7e15f128a2853a5f7649ea

SHA256
ef2c632ca52b27d464d6d3d8cd1b5b31b62b1102845682c680cd2bb102c5fca0

SHA512
552e5f79a41e78afd191394cb4cc5a8ab0ead3a0ec1706066e85b4aa3f2a80ff0674dc8f9232a3f123c8c60a9e63d63bc84b79f7c357ff7c7a85b6c98ebe55ee

Download Submit
C:\Program Files\Voicemod Desktop\chrome_elf.dll
Filesize
781KB

MD5
44fc26ae3f77101eacf851f53aa1e64c

SHA1
f129f58aa70cf1ea7741be1c7848062e515d6773

SHA256
fb884db0b44f47dc451d9729fecaf6aa9de61e757aa4ef76381ca7006d55cbb6

SHA512
f690665b01eb4e292ce8e03169593fcbb44110253fc4a14510ff3081c41bd13a0538a9a805113f07a9fc11536b552b59c5548c25ba18c08e9738a3e7cbe0d8b8

Download Submit
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
Filesize
149KB

MD5
ce0e059d4365c22f6f8cc1ce04ff5418

SHA1
09eff27e69a3e4d3cc8bef9e93fe6ae7e20447c8

SHA256
663e5b184648639cbcf353ddaeec6688abe323dbccf8de8fc8d2683f5e1a99cb

SHA512
c8c9ff1fcb172bdbf90d598b2cf0c5f0dab31132b8633540a162ec0c299861d64f36bb805da7dca5b4a4ac96c74fc420303235cbc780f09a2c2aad5b7de724ff

Download Submit
C:\Program Files\Voicemod Desktop\driver\setupDrv.bat
Filesize
230B

MD5
e6bdf4edaca31d8f5f5d8fab141e1bf4

SHA1
b67c41d0170c246a2b01dd2e6b280c147e98419e

SHA256
9387039a0be348be9d99989c6f60ded8760c76c5316692dc880b486859ae792d

SHA512
f3b62c78982e7c7ab0d9c04db18642f43e289cda8bacf454df5749b1371d444bb44f57f65931f39a8075c491cb88e3c96b83a3c3a271eb67a9f427c649787c8d

Download Submit
C:\Program Files\Voicemod Desktop\driver\uninstalldriver.bat
Filesize
1KB

MD5
a6261c36b1eb262f18c98e520966c329

SHA1
be1f1a0bdcc2f26bc41599b257f2b4c95a1a87a1

SHA256
d0cdbdb5be2be15f77861b6e08aa553d9e8580c224ef0f63e55064f415fc16f0

SHA512
06da998b9778148e15065b67ea6ffadd6df7babf6b1b435368e6c7b6e91d3506d3c3498140cd8b950e207d97c78a899e567b4fbf462d07f7ad473a878ea45fec

Download Submit
C:\Program Files\Voicemod Desktop\driver\vmdrv.inf
Filesize
4KB

MD5
b9b68ddad77911e85697af02b6e311b5

SHA1
999c26f4e20fd29abb0404c9b5bfad4fb2664d2d

SHA256
f853d5b0a5dd5cbe1da2ffaae285080019f9e60cf4e4ab7d9810f5be40f362f1

SHA512
40e0307e787c8498ffc0922d190973b1634621bbefc2a89feaad1b4d68797f9e55c1cf55e5112a0a8d13ee37fa2ed18a33248c95e4298471e2f7cb3f6359c874

Download Submit
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
Filesize
206KB

MD5
afc1465481d73483af98d1e78419ff02

SHA1
7fdea1d99110007a5e560ea7b43ba0dec735f908

SHA256
98ea0aa12cf1a2b0b7337bcdb6fef41ca35f83248e29b6072fb15f3c180232b4

SHA512
6b4c9142298a91f65338ce68edd66aceb1a3e7a5ef4d87969064cf49828cfbf8bfb3e0a226fd13bddb933d49d7aca9fd0a9f6cd048505cf5ba2abd4b871b93ec

Download Submit
C:\Program Files\Voicemod Desktop\icudtl.dat
Filesize
9.8MB

MD5
65c6337820fbe9bf2498a9395e3b20f2

SHA1
5cc62646e6c73b4be276d08719bc5e257af972bb

SHA256
33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4

SHA512
4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

Download Submit
C:\Program Files\Voicemod Desktop\locales\en-US.pak
Filesize
177KB

MD5
424663a523ce37f8a6087681fe3b05f3

SHA1
c250b53402e3ca81a5b15b4ae9efbe374d0b40dc

SHA256
a9ad65a2bc012cc22efcea44ff42de06503043f7ce76ccab8edaa33456d339e7

SHA512
566adf1626179bdb07615b63545b12dd304b7cbe43767e924a2806fa7fa8ac3b808a862375dd4723e985f15ba83760319a70c594e97934f91022446590fb10d6

Download Submit
C:\Program Files\Voicemod Desktop\natives_blob.bin
Filesize
81KB

MD5
e350965916554e65a47305a6ab27c2ba

SHA1
9d60e499a907811a3155e9a07f8645d6c83cb909

SHA256
1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd

SHA512
c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8

Download Submit
C:\Program Files\Voicemod Desktop\v8_context_snapshot.bin
Filesize
672KB

MD5
9aaa9081a7199218a25c788aa3e65be4

SHA1
1834a6ff2b69121d01da29eb1cb82ed29f493ae2

SHA256
0c3eb5fed8f9ce0166a4d75f41d60d8af4d6082f77f230867511eca0036f9a26

SHA512
2bab85623e897a386cac4bd764e1db0254e80423744a077ef14fea82992de7f7edeff55cbd540a7d73bbfec78ac31e8b136410e53c60f198d4325a5457beb666

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2660_2116094413\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2660_2116094413\manifest.json
Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71ed3e84-1c11-4e46-bb69-0ff97bb88310.tmp
Filesize
6KB

MD5
cdeb9a89f531d8d6fef9413452f6894d

SHA1
0c3696bfa46587b94feadc6a4addd18813708ae1

SHA256
26a3784633d9fe1d5d5eefa90c312f8101799072b6a2b65d1d7417373c51ea85

SHA512
ee64446190e9058ec43724596f5c27b9ed3bda1640ed99fd7ac572f52bef14a5acffafd9dbcd928db5c038922ed7db41cf792c6e03221013247ec36f7e1d3db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
329KB

MD5
9ffa372552c67dff9c0bc3cdb74c4fd1

SHA1
4b988ea18d121fd6463d0dabaaaead89078017f9

SHA256
1e3d2448b8e370c3be2c0048ad7001c7542ad10bf76a7ad13b8ed6553a200eb9

SHA512
94fb7f3d262b88c3625740c4adf5c306b49b2de847a3bb48960652132a03ba162773463e15d3891171b2826acc65f8d0bba7e453e9aaf3bc4ae1fd08f1aa995c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
23KB

MD5
676eb8a0a8567df00ced878d486a70d8

SHA1
ef56d12e3abddb76d85314bf76115140d2f50fcf

SHA256
7b10472228a8f61b9a152dbff160b3fbc3dcc7663175ec5a0a40fb2bdac93e16

SHA512
32ab782e88c2db08ea0975605f4f509a23bbdd6a74ab38bacbd70bb228c8a3e042f56d8049d95dea9f670f047d02ada87b60aa77b3e8a49da5d3751f0fbd3772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
73KB

MD5
da07ea6bbc7742a4826a44c0e14de9fe

SHA1
f4350425c09309bd73e8ff72349300149d59a2ef

SHA256
ddeacb8f7911302dc166dd00b45b0543b575c1aeda61406af964cbd7b40420d0

SHA512
92aaea504d9e9614fbf5a85285aeab8d8e6389e240961c8d722d0b3114ddc2602d6ec0ff34a44900c253ce3694d9ef700ecda2fa8a93a1c56be08a06c798b53a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
119KB

MD5
fd2233c557a06a6b9da52700555123dc

SHA1
9552735dfe2d3735a3d96a8e56b4ee9d605bdbed

SHA256
2d5e4dd8361f8ea6ea73c330886acdc6cac9bbd3cc4d447c6f115fe418e84539

SHA512
6c70ccf83415eb07fe573796b397cbf3220f3faca22beca0b3a763bb39226af02cb7f2cd2ff424ab075d74478cb7c54966b291198b47c5735737218d768c2a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087
Filesize
28KB

MD5
1784d82edabfbc66aca767eb7becc500

SHA1
6b5e78f735d0d09fec5ff94efc3374af2a75ad74

SHA256
7ea81e7c911e5ba134b67278f0d7f2baf4e652243c57bb699030ecc77e85619a

SHA512
852dbdb202cd0e83dcd4b2e83a9875db060cc2202d55b9b37c3514e8e63f1d12178a3ba24ea6e2cd10b57888c56477d18a6883e520bbf7092c3f9b2d33746849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
Filesize
1.7MB

MD5
26a4dbbc81a2c879a58ed7ffd87c31bc

SHA1
39eccf8a742ab268c279d8a38a9d6f2ac5e91ca8

SHA256
255dbda53535e4f261cc8d5b4aba72b60c87b2b93ebd337db58e225518fef0a2

SHA512
02b79b822bc32bf1b594ab3d86455be310a187d8116dccd98d408793f9d3c0059e2f6382c6c0d4d09663e8ada507c9b2086ef93ea54fa96171e8ebde35f0ed9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099
Filesize
27KB

MD5
4efb9aa5385421fc5899f9e7abf7e8cb

SHA1
2572cbd83a21ce01f315c126505f20f5e52da704

SHA256
1f9c006e426f89d13e2ad5550f1eb29e85fa4595b31086be29cd9adb3cbdc960

SHA512
e4ac6b0b72ffaab0dac276a764e6bfd7c78cb07024adfedaf0542a88515ca57bbcaa6c679dcf0f221f2da4840f25aedc08cb0a68146e181cf776b959b5463d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a
Filesize
88KB

MD5
393f6e04fe1febc491f93fe20cb31448

SHA1
a78431170ec1b9bff90c27879a7eed693b328436

SHA256
b5326dbcc52c1487423919a7a23261dbf3a18f18e541db3d6ab131eb1a96bb27

SHA512
aab2639908888130a799c8255e0ae7340d2adfb8474030d5ab197836f6409287a7b23f6a2dfcc78610716f6235a58fd91f42f748ef46ed23f87b8d9df19b1580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be
Filesize
130KB

MD5
fe7ece252c0149463b708a17ad0046c7

SHA1
0101929a0bfd9e6ec6a93102461447b3a83895c2

SHA256
ff27002995a1e236cf207001bd3074c36da08b222c1a36f2f8bf553ee049b4c4

SHA512
53fb8bfb73196d5b949133339664531adcf854bf5dc767f76212b84a3d10acd44e1096a1458a5e79dbcace721de9e4aa5b7dbad99cd39848d28067d21703d382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df
Filesize
62KB

MD5
823cc03dc2a57ff7ddcc40c4728be9f9

SHA1
385a6d029a0d1efd47bf12fbb64a018a0d7737ec

SHA256
29d4725dbfdff4c26719db2a8c3b065e6911745ae745717e688bd22843eb3053

SHA512
2a572ac4f1a6d1ab42695892d457acde1887f2ba1f786823afb805aab88edc3244afe3a7a5d288e616b8031b98e8a084046da55daa7d8a42498bae0b2322979d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
13KB

MD5
fd766fe936ab1412e6ce7d3c9da1bec1

SHA1
1a9fa90a2887b821e74fd1b076830b8fea6db25b

SHA256
fe466b6f9662938d45afca673ceca11ff28b98fbce7a3840802b80d4666b7810

SHA512
0334436bf80da2bd5650449604df2ebb3bd1cb3b1d9a2cd6de0f7d2445521fc6fd643d147f2bf009e7a0fc43ecf30958ca6a3a46612bfe15c6107d6a776388ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
d69b27d194229740be87b99993ba2df4

SHA1
aabf72ebfe691943df1c01f9954b960d1c2ebcce

SHA256
048495612e50de68364d1010e01707fb9c8c24ca12ad4e9cdad62622efe5759d

SHA512
31e8744a1b15736461a4951a524ce8389e076e40a1cdf2a5fd9e75ec2f7144f3a02d70feac9ac418e176e95ebf2a8d58838c261900acb44169c11228056e35ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ab2eda650b1b1482cff7a5c594ef81c3

SHA1
42c2c663ea2cffc27c3ed3b8a66c83f077eadbe3

SHA256
ef27d70701a636d5749a5820038132e830effb7f34dbcf206b3e46ce78edd979

SHA512
ced4f8f3b2d1947f18a1254ab9c273415391766c4e821efa332d44b575fe57434da3f27065f6361b137c988643dd286fc5f5a381fb23fe8bc5dddfba8c011b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
12KB

MD5
2bc7be32310c1d8487b070e928f91d81

SHA1
2e3056d792ca46d305588da658d4ce45b97b19d1

SHA256
d3a538a2762d35f4bd763d555ec9e7c324975a109123fba3b62f9b3525699f3c

SHA512
e030d2b8e33bf43fd330fb14f2be96caab61b8e802d352088052ffa269b82a42df71564466aacfb816570c53e2d41b4f893965001fcdbb411a132c45c1b14818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
15KB

MD5
03b3363a8eb171d66ad972bdd618df8f

SHA1
bb89396620557a82c20e58c64758adbcfb38c64c

SHA256
a44e46a8e0cac4ee5a71c5ff3ec7cf604d62f2b0acb16b30f81cf6045e3b609f

SHA512
0d6495f53185d8c7eb021cfa1f6e14c29c749283ffc00fdceb78755ddd665e109d35f0b531e2341609c4f9912f579837b62be6c0bb924d2e5368bf2ad93eff33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
15KB

MD5
10666fd7b9e1a759a6bcc0d965d690b7

SHA1
80cefe7ff7b997b1403972dc262106c26b19a4c3

SHA256
19f31a2469b6c00c262cc975c61bdf36221bdcbfc7ab985c532999eeb6b786fb

SHA512
3efdee03f1bc9f3a9536134cc39edc008e50060d0aec3333c40fbabc9704539db88a2abbe224a46985fa76e9c25c72770c0740e0782f037c925d78846eb56533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old
Filesize
2KB

MD5
4fed1c11de850a56b94a7f493a61a69c

SHA1
19344eda98919cae7385d9991e7b65226063ec86

SHA256
1698efb4fcd4d45d577e1e70cd8fe5b3a84c6f19d8d8c15955bf0d401cd5557f

SHA512
0a2cb6960b00a717bd2589111f38a9021748f208b2aba8e0d8557c9e84e52adb40d3f414e07e59b87c08d830395f3e7b6d6fa9be6f65d65d44faec3e2dd3a0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old~RFe612395.TMP
Filesize
2KB

MD5
3e97f254af2687f31f4c80a0a2592aea

SHA1
325f0d74f65046d875de5c84b9ae27a93ede619a

SHA256
72eff14da649a522fd3335a79a971a1442f2168bd4ace162ff98c680407f2c9c

SHA512
1434721403aebc2778e011281bdffdeba89bbf20bd9851e1f654cb865de9a000a52edc5377320ebc3b9aef468469a96962ec908cec161002ca9af45a41429d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
ad148b392409d0616b8fd9cd92b93e2f

SHA1
44981194e7cac2af778226edda5b91d9180d1d11

SHA256
9b8e877e0ea069e430ec05931111ddaa224c011343ae278c884e5faf5bab1741

SHA512
56d9f25aa3556be71aaf3199002666d1ddd2ff04f290893cc1766e7c41950727adf90ca96d88a3f189855e74378b3d4d343bfff8039603efdea47a01e56122d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
b904436e5a91efd8d0fc5a31da4ad489

SHA1
68375be935c9f9e0736f04f33492d9428059b038

SHA256
cf386af1b2d26061d53a220e33eedb5e7a1a6b9fcb306ccb0905ed09d6358cce

SHA512
b0d40ba4a23eece19bc83780ac761b272ab5df80f1ea581692fd422bcdf29f961e5fa92cce13450b4b390c119ee15568d7e639c837700568bdf2d4d9584edbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
0eb9ec3c85d631ad8a6545b5ef4905e2

SHA1
1ab97addb00de5be5b9f59e715f400adf3ccfe1c

SHA256
3541be8510e62e53493e0a03c1d593d88768d07548dd5c07c1972a451ae32e7b

SHA512
aa1e2e320751ee97a2deaf5c97db9ec84174f12c249ecb2bb7829a64a0f7015e825243581fb05062bb5a150524355700fb8e2fa6d2edf1eb1f6a95f3bf1fd15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
9051abd95d8b60f1cb6ac3fcc2b5e349

SHA1
775c5ed8a31b5c0c1e0b261a1187b9334abbac83

SHA256
a335fd826daacaa53ac11a0d4cb80d78da000a0c59a36f8eccd6d9f91559b4f3

SHA512
47c92347bb197c496948b087aed9991ec693082fcecba47a9d1770bbaa82ee207dacf058445b4dd9c19b61f2d9e896e506a0efb03c57b72001280682f3cdb942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
964d978820b6a7b69eb435cea1c9fc29

SHA1
9cbf63febf5bf7f31c10b94b093a060d20acfcfa

SHA256
86ae8f2f3fe7a466f4bb65a8114b89df06eb8c5076efc1050c0d61efb38cbe48

SHA512
773f8aa39e61f5c9ce363e4d11c7ca054fdde33bff5601a60b7db5e28c2c78a3c75e83385495b9491b260717d176dbd447052f5bc36b3bba6176209342fd990f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
76a8e0072baac4e5084ad50eb5a65800

SHA1
972bde99d6d8be070029f75a78f3da7e6c733cfb

SHA256
36738a7b4c871fb3c2a40350dc782855292ec7b3781200e839302681b535ace8

SHA512
5cd5c9f912e0dbfa2abe6b5fc7be4bc15d9e8b7b0243ff57300ea2b515e35de0e7faa1160f902afba47bc05794119716ca972d1cd053cd1e090d578525d9a5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6bd64392d8f69c7930c4e3dab1adb0fe

SHA1
dceca2ffa8acf05e01c6b4f56e4d186c8d532b60

SHA256
cbe6cc0e7e5adcfbc92aac987262997a9a6ce0ff5d02533fc88ad289f28b90a3

SHA512
b22a1c9bbe58514ed4c3fd78a4cddf17807b1815bd2f70659386b16a2dfd3a5455f3b6068d998acbfa9058c4340a9fd8e9b03dd199eb47631cfd271dd5c05ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d82fd7a8966f2eacce424d1ec85c59c2

SHA1
6d39714d044d567313880654925a52a3e167c3f3

SHA256
4350b2ffe6138a1d0d18d0e4342bfcb3b849d3a1092b2d9d98fbbdac0bfa8711

SHA512
8f46f58650d67583555b195019e4afd544b8c8550e4adb284b9cab5ac2d4fa7eb642c2b56e3688af744dbb7fee3b8f732161f1bcc01da09c44edd237a13c9acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5e15604fdbdd4545a769ba1a506302c7

SHA1
950dce7c95de00dbcccaf51c50252673a50049e8

SHA256
029afe53b096f496e42be2a32e6658b0aad208d35622e81d87f78b320f9b4111

SHA512
40beea6bce3ccbf2feb3c2ef7fa1cd08d4957bb01818233dac99b17ea2b12e746a5a18698e4c4d50f7916625ec4325aa79471a9e73902426d20a6f79ec9eaa23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e6e884fb7b8ffd1defae831e74c5ce1d

SHA1
bfe862aa7fd92ce97bb2827a16f60709da60c91e

SHA256
f745c8ff6f57cd3037641cb7a3ca953f15920768b4bc324672245a61ec0cad27

SHA512
9960d9c86b9ccb4bf3bdd34969a5897cbe4546a666c8b86dc167f1d2807b8774ffff8005a1059e59cc30afc1ceb6e693c8b24ed33466a29e1cf441eb3be59729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
6df07f06f61de3a167d963dd0048233e

SHA1
14bd389c4a40b2ae6a174542895c02ff4779ce64

SHA256
20c97e62ffbe60d0412b646aaaecc0976328e72ae3d3e8fac2e740c4f5a5be86

SHA512
e0314d2e01e3410de1259fe5113cce4656f524541071bd7138e612d5644880c2d2a2f5a99332829369f0963095a5f3844ea8827c373b279ac72f439a30c6e195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
879953d6fa2e0e68dd572c8b6a81d233

SHA1
8f88e8a8e1c571eb6bb3e80255fbae6f5168f1b2

SHA256
0b16e27e7c7418decc33d8d01e0d8de6287d0084fd0180edfaec3b096baaeb30

SHA512
c49eaa7c1b76904a3711a1d6b14280a2096df6d6e759d7197140f7befe9a69f2662ef1bd7a7e47d0642a789f2a7a7dcd63765a702c4d92b0500c30ed33486387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
b69bc22fb671837e4f303c9651251e67

SHA1
4cbe2004bf265f672a9276964bbb85899face541

SHA256
a1b58a76bad5f7c4d524f8e9b995223afccf8974ab50e4f812949d6ab8dd25d1

SHA512
66ab1fa63ffdf453d443e63015a81904b9af4542ce3d34e95f9e4034e294e64331abeb9191f89d3d7192080d5f50014006aeb1a23a7d986945a6435efbb3e130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
d5edba30e5569cda2ab642aa7cc8cad7

SHA1
c13aab12038501c979a5e9cdca24f56ffd470003

SHA256
26872560056c927d9219940745245ff569d7159ff5e1765062df19e55f8f53d0

SHA512
076f97c87f6fc3ca393392a30bb0372ad5aa7f544a65830d346abb29aff02ead2ec51a24c446597f5a5d6a548baf618e3863a941092200126b1f936aa94e9d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
e0aa19bd70c1d5810f13720d6d403279

SHA1
f2a7dc161db7f46fe9999e6dac94ca4d441afa5e

SHA256
e9a89de057b741ac389516a0a1006ac07e227ac6ac4eed10ea0089df947ec904

SHA512
40dc74f65d53c4930db203ff161f182b499c0c11f40b24b2b0ab3c8fe0a3ffe572fec7b90c147ee1b5683e22a7c15e94ad0b43d2e0ef95a681a98576301b4c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
140c84358f190984a9ede701d3e91bce

SHA1
c39534254b33bbdb936592a07c3a543efce7546e

SHA256
8c0695657dfdbee8fa5871199a9bdcc14ade6529745eb45efe4af5c1bcef4926

SHA512
01873a8df58ae579f3d7c08f5cf6ab2f7316882b959313482058baff734e7b8ebd03ce2e8ea45b676b585025142332da244eae122b98ba7ef7b955139b7c65e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
37537e449938674310daff7efc6e4ec2

SHA1
70ce62fb4a08f328bd928d98473ac2c62ee72661

SHA256
90ac3d4c6ed3236dcd0f8cb5da148988154e5703d16e9ed0e5d5d71dc28e35d4

SHA512
792d1e49b41d1dd765c5d1c208c41b3e717779248d41d78dacd4c0f85863f611406e3126cf66b82deeb303cc6c3ee287b3db8cb9f2b00a1f25a7afca02297d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
d3e8319884133cf995fa84dadfacad98

SHA1
db6774bbfd0304612c461e4196f246ccb0998848

SHA256
9b9a470ad3196a4b8ca71e213600b0e13bcae1a663b186bab77ddf1233386924

SHA512
9d9532a38e79ba5662fadaef8bf8d83d9888d9f610e02dd3465f9dacf08dab3ef335f661e2568688bce36d57762abcb77f53c3a737b6dc46b6af7681b1563c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
cd35451ec299199e8059699bc7060332

SHA1
13d158181632fc1d0aec3e2c24c1b855622b5f2d

SHA256
6d15c98f5c238677fca165efa1d15cbc9e4abdd6d4348c229c531375ad40e019

SHA512
dbdd2ee324cf2f9eda30a124620130a50d3104bd7c7c2869ed0157f5ecfd232015090e87f780d1a2788bb916b5fb76d59b924ec35efd250b11be23ba1de3e6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a237a48244eef094d31ad803e1727a5f

SHA1
9ef99982c660861cb2431a64a2d502478b5caa31

SHA256
a93e73ad508fd843b6bd33ff29e5f221d9af834f4040d0fcba1fde16957d7926

SHA512
a393a1413e5b75a2a158103a0bcbf3a67b9cc1da89a23d2db318037dccf0341a6f378ea2a55cf551897f459cca6e63cc78de4c7f62efebfd4fa90a1f982b0fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b524948d2cb4df6a1b6b3e18e54bf94c

SHA1
121fc4754bc73c9a573a1a963e55e6c66be150ec

SHA256
6a94b0214f41998d3582aa65dcf5770ad44ab45de181649105564009cfc1d158

SHA512
7e62991fd9e27d26dc6a454563abfd91c13c19d6cf4ae0f35c6f62cf629749675e5172ab7497c1798548030b880bc32ce9c0a85dff32d56a32cc83c1c95a7819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index
Filesize
96B

MD5
e1c5ff36654414cf3d4e74811fd325a6

SHA1
9ddd64f5caf40f24531c33f54da994f4b4e039fd

SHA256
85631222ce204433d1cc723f5ebe7a3e5ff78fd1f2c3fd438b1903fa7d606d1f

SHA512
3cea66867e960d4c100eed1a37483d30f7afd60679bdbf82be0785b5788df7fb694c057d444b4cc8e37e5508f79b12b900c2d5fc756dc2298beff3679e726c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index
Filesize
96B

MD5
c6f8fced967bb8cd3485386ac4ac987b

SHA1
6b009570321f24d77f07d4c0d581d0dbcda95ddc

SHA256
f6d713a37b41ad1bb76898693431fb3d6192443f54b91a7e37964ec69db59617

SHA512
8b49f8d28489e17b14ca2202fbf78b497ab3690219ee29fdacc1f0d5c2158a9dddf6f21f932c32741dba76030f43be041829b4c5849d571c02685acdfa266511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index~RFe5dc3d0.TMP
Filesize
48B

MD5
26819be724a19ed9f8b0d0a84f700029

SHA1
15d2700bd46b5f060961917cda2d3403fda7d5a5

SHA256
51e8023072fcace799ce570adebf7128367f233ae6b281615dd34ff80c85cae9

SHA512
026cae0a2db259dec41bf193b71c94ce8e4c19cdb271c32370dc77fc9ac034bacbbe9ec41084f9854ce735d9b0c4d4fe0fcce3de789746f089070f1237af7c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\048e351415e7f8ea_0
Filesize
79KB

MD5
85e15f63ba5e78757e62da889d1a177c

SHA1
65408e43a03a2ee7dc8b13c9a9a139a5be167a71

SHA256
8605859909d5d5ff8c83d829d074e88855a03803bfc4d4b05dd46ec77dd04ac5

SHA512
ba7bc61ca4df4f03189af5c3e4f4fd600e63aafe876c86a47fd2f718ac3e3d1835480eb84a459b812333e99481e67574ba2d5805cc4bc6d622bb22a67d90c626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\08580d5df500cb4f_0
Filesize
26KB

MD5
183249a49858dd0ffa7a38bdf956b4b1

SHA1
a02cedcf6ddb436d16869e827c03e06c62940552

SHA256
db6098982ca6df2535f417493a8679f6d730060f9e4d619ad16ddd6cc1421d19

SHA512
0a1a3926f4eb884a1d8e9eb11579b12d80504ebcb1330fad886a9120d879336e14c9174845a912d8b77d83d3098ec0b886e4f394994f429048fee1a993afb6d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\127d7fc1f4a2bba8_0
Filesize
9KB

MD5
fa5e5c717c694878fb4e62576c0305a7

SHA1
a1cd8106dbc8594ae328cd1e9b3357042fc39cb0

SHA256
e6398f8d6b6e21285ebff9e2d40fca2e30d66a48a01a1f0714eca76bb7b0b1cf

SHA512
0f00abf3e8543aa95f3410dcf82d710c1fdbbf98722fcd8a8501c2a31e59887b4bf83d77e58a911e2a30c7bc7d450864b78df5a353d744664de5663475dd51cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\23b18c1e8d80b179_0
Filesize
13KB

MD5
946bd68cfa955610976854870ef105d5

SHA1
10505fb2011f2e4bb20e56b1923de678e61237f9

SHA256
0b20f5618c0e5dfc50ba91ca290d7718517ee65c4d8c44a575b365295f02edb1

SHA512
23fafd8c862f783d5a21e9992689ce9ee6ad93828b6c99624bb8287f4572cf34959ebb02ec2246c5076e8f6218391b3a8b24bb30407a1a8e16081ceee833a4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\2e63cd3937e3ee4c_0
Filesize
108KB

MD5
575163881afab469cf02bda5e38158c9

SHA1
369055e31ea8766232f43a63ca5953efa258bd15

SHA256
696820585e60751a278d31784e3d4e5b66d15386451a46c7c1179cdabfe622fc

SHA512
a70e2073d5c14c2c98564b9783d3a196e21196655aec06b82947f02e0c8c5aea9ea75052dabecef8b86ddc28fc856f4c86182ac997ba6c531fc7b21f33472fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\3cdb198e90f24fa7_0
Filesize
10KB

MD5
8b44c73530459382274a349f62a89ae8

SHA1
6817830094da0bd88ed8a5bf4c8227d67d1674f2

SHA256
d2eccc15e74435139cbd63325fa04fc33994739458cb92d2eed1d676fa867bb0

SHA512
055dfc1beac76f2330a4873e81b39bdff71a2d8bb4623091bab3f551ff777bcd4f4705b0ff51cf15dff8ea5ce41a08b6450709acff70df3b3c238e20138c34eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\4134607f90dbe928_0
Filesize
708KB

MD5
ee6730376d73fc101fd35c620e1e6379

SHA1
3d536477d1891832100e69e1f7c00204a0b11e49

SHA256
6dbb700226b6ea9ca462059bd6eaa7c2fac2acc30e6fee63e1832f41799575cb

SHA512
54b2190120b18d7edd218cfdfb6787e40384ca0d5a76e0107d5bfd58494cbb5c69d90a4236821b07f8b8ce7e40b5746fa97edf19642b8bf01bfb4764bc7dc12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\4550a01511f50674_0
Filesize
148KB

MD5
7f2702e9720dc54155504216edd214ad

SHA1
68852a1648098b627dc937f0054215b3df07ccac

SHA256
a3f10ae3345c5d710e0ca96986ae8a2f268c472f5fb8ea6339c0c012f2906129

SHA512
5c630b23fae744fe0599e0c826c815d74a4830b8449a042635542e70da20b6cb69774b25d6c39e8ecd01c0e2f9f0fedff68b52993e060cb508e66643b62aea50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\465028514c1b8b25_0
Filesize
12KB

MD5
f03b19980a3db023b127e7bb4f5ff01a

SHA1
b7713e84b4b46b81e8f64cf846919364c4dde168

SHA256
62d03dbeda27d28ca237c50c1dba77e085f2e045c335af87206b35a5c3a82ac7

SHA512
0bf6e53ee457ecc790bcc0633e0a8225c2b09cc85ad39937a109ee4f1ded505012a64a019c5f1c36e277c38ad5c6442596fcb43a6a502b164fb85214f0414b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\52d63d67b59f814a_0
Filesize
3KB

MD5
2bec61f1507062b6577bb0ea2a5a4980

SHA1
767f3244165f75bbb56d28f647487467d1916137

SHA256
029c70080bc8b5c15dfe1c296b15053bdd9d38f1fbb59b1d8534d22d8dc7b5f5

SHA512
c2ad8ae9cd8df94c73f591acf3f5a344d39993c4be8667c6f8400aa0db1441dca43c461a8165f330c07f3f57a69cd29229bff3f8a5977935945e6f8f0a4239f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\5720364b2e5e45ce_0
Filesize
2KB

MD5
636e9cd1ab4abb6f553c7415da1b4f3b

SHA1
bd50710af40424d74c986f996e56c983d711e59d

SHA256
04c0b82099cffac05c5567debfa15292d267b6bde614140e8d8547aa3f6ca5c3

SHA512
6e78545f5b86f657724b3f9220afb42f3af8b46d5007789bba54ad89e890bcce0d341893374e61f6fbcc8f87fcebea7494160d7e73344372dcd0772cafd10194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\5a908b654bee3127_0
Filesize
33KB

MD5
d2d51ef499d755fac1bbc01db1fdb79d

SHA1
69f957b153e1b0c93458af6fe3241693b0928e78

SHA256
1b70c10793ef8a628e2702098cf6a7a10b0cce014d6aa5004594cfd3d8b9c8d3

SHA512
48be4c908472436c8f87d2042023526807c62c5a77b2f37f7ca66b08e20016ba6a01f5706df5144794693520b9ec901fac81a6db8845be13fec74eac52d263f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\71c440e7826a39c2_0
Filesize
29KB

MD5
114167a743acc3762d3d3ae6bbff0c9b

SHA1
98a8f332a4372c9819f174a1762c00e956d8036b

SHA256
474acfbebe2e621339b97b062180fd37ea55361a6e7480e94d5be532dc8c155e

SHA512
2cdee0b7b286068d958c08f1ef9d2e35b4b767099e31e547980ba4d2c7c696daa1e6ebd97f58059e433abfd68a8bdb7c160e20b937306bd6b74b0d493bf0e547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\b57983df0d220076_0
Filesize
25KB

MD5
e82aa8b61cc736bd9301edf2e8aff974

SHA1
7a9d4cb55975aa1502a9b667b26b2bcabe7c269b

SHA256
e5d5e4ecf6bb899e8eb6d6d5dff149b7f20d60c723ce88dcd446fb8c5ac2ef1a

SHA512
0d8f503632eb19d57fda2131af5e23c9c494ce34fe4ef542f3ecaa2dd3c7cc38c1088a7c990ac9cae991dfaee7bed56a94f5509fa6096b15f16d1c229ee0e241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\c3177ebf0e62352a_0
Filesize
28KB

MD5
9bab8c03a35b7595833440d7336ccb93

SHA1
15659a9a723224714907937cb5216d806e0fc3ea

SHA256
1009a4778533c51ebfce6d0ca6189746eb7595876da20ef373db128d44ed4816

SHA512
7fe81abe5b2d0deb90656bccfd461b131877162d682fcd6a845a111124b1052b677c9a4c8d73d0f0eb5ea89f38a1ba9eedd5b3962cda85ef5e38b47f0c33043a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\d53dc615668330b5_0
Filesize
14KB

MD5
ea0c93e4a2083191c787f192e4ae279c

SHA1
b13ab6edc6f3b8bab8d990db6fb40a8f7ab70c6e

SHA256
f09524a15a6bb89e0af0934f10a6f09c67b7efad630a1ec3224da9184f066642

SHA512
6d4a268f4eaa5d57876c639c1e382ebc03b57cc4609a8cf192e1301c723732fd336925759b5d8374bce324baec3cd09d5d7db2dfe906b0cedb1a4749279a4de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\e6b56a88b3d010d1_0
Filesize
1KB

MD5
5dc5cfed4d48e81068a23cc11964e4a0

SHA1
22b2967a0f9fc139bb48eabdce7a8e0d84d78f98

SHA256
cbfb56db1d1c20cda62080ce19c1c4363d77d2625226ea6515aea3d814df7f16

SHA512
b5e228f038bd87e12c07f320e0f9a42ae0e8fd052c597522a48e813bd95951fa1c9cdc5d6da34e50f7d6f787b31a14ca3edfee716ef4ae3a1199f4ebfc91cbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\eacc3992a40cd2cd_0
Filesize
18KB

MD5
2be6c18c631c91238fbb6824757626b4

SHA1
31bedb5637b4f7692746799146db80de564e2ba2

SHA256
d8830836debff5e7b232df5467077eed7e768ae110030b9e8e8d79d2c1ed20a8

SHA512
6aca15b6d08595e8a5d24eaf71b36148a2f180862cdad63673bcc91bed9442990c78a8c237c7839f75475a9867982f3127f3efa420a89fdf943a7c0078adc699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\fc6ac2678e1dfd2d_0
Filesize
29KB

MD5
a8518dfc54646f436b6fda242c213e23

SHA1
cfd7818f597ca3943618c0646252d3ba262dbdd5

SHA256
de17d19e1e607faeeac3726832dd89b64acae953e4827d8e678b05a74e8d6198

SHA512
fe5c7e9bf58957ca4d94ce3f2226e94d723bec9745b33938fb80f8d6997ccf75a5100a206b9a3713bd4cabfb1f41a1de3c676c9e1937ff99fb5827e9d01d760e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
Filesize
13KB

MD5
9e1e94b40e2b38764ac2571a9db4f67b

SHA1
eb91fbcc6a122cf792381b5486781a4c25b69927

SHA256
8ae87e6ba2e6cc298cb08089c846ac5ffb73d6bd61214fe6b0545010d30900b1

SHA512
e8c6b27ad50c64bc9e00b14c047427563d47836a0658ba1a028e98af8e3ebe2a9a2c93837ac35ce7bb4d4cf3a4249ddf5c19c6b3bb9de3571041af0c5576ed58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
Filesize
13KB

MD5
7d0cc1f92b1e4e58d89023a24cbc6328

SHA1
be78012e5e42ab41aeaf918e4f4a0dda07a03d48

SHA256
f8a9e75d1fe48a5fe276f8d07fe6f9b96366af3b28fd07fce3a4d3a3bfc1e4fb

SHA512
53ea61325929e3dbeceb7e49fd2d0a51bc10e41eb9ff3e29d46149a6ffd19f3074dda24c7498eef8172ebf8673bfb22a34e124433ee7f22be2d1d7e6374a98e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
Filesize
13KB

MD5
0af7105a069ce1b45a80188a70c4b019

SHA1
6e0e45a9778eb45ed11732d1ddaf539b2066a811

SHA256
a8af5cfcdf94bc0b7d275f025e6797be47125fa9e1932a8c7ffeebfb16548049

SHA512
56287d17cf30b8444455b706d095bf801c7586bbbe23929c1bf3fc83b45debfe4c1c76446988e03eccea443ee139c7e7d249de400d4e331d320c1c03168e4eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
Filesize
13KB

MD5
019b008535b8733832bec34b51826327

SHA1
3e348d776490d51a52236b9a834e70e26fa51532

SHA256
bd4de1799f55dd84339dee127c5efd49d9082b963b5e04281b99b089bde993ec

SHA512
1fd72baa941482e2a610f47488c7a84af2dc0ff7da7eae213058cf1c04567d2aca6f1286087092937901b9594d57c792bbd1d3318a87fb371538e5970f493d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index~RFe5dd014.TMP
Filesize
48B

MD5
d037b3c15fad06e6aebf5f65f13e168f

SHA1
0b883439e6eb7f3e4d68444a9f2993b2ead6f4f9

SHA256
d8658df1395a83b682f0c0df14996c38d969d92eda3e426ff738bbd4f42db60e

SHA512
c2b7b56a9247944f8875d3fd94c67f3578da8b7d6b60977a8a3e89140281785c9a665e7ec32614b790153a78f7a87c34e139f675cbbfef91a1534ce99c5b6ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b4ec6383-6ef0-4231-bb7d-f4739ffba2d7\index-dir\the-real-index
Filesize
72B

MD5
3e05ac097a8204bf24a46ff1210541f5

SHA1
a9a9e1820a007f576f85561ae3c93ce163435534

SHA256
f6f636fc9ed0be08fce32c017d8233ca8fc0b65381364cc68b67ed6c8f6a5004

SHA512
5eb16aea1690eb0b5e423d818c9ec4abff28f371e72d4f30d64f95ddeaa75addbfd61d3eb9db23d98bfc9ff3aecf7ff97ef71139969d44ab6090625de75caf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b4ec6383-6ef0-4231-bb7d-f4739ffba2d7\index-dir\the-real-index~RFe5dd024.TMP
Filesize
48B

MD5
54e64ec0e6006425ac013d3f6dedf4d6

SHA1
1854af08678156d3cb0ff85d05e195d72ab28c5a

SHA256
1092d54dba6b62847a83cadfd15405c87ad1e3d9d4447a79620da32420ab588f

SHA512
783bf55a51dab5bff2a117f48d4f449c32c4de63e3aa9726856a0b116c699f1908b083fe9c24e6c100bce081d4b453106f2975a356da11fc41ea0a2b20bd5304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
160B

MD5
1c9b119530cfaa11276c546c6a28dc4b

SHA1
802b57e59b1653e01132a2b3c1068d975ed33177

SHA256
c103e0ab921aba7f72967c30a82d33d11b7a342838b96b2d9b2901c2556748f2

SHA512
12da5bdf0f2616170c3e2558b4a48d7075b4c1db12eb5a76bd5c42fa9b95fcfb3c771443f9d59a9c315b0f9481c190f6466ea5d5cf1f1c82fa773531cd7b2a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
101B

MD5
ceb9d109db3a0a4b84dea2ebffb9198f

SHA1
4512a8685090aeb478d508a626f93ce2cfa0aa2f

SHA256
93def5610ee9e624855572c88736496886b7d6574a3c53f767ac531ce4a3ffd8

SHA512
43744a790638134f2f424b16ceb1887a53fd4ce474f3243c1763e80f6ce37cb1b48763040b250cf76e602cb63daa54a700898253c964443a717b8e2e520bd5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
242B

MD5
53086bcdce2a185e39989ace94e92b50

SHA1
48ffb1133ae7b5e71e4948fd6d0a019c6fa65ceb

SHA256
e9466727da90b5649f6c76de2304f9f38b026adf9e33f8a143293e76cc7e90f6

SHA512
fa06fdae917d4924c375160e563ae76abc4c43784d9a21470ee4cc7570225b58174cd6fdd9a712198cd2698e779594197b68f7e237a2cf3f05e876a7ba84af8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
94B

MD5
09096afc8eeb5aca4a956a0c099d8918

SHA1
b7d905d1c7127de0840f649dfc315e265f07f513

SHA256
6d5619afb61c15a7e1694938477b731edc0094eda41491fa0681680529ba53df

SHA512
4f7af94705cf87f8afbc8b438963c083fcafee631c556ac1b9fde8feed7f7c474b17e1b11aaf87c25039aae758fa8a55bb382c625c48c47dc079761f856c76b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
161B

MD5
9bd8afd16de03fdaa2c81de6b4b2225f

SHA1
4cefbdb95beba6ea6a3a49f09322f7eed7758377

SHA256
1d0ddf9cdf2988f7a46ed719db8e9113cfc70b0033df4e1492987682b53f0537

SHA512
c352fec902ae11d73783bc811d3096267109f5ffb2ffa4494bab46f6a7241b2d75661aff4d25917fba78f9ab3084af23211088879c9fc6affd30405abc935e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
239B

MD5
fd21ca48ee2fe771edbc4312b074a1df

SHA1
eff7f87e4378d9db9430867a2f0d3af76ea54263

SHA256
f4b72391b3efa1271484d48e0266d0286a885608afe23f92fba98159fb541bf2

SHA512
b7a123d210d2050af7ad6485f682787116ce90e0858843e0bf4826f6035bd4535850c1d497e08ed587692bcbe21d3370c6962c499816fe292b1b430724ddcde0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
239B

MD5
01a2b2206faba810d476ff8642197eef

SHA1
2a6587882c21f8011e5a086416c6e48eba1fa04e

SHA256
b98e656770e3cd01831e853bc30f05f941dae682e9c2e84ab92612ddd4c1b4b1

SHA512
ee6542c48e7ad6fc8187df88369e4e60acb2da150502d6e47105811895eaf35cdffe7012e99b3100e033fd291e741fbbd49e19da94296aad6de6c2114924ef1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
27B

MD5
97d5f65881dcf1370e0f450c74916071

SHA1
8356aa6595b01f1b3d60df82686d78c6b573c033

SHA256
3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc

SHA512
7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
239B

MD5
27d0ccf383734d5f39daf29af95882d5

SHA1
37266fbbd9b10cce8fbbdab048f0b24453a8d910

SHA256
1162a7bbe57ce71e857176c7523d39d78bb1f09563ce7a8856aae816162808b4

SHA512
3987067342520304c2930ff9617c9d0de6315d065de074415a2301459c41a39a4ea1e733ae7e71e3494f7bbbf4e50b38b805c6b3081f18390bf541bbe098df71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
Filesize
239B

MD5
99b86bc03af27e7d807424ec640a642a

SHA1
812c920f23ad749bdba07d7d8e5c52cc2bee5ea7

SHA256
26873ca3bd6c9279683d2dfff19f5fe64e46c82d01dbbd775ccf5036c6a3b971

SHA512
bdb3d55e8eb4652599f1418ce63259006fe43e8092a80ffbde69a214e96a358cc563b9daed369e7a283846329f7d5801e3b3fa800205fd0cc1b48942c7ac8b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe5d7571.TMP
Filesize
93B

MD5
4b838a099321cf632ee271cd78c3665d

SHA1
85c890598c19e8c152a7865a424af01f87dc5b40

SHA256
6abde48fc2de20bcd927e1edb9a1cc5939b373cea3815822bd4f2f4ca5f54135

SHA512
fa7dd39c355914b1c87af7cad5e0935e6b65cd61bb8c3cc0ab7382df4287a338e26c065039fc473bf0e06c97bc339847b8ba5ddadb8af2e8cd2f33a07c252aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\17940795-9251-4922-aa4a-c346530551a3\index-dir\the-real-index
Filesize
48B

MD5
a0c335396e8e8e53a25485c2a54e92a5

SHA1
dbb537c3b1e81d446cc19bc475dcd244fa9d5256

SHA256
fc01cc0734f063a4ebef1d098b142e29888daf066214cd94a3a545fe41be5684

SHA512
6513e9fe5e3fc8dc0bf25b15b45d8d3f26eace5b4a6951179bb29fb3c70dc0feed0652b5c4b8d1bb085f0dd1d67e2d641de57a41b395c869de398619870543d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\17940795-9251-4922-aa4a-c346530551a3\index-dir\the-real-index~RFe5d6ef9.TMP
Filesize
48B

MD5
c9ea22fee2372825187618b60417a1c2

SHA1
efa6aa64ba2f1cb6e3b369ab9a640fa45c791dc5

SHA256
b0b4a00234f6cfe2c77944f6f435093385ef45dfa8537cdfeee2746af266a626

SHA512
18f57fee5e7d8e7731f9884c3ab87c19fad34528ad0892ac67ec10a4fb7a962bc6f1c1bbe0dc7fd3421f84da8755f36b033b854f43a6ee97fc1bdc7a0484415b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
Filesize
97B

MD5
712c793349abe1987ef8d693e34a91cf

SHA1
5e35d51ae90040f4bbb68895de824aab0f500b5c

SHA256
585dbd6df27b9a7b606d1a12b80f99029f3171324ee5d99c153ea9e41cb70e7d

SHA512
deb1638e0b464be8d28376f19963e93217b5b2b13979a516daac71f48620e7b8089855aad5b99f185b0578134314312b196528ff216219f79f4c97a15a773f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
Filesize
90B

MD5
09814414996a9057923d44f7b0922b3f

SHA1
377225e02f4dcc73717a6a0d8a60726fdcd25008

SHA256
88f123b738924069453c67c1b7ad158833c13a6699c4de0d57c125b41f2e664b

SHA512
3bbd20fe3fa0718e8944f1eb3035c520a4a6c1703561d1a171453c914c1c8c470d1436243d3cff31eb36c205ed43a5850c85f9958c9f58f24371ac006ae4693e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
393KB

MD5
72aa57842938e50c7add7300eadd6333

SHA1
94e3b3e4b97b3a55261f4c62328488d1175424b9

SHA256
f9576a07b311d2374922d370f31dc5b96d7f7ee52511540155bcd70b659dfe27

SHA512
b12f4a9685fa1a434a126e66669d1e3a01d66324fdb67baa2b91fa1961b72b4662fbab6f3281beb1938100c8e2954ab33de9a2b6e963ae1e5b01a2337c9745e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
01073cb5e0510b3fd57d407f77ef52df

SHA1
4fc5b4f3250f6d7e2f5aeaa20ea449874b0bc04b

SHA256
18802a28d1f448e57b6652b19d84c2c16660bf06943ce321bccdd4d7f65f2a1e

SHA512
f8e1b6b74218ca288cb4823ec32ed3914267d5e35412429f56c6308506841e0ea9b229b1bf41b17cb9773537f08ab0e223d1dd11d3dfd9ac3ba11d1c927493e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dc391.TMP
Filesize
48B

MD5
3abb1515b8e673a7b37cebac68e9ef84

SHA1
d52626084d4e86eb351c5a0089f1f9ac9d65b4cc

SHA256
b06e707ad5f361d72c7f835a190b660c2153a5c6dee44bce49dbc49db9bca29c

SHA512
c7299abbfa21e281900e9322c877815ab9ab933cf239d8b6e70eda310eac9bb9d7d0bdf1b360241c81673e47b5261ab668ee7dff8be2e96ff95da17bb4478f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e4cfaeebba97b5201c612ac585a9d12d

SHA1
9ad802d30e60a8c7d268decf267bb7e70f6793d5

SHA256
05bf61b18643506a6071f696e9eb47df0607b5969bc6567e1b8aeae3496fc765

SHA512
c5d457d0dd7506ffa09c8ef135c39764ea82fc36f839142f00d80c68b6b2f0217787ab5d6a0244a9c384ac372e43a54f447bca17c332718a2e85ee540dfcbc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
5f52c5eb37390c6f98ad54ee1e3dcfe6

SHA1
96830013be9b80cc68104e9763e182e10343b02a

SHA256
8084fdb3979220cdbd8d08dca9d5cd5194cae7c16231eb1ac10c4dd4f7feaba0

SHA512
97d44f1ca55ee37d12b5a86ac4f8f644ad6c7bf3c3260f22e6439be17fad6ce3e78154b61e24b6897b614a810a5bc55f049702010f28b93872fbe94009dfae61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
0cddcf3a20b688662454eaf81c4ea60c

SHA1
90427c40ff4d49f0082dbed705e8158587a56ada

SHA256
1ed91b818997edb3a071d62b217196cf87eefee78738032c77f908f88b461fae

SHA512
d2f93548f73b2da256d8f5a8d11fcc33be29513b041c2511baef78f05cf110efe74d7972ece7fdcf76b23d5c81a1933c16426d385be0cd712209270791877f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
141263a0f116f5eeca6710cb295baf09

SHA1
d47fd4c252bf2f2d71fba869c82b2ee81c8ca082

SHA256
923c90f9b888c8c3f93c90f6882ebbcc55873eec6a10faf901586a15a02ed5b4

SHA512
c5bd6889cfb687e61a4d168e2fe75e5d773d5a408bd930382b161d89ff0c36d690feb4849d2a04c5aefa31157696fb52cebedbc1e089cbcdab223901b3d417f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
0678d5c67d34bcb35e209d940310f169

SHA1
301f32dc2bd88fca5d4cdffaa4b2d57aaab690cc

SHA256
a1c3ef67eb1ae5d277c28af0922a1c4dea903b4b60be51ef4355ae677eeb72b0

SHA512
1f41c42adf99d654cd9fa897b37810209f5df2ae7d04cf01374dfe7bd398984efe33bb2b6c8d0b49daa79adbbd3a5d05586e73e1363fd1bb95c4f2ea39d1705e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
c84013b7496d01b8c36bbe12318dc463

SHA1
369222ea152a18a7b2bba2164f0f7eb0d4177a42

SHA256
b8608b1d88e8c1106444e660761e4d4bb167df95ed100095c5f6fe21b15fd26a

SHA512
0476aabfd7b23c069662b8203a7481a333abfd53c2e75f6c9d7930da6b590fab22832fb2eab68eb828c863e266e3c376e0b0608396175283e61a1a08367e6259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
171db2a33a280a288ce489997f999ee4

SHA1
408ff35a0109f716198d6842cefb64c652983ee4

SHA256
9b41cbd9402153f9c2c026e29f7a1086347797d52c90e1512583e8917661421b

SHA512
5222d99e162c92230940d0c1160e98b363b8fb79262cc0dad24fee2a1a8cf82047ef215a1f28e79591add37f91f216e31dc351463084619f9c0b9b0d237ed675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e5a12cf68b8f339300d793e7d677cef2

SHA1
f4b49fb22b4ccbfb46b222d2a582a11c41fbe1d3

SHA256
a952f09081ba8bc99b7bcecc5edbbb3c78ec4074d95d390f46ec1092af4c8db9

SHA512
5103cd2e73741e3d139b88c15bb36022cadec558125304f9e1686e9e6e72a5b5ce508d93f54465a415a9ac42cea066a1becc2230fe16f5936b43f0fc78bab5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
88dbacebdf751acb786c125118b8f3d6

SHA1
6c591cdf1ef473e9e7cce3dcfdfbefc988e8bfc4

SHA256
4a4048e9e8bfaf8a1520c03e678153daadb1ef4beda070c8fe0f1eb47eca4851

SHA512
0e9e92ad83b88cc4516b5a900a8475805ac346d43fd66c46edce1643a56863a8271a533cd2e11b3735f8516d37ba4a9f5e4fd295e846894e162fa02eec8ede41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
cd9d4a5a8630895b23730bf3d0ea5a45

SHA1
dcc14f851c33c1b987a5da5772e8583b4a376255

SHA256
5359f07ab74320fe317078e69f82914b48ccefbc816b35f92d2b7d0bac38a5fc

SHA512
8c3917b3bbe4991fcf3e8890620592a256c91ed1db09c88b441e26a210403576d3c28e5247f8b3788406cbe5398c202f97778a6071f3511a2a73d19e53a14674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
19aa86a89e4343508b6db463a97b646b

SHA1
6c6812f06d6cffa4f355ea72070882a5c472da9e

SHA256
b33e7a23827b31f866696394eaf58e549d1a7e06919e334d989c1ad1050eb0c9

SHA512
0b034fc90ac59f3c18cad0d5d7a74fc5705cabf10e23f76bd726cb54809fff39ec52faf38628799ab566ba04cc201bd1abc60dd60fe193058d0b1c612a324c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
30db551ca7b38da20d2eb9636b77ddd2

SHA1
7e8c3ef8e1e1682df2bd512257f2e41219ac110c

SHA256
4796a257a0a3f2a16dac02aebd17fbe88a2f5b3e7a0a41fcec5629b85c523cd0

SHA512
79636a3e550631cf42bc8699e9d6675b779d48fa2b666d65218439b6bb42ae22691020a6538aaac452c2aa24ef39f96bbae716f240ae20c5f0664084a62c6102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
d3a0970ffd1c7f887ea8e30b20f7a785

SHA1
9a55641b04d4c4a9c42135f4f3d3a8e3399dfdcb

SHA256
0ed1351c685fc489427c9f6e181335558fe1ce99c75ac714768c29ce0972ed98

SHA512
84b62932c95619cf74c151b6972ff661075dff8e4b6d8f41100ddc9ccfe0d250669842022183bf1eebae6afb85c4309de2a58d14ea7b96eb68a4ba886aaef6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
690055b6758601f27085580d23aa32df

SHA1
e387ef546a09d6306c01b4540d2454ced9f4501e

SHA256
dba12796cfbc919dbef12e098a9300d90facd7fc2ab24bba6829514ed62528c1

SHA512
6b170ccf8a231ea46bd275620fbed559bab8ab82e54e48ba36884affc5d44bbae181bae28eef5423150a857b07cd93c84f371dcc110b4e73aac47375fdd9df64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
7a927e0f1bd6924dfc0e630676a7bf9f

SHA1
add0cb4956388462042d05a3a08f275eb69a1c49

SHA256
bb72f086baee3c15b7e5ff94515f5f741e656d73d8acde3b3ecf15fea1ff940c

SHA512
830dd27802bfcc9637d83d796a553232c4ed518f3732d93aa9c1dc752f8bbb82a5681aaacbc0bb599f076d8e9c5ff754950be027a3ba3bac8cff9b87bcc61404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
1b26eb92dc28ee05549460f467f27489

SHA1
478f7a9863eca3e1cce5648de49120a4e4763518

SHA256
cf60e789900f2db60b83bf0e50d84b78d26bfea4a0fdf544eb65368d99484939

SHA512
37564d578bcf28a6714486847c26bc8aa3af799a1808599a3edf2246f4c56f3ec53763e8099aa93d99ab21c02f8afeffa236196cf1f9ba7491693c32431c8459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
61259ddd0390093b233fdbf9fdc77f2c

SHA1
d02d678694be2e64885ce768637cafff6d6c8deb

SHA256
e66ad2b6d45f79fc8042fe86f97a14c8e4c8acf5d05192aa395c81e9247d336f

SHA512
85822911b9f3f5a1f815a7801235646a411906de8d249e2bd67e8c5b38b1a506f2cb5d08a3704c456192c606142cd70abfb41ea92b2c9b1ae5947aa2bda9c4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
edecf291a8427e307000d59667aadd2b

SHA1
02c3b122291336b2b0c28cba79ff1cd2568e8cb8

SHA256
bf580034de38828818f28b5b09fbe955322ddb85c8d451a7a1d0ffe923dd690c

SHA512
989c36b129578766afdc3ee7569b1e401f5c3d07fc0b11aea61d179ac37c7f73e3479e8ecb0ec99a9b608aacc7b5e367274e32ac3ac49212b183b568720a6176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
ce7a6279c1b6f5c961c4779b9646681f

SHA1
f0cf78491b37fb061c733583a74834f1152eb529

SHA256
af856dac819eab91d4c074937bbe4a036e8fd65cb4b23cb74eaed9d2b5c9598d

SHA512
4b91ceb0485d9909100e1f830a700065f15d1f12a54ca69cccc996831e3b50fca13836e3183d71677bcfa5ac58563625cba3390cfd29d3959db22325ff9678e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
9d8e46b687673a4e57a2883f54fb03f5

SHA1
fb6533c22ec714d6548ec26e695eeded3c3fca69

SHA256
e6f0d170375f0495601c613a9cb8766b3ebf990e3117438b3b6bb6dfe057b524

SHA512
d0b2c54b4851cb357ff513747e420f0668c1273759bf548b43d1645aa7b85f33320584ae6d4357b26497a05b20ef8b62cb33fbbb771bda8ead4fced40edf3757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
9a072f73a4086a15433618e3d390a689

SHA1
00b3084740a13945be47723bf406708d13efad93

SHA256
8b31a87618fe03e6dfd5e19d4a8a52da915c4e4110f6150fe949fa216b42f107

SHA512
87b2dfe778e51e00b9cd0e47a83be38d3921fc9a0829d61e65589e22ca32c78584842e046e0be202c910981ca3bd14219fd143063630c489b60aa7918ce6a06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
928e25eef66092603ada3084421ffd0c

SHA1
ecf173dae9e8ce342d925d33f331350a77569495

SHA256
60d25ca98defb15fba847bdbc61ee1c3a8325e4a2cb0d5a6c5e00328571873b7

SHA512
d9e0fdabf91b65ef2a60963f5b41be1dfdd552344f445bad98b30adcaeaeff38e8d12a46d496c257861e386819cd5b188d0552655b2415b67702e79f4dc95e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
b9ded0069b0c5144e07be70c271102b4

SHA1
a44dd17aebcc02235296e9f0f81dbf3cb8180d32

SHA256
c90547cc5c009ae32b4d3593e6881affc3e8e8b63e1f77b94b93e3567522f9c2

SHA512
157bbf632c7bdf2d3735380a7ba7df307ea6f0ce03a17bbbcf8d17ae3e033ac6a01ad231bf9a8fff356e056590b3f8d759777bc746c362e030f5a20b528911aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
52840c61a9d4ced0763b30d24010bba9

SHA1
a742966eec5fa6e8183a958fc1753a628788f2a0

SHA256
3a4ac60a501ead45bea0037d2dc17d10702b7bec3a6b3476148292305bb65d2e

SHA512
f27f847e7c501a83354350a4aad32f03f8502e8fd51428dd590489fb382ffea988eea2a0e8031137c92fbb59d53c95878e4d1e20b7034e651e98d1874677c100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
40f92a03c6e29ce35acd661a5e65d02b

SHA1
994e3711b317e9d6ab9e08ab351a73d5d4f8ca72

SHA256
f6ebb56d1f9bf988082c03823d1073482f456428e98197fa827546a84f384858

SHA512
bcadc0dd25b89e5aacc5b1b19401dda43bbd124d24b4089f8cf5081b453e5336a1572444a286c673f968d71e919ecac9edc40f01ab9ce24ca2157d011032b401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
190702bee33264545fd274c8c91cac73

SHA1
514345fc3bb565c91aedd5c950cf194d4250957d

SHA256
0a62dd6ff5466d6634c71f3a8525927cb0c3439f9e99cf10c3d1fa1ad57bc084

SHA512
05d1dd7edf273bac7136d1544cfcffb69fe2c123f1698049ea83fa0e652d8e1a3807600b4ffab242fc726b87933efd97954732443277c83dff02e8d96cb114f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
ec6b54ab62721b5e828d60a574ddceb4

SHA1
5d1625f418290a61fab6b30ec710c0a6a400220d

SHA256
16d4f049b0c5ac45120dc5fede18991366cde46afb2ad49e931ecc012a616f21

SHA512
d878ad6fb760f4d3ef1c2d7053b220caa9ff869b5decd13895faff0c9133e6a04da836afdb0bfea0b858fd977d14fe097cf0baf31fff7cd5502df54a69cfed10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
ea7740cfe97e2702be453981ab816985

SHA1
688ac56361c13943322019757f48a6c2aadb162d

SHA256
50229f2f1308201af1a1d32d1b478e474b9276b8dfce73c73cdbc196f58e1435

SHA512
6cb800f6b0af6d67f70f18687fc907d782290da56a8c402f933deba9555ec364d8f8c46b05b2cbdda6df1d5362dbc3cb769f0170fffc2e339ddf1f8fd445078e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2513b0e21124d73ef45a382a13b76d75

SHA1
9cf5e84cc6a1cd7cdaf15d190056ec8710f2efc4

SHA256
fd15e026ac1a6a04448cf3a6bd285f0e0efc59626ee0a754de42bcb14e45ae3b

SHA512
1dd9593432e17aceb531f931c555c742514ec15ca179183691a562bac52c5499bfbea1fe70f18ace7d3c6c6182c09e14736b61b8ff41912b8109e186f05f1044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
d01823a39d4ab685d04e47b59d43ef09

SHA1
39a4a2cee433c6b64669098bf15278b2b87fa433

SHA256
267839f53e7939e9d86a377e87dc9db9ba5c5ce62ad9331f3282e3dc2de7efdb

SHA512
de51a7fc977ce21ed78072dd58626a4a5a60b063f74a99b9c669eab035d09ccecaaeec750bcbe00297df0d385e63d1612e14be113de43b68c0d4dd77b4223899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
38b6769e904cba17403d44b14195f9f3

SHA1
4cb41cea95a7c0da859b64ffe40afb25f6302079

SHA256
8012e70124c99d937bce5ba5b41ef98305d7bd493cc39f46d42f2ea17e0ea8dd

SHA512
2738162ce57c67413f0e55cb8183b9828fb1b62ca970c3c25bcd08a36d91b9f79d16520ab6b27477cc77619c873e8d6c07524ca10e08321c81bd72f0a53c929d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
f51c517a43072c4cf1f239fbd9f74c6d

SHA1
fc6cb083cea6aa67a77840a189917bb88448af46

SHA256
bab838401accb2a76530f5e4c5e39168112309228923eb926319c16e68675b37

SHA512
1352d60efbe4195354802962dde2742d50158f334d0a7084a13e3fb672b38e0ea3791b250272166fe85117830999fbb74c64f7fb6c4c3dc02d56e344bf9b5df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
9KB

MD5
64bb769b383f1db10f94be595c5a7e38

SHA1
064bb48bcd949767387ea006cdbcde4791d14e6b

SHA256
40f8ca0b4905c862fcb6d653be6b7ee776ebdf51233341757e8613213e7e0245

SHA512
7f80536b89e4a3268ee01057225014d4648471eeb51eea54368f6069d444f0376bda6e7b218afdd1e5ceec1f1e3f9e4536156c8448edb8ee4d33536be0da1ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
8fe29b39c5aa42e5e80d448ad6bca096

SHA1
b6e24069979cd27bea231e9c535ff31a51918c03

SHA256
ce6cdc9422e3cb422815a9dd47db5d633696daa44a6bdd1a52984ab7e049da4f

SHA512
6dc2f54883bce0b9c4dbd544bb3b998db3c500a07c413df1dff0e16da36b89e9624a6ed5ee859b0b9ad259ec29c2db652c813f5b41f86f164b9d75eff9875453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a738b.TMP
Filesize
1KB

MD5
0152e94a277b9e1fa4e6d6e4702c89a1

SHA1
a41b0ed168da2069d09054ffb3822b86ae71b812

SHA256
16377ac60a7d7432888d08d138436e61a720998fe86e25639d85859c6329f296

SHA512
a1b6184a98ec6adea3c2b6f54c0a907a51a6e26340b0418c5db683f490189a8844fb2f82f91a8e5265a52e26745f3cca16743065ef840456f91e031bb4281035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1e47f5a00846928c24f0d6508d8c6b8d

SHA1
98c9b4b382540efed50217356fc11920b22e99e4

SHA256
b175ca302ab95d7c005184dd3e45e1e24274323d3108c01c011309033300088a

SHA512
09d5754f08470a21b3f9e5909b2745db11c3edfff98239f71511800565477772fa652e6df77b834b50cbe317d7d138f1899e114f4e4341e653c873eac8fef5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c86fd435b802d4021c2e03beae04586f

SHA1
4ed04b4c8d39af580193535abbaea38fde761c1b

SHA256
e4e3d01b3bf7764c11bc1998d1c0d585b0b14daddec863334f5e6da62e674774

SHA512
02af752eb268fe05a085038050cdcb95ce1887768dff17275c20c8be59a69c0f475bb341f0af8013224f99cc960d5a0b5ab3572aa21a3c2fd4d91476e382ca7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
df46eb1fe5d54a0521d9965203a4a9da

SHA1
e977aae1bb82f3d57267ead3b91df3d82d6d50c6

SHA256
6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

SHA512
5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_frngub3h.spu.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-bottom.png
Filesize
9KB

MD5
495e1b72f1318b9abd18396170a8b73b

SHA1
1f75098efccea494cd6bd1241eca02a9996fcf2f

SHA256
9b86e47b5b3972b1de9d55b53caed3538f7179ddfbc79fca35ce9f30c354c6aa

SHA512
eaa474168ba803b326961ec89a17dedcbec470cc8b412a1206bfd71cb02b6c031fbb3af9ca1e218e19f7780e5b39d36ecfbcc02a3dc71e13cfc8712546f99351

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-inner.png
Filesize
964B

MD5
4a1378ccbcbcf4a320bfc4d63aabef36

SHA1
8f17dc3df0a7310ab4a3914a81b7f5576e5546a5

SHA256
f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a

SHA512
6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-top.png
Filesize
51KB

MD5
229152b01d238ac58d066bbdd45219bf

SHA1
b47d2070eb77d723f925f36c902c6cefd5bb1c31

SHA256
acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e

SHA512
fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\botva2.dll
Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\buttons.png
Filesize
7KB

MD5
84d27be69f0f13909dab87c1cb270a29

SHA1
cb3a480bf9d790342e12775b4d50c350475f3bb5

SHA256
ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de

SHA512
290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\deviceId.txt
Filesize
36B

MD5
becefc83c0f3a0ee7dfecc5fcb232fe9

SHA1
e1b8cd17c04d6a18e6bd9cc324bb305984659289

SHA256
4a3531076c76b91698360148958a81f04e2b5fc3b446728250fe91daeb1ba166

SHA512
9f011d4a08e81d61f04bd7b4340eaae27fc295897e5b3c1a38d63a9e66e5b1fe1dbe9465689f2a3f6ad66308053ab8ab1a0bd538e5c6a78cde5f069056c3e1a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\idp.dll
Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
Filesize
2.5MB

MD5
3b93628e07e9a9352cb7ea41c59ef578

SHA1
48615d4428539e9f0af70153656f3e8ae4e2589c

SHA256
498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60

SHA512
fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\bg-bottom.png
Filesize
1KB

MD5
a85701bbac20a65391e4e202afc96204

SHA1
a0e73596a79baaa29fbbb368bd132e3ee49d3b03

SHA256
7e3058acb23e999d1ddfdea122afd33bc487b075c2a966affeec4d38cdbb738f

SHA512
55b1015a0d6a613104ae7edb64a59d198a176ee4fc0c32d9f1af1e7ad577af606adf55ea5586ad25443fb9ea9e770dbc2267301027c1a5f3db5eff928086a27f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\bg-top.png
Filesize
32KB

MD5
dc19715992c0051d1456308b41f04e98

SHA1
85abf86dd0e738638fff84ecd44e5b3cdbb4b96d

SHA256
86bfe5acda1b1fc9bc8f205a58c824ad58179925d2ceae11b2a341122604457d

SHA512
2f7b3bfa6c084b830213996f7691b6abcb9efd0ac44da4739972758b4eab0478e46761d8590fcea03d2902909c2c992f1eed1ef48e353a05ba67c06189d2117f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\buttons.png
Filesize
1KB

MD5
87cc673665996a85a404beb1c8466aee

SHA1
df01fc67a739544244a0ddabd0f818bd960bf071

SHA256
d236f88ef90e6d0e259a586f4e613b14d4a35f3a704ff559dadda31341e99c24

SHA512
2058e3fd362c689a78fb3d0a163fd21bfe472368649c43dc8e48b24fa4bc5ed1307faf1cab2c351a4dd28f903a72d4951a72d7eb27784fee405884661a259c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt
Filesize
6KB

MD5
f2a0d78c70d50c47a1c24e0278078c27

SHA1
60f500ebaae326f8709b59fb2eb64b55fdc7013c

SHA256
2d0f0b0a5724404924bbd2457329dfb55425da8794580499841d89046cbd30c4

SHA512
02cef64c22549255a537abc6cf905837dc4dbe4a24335cae967dc08ed6a2a54a79397723ef93a7c85af79706d6b33d68b42485340c1503a751f14986645321e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt
Filesize
6KB

MD5
5cbbf0804c28f521c892b0645990e29a

SHA1
f7a1fcdcdb6e6c1e6a6ae55ecfd58b2c29342ee5

SHA256
29ef1b8560a113820f7563bfc2ccc2a13f5d748984e5ef295680d66e395af094

SHA512
722f2a3a1ba0844711835faf0c30ef8f0f6a71948e06454d2caa28153023ffcdc4f00c2c4ec5b7f488851f992a67f009345fc54ad756f4e2f1f3002e648bb2f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\SETB3A7.tmp
Filesize
4KB

MD5
53bdc7ca40487c4f643db4ff2c1d2fa8

SHA1
91d750b1347831365729f4ce22ba13ea8ae91dfe

SHA256
651b6a24e897b78ac164578a24f97961a3507366db7875765a7ad274d7e787a2

SHA512
8ec9c30c68d40a0fa11a43c872c14dc8d0d44b0a97ff3dd1c276b82c4a1c144ba9043a9cf0716c5f37c2fd95d43fcecc858d2ffc442dcbd4ff43f3cd86b8c958

Download Submit
C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\SETB3A8.tmp
Filesize
47KB

MD5
b695055318ef82cc15971b882d71890f

SHA1
86b5d52e404b56245130d5858784aeac25ca67d5

SHA256
1f040cbb99d627bcfa63979b539d6c93e6d5a85c1a103f501aa88b816954b400

SHA512
bae69f3021029934ab195f83ac7c654d90f40350c626972f17ccbcb848c02541b605f987515b0f1a17bb23d84cbfdf845731fdf96022ce272afe4d2a763bffee

Download Submit
C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\mvvad.cat
Filesize
11KB

MD5
dca9fa98db5e1e00a86b21a42e0cfddb

SHA1
06381ce9b5c8e52a7c6fbe635cbe1ea063535a4c

SHA256
a75ae4d761054f1ef771434dc2227fc4a130820aae6f6ffb72a2ff62d130fc4f

SHA512
8d7e56e1587ef1d424c2d7765946c34851b51068236411131a3ed4e588605602e741c5d22017b95a5fdb76786809e777f59b67ad4553d69aab6a0653c1446a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a7bd73e8-490c-a545-a4d0-b2f18a550b44}\vmdrv.sys
Filesize
47KB

MD5
0e625b7a7c3f75524e307b160f8db337

SHA1
5088c71a740ef7c4156dcaa31e543052fe226e1c

SHA256
d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3

SHA512
0ad805d11413dcc9d3c549b94a3644fc9c9caa23f0a661c9aef41c1e6f8d91de784817668ff4f34b3f50d738aa8097b2a0ee38de078ed97f5c17635533e9e165

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
7ac7a0f134a68d00d76a3addad2a7a58

SHA1
35cdf655a158fb8524d72456f882e460d8c72e0d

SHA256
e0592ab514746169755e71b309e89ba50101839e7c119433a0f00541fbc9d9b1

SHA512
80e084b13f733adbe599854ddda70c9e464fb16ef1ccd0edcad75e987fecf050ac27fad9759f985fb5f604a280850ccc0dd22156e149b103f2ea4b96016ddc81

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
d05ac9e060e347dcb475d4622b86faaf

SHA1
b7f41235352deb86da46b6bc777cfc7714a1eac4

SHA256
d0e1bf0803bd431b0fac0b303d795fa5d658130ed6279dfffa0eb676871f5dcf

SHA512
51512802919d5b8e1b514bad1a6fd6eb1f8b340c7a10ffbfbd5cfe9b6bd8a977dfdcfa4fbcf2caee519e96af208d59d8aab4bb071c3fbc48f560021aa1034120

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json
Filesize
693B

MD5
7bc47d7417680515b6ac325042233fc1

SHA1
a275dcad75b69d6c40031ef30f4fbad0d2a28efc

SHA256
43d68897e3934e4e5efed0bf6c33cc5921eca10c05c8345e756aa0639fb7a8e3

SHA512
ec740c01f2a7f2d84f49d2c322b9074ca056bab0644d70d555968758070d6db773829aecb667c09981c3522a1ed05d50ed95e1bbe4e86e88821295c7e9dc0775

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json
Filesize
786B

MD5
656df3700d969d2959b8f814f468a48c

SHA1
979f5e5c17c486f74e75492baf017bc753b46c95

SHA256
fa52f80b1046b4eadc5dba9e6fc22058283bc78da9c88c6c34d1a405363e882f

SHA512
d9da7c76b95fb812b5d7d4aea82e63faa1c60cf4efa43e4fd09d76c628587dfc40fd9c4878bb64cce7eb93536532ccbb50ce9af6732c859054e8239a7c73015d

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json~RFe5ae8db.TMP
Filesize
484B

MD5
bdaedb6ce6d10b48b99180b292310786

SHA1
49f3a91054c56e812df810a225a6240b01a6ffb2

SHA256
832e0dc0df7e3e9b2830a11ab4a170788ec03e6a69d9291fb2bfac152f113270

SHA512
afbd531f54f0966dc75e4d929e97a645373956cae84ffe073cc2adbaef223860d3d75737af430924a0a9328057b4a5ea066b5c265cb668dc835eecd28aa4a3de

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\Network\Network Persistent State
Filesize
697B

MD5
cb6d6b6874a7fa5a66ffc64008ac6092

SHA1
2580c521b97f7762619cb7a6f191bde7486f52c9

SHA256
44334963ca1212858c02cfae449bdc5379b03e15974294571543766702548f94

SHA512
aab765b9d34f4ea05dbeceb53c4e022b755980d83ecfe91d9008b24c2c003ba5f99a94e673eadd649d933851ccbdd1a4d64461e37dc56727c58c4944ad0d0129

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\cache\Network\Network Persistent State~RFe5af57d.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\settings\voicemod.db
Filesize
28KB

MD5
cb12ed580481b56678d2469784cc6931

SHA1
a3799528c449b723015a2d9201be56756384ae4a

SHA256
a2e76797e52b5ec21801e2e5b85fc434776b26ecede90110e3a18865831680e8

SHA512
be192ee6f57d26927a39a3566f7bea999a05c7a42152ab924fcdfa4e268d599b58efc1120671e935929ec4b31862bec370857056e3ac3b556159a4730bfc0c4e

Download Submit
C:\Users\Admin\AppData\Local\Voicemod\vmlog.txt
Filesize
6KB

MD5
588c132cb9d9b72f029de3aef842a7b8

SHA1
419c989af1ab3a0191e5f5de11f77c114eefd6fe

SHA256
add018d9319a41ce9145639991a517e8305229657e0cfbff426ff405394ba8e6

SHA512
2d6ea3c609aeac5793b17c08033d61f67a701bd9de900545710ce901161467b05e5724eed02eacaf3fd2d0400e5a5ac3404cab5a73018f0b961ef76fe130ffdb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
12KB

MD5
1f7db58bf28700b7422824c2f78ed07c

SHA1
39c8e818f97cb269f1dacbe7255d62d7761e75af

SHA256
4372c4852a57b9a1cd955be53113327cebe7df647c4f6c2a57d378ceb6728e52

SHA512
d302e1e8b365708d516a97a7efbda3bbc0ae6cd47d2f7b34f891b5970dd49c12071fa2c9c8cc5ef89bdb79b9110838228170e6809fcfdd9a4cdd3ce3f7f62305

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
15KB

MD5
1e7619f077d0d71abac499ed85af0a3b

SHA1
e5be8873abde38dda5628503452552f2c890d57d

SHA256
418378e8f6993248b7533e12239401e64715fb03a85a5de96d56e53bf4b4c638

SHA512
ec46595c3cf92fe53654df784a8c6c9f7c2a8666212d1042581c5a4022611190277b89249a107c901fc67bb788e6e60bdcb798f1d399b576732d38edc3a381a4

Download Submit
\??\c:\program files\voicemod desktop\driver\vmdrv.cat
Filesize
10KB

MD5
46bb11132e5800c97b9d2c1df6e6fe88

SHA1
83a6cb8f90ce3a805609eaa3472ee480ac30a8b2

SHA256
6bfcc755ffedaefbd2aa94988dbfc2492a185ec1621ccb2db9194d1f83df5ccf

SHA512
fd3de31cf8025e933c8a4966938ab4b59fb9adca41b009c0ef0129bf5297bf4a64e5d4bde662f2aec62ccb3c05bc10c309196c73355cbd409ab4b1f6ba86ad08

Download Submit
memory/588-829-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/588-1511-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/588-1390-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/1960-663-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1960-0-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1960-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/1960-103-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/1984-1595-0x00000188F4970000-0x00000188F4A90000-memory.dmp

Filesize
1.1MB

Download
memory/2200-82-0x0000000002F20000-0x0000000003060000-memory.dmp

Filesize
1.2MB

Download
memory/2200-104-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/2200-102-0x0000000002F20000-0x0000000003060000-memory.dmp

Filesize
1.2MB

Download
memory/2200-87-0x0000000002F20000-0x0000000003060000-memory.dmp

Filesize
1.2MB

Download
memory/2200-97-0x0000000002F20000-0x0000000003060000-memory.dmp

Filesize
1.2MB

Download
memory/2200-28-0x0000000002F00000-0x0000000002F0E000-memory.dmp

Filesize
56KB

Download
memory/2200-105-0x0000000002F00000-0x0000000002F0E000-memory.dmp

Filesize
56KB

Download
memory/2200-92-0x0000000002F20000-0x0000000003060000-memory.dmp

Filesize
1.2MB

Download
memory/2200-111-0x0000000002F00000-0x0000000002F0E000-memory.dmp

Filesize
56KB

Download
memory/2200-194-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/2200-530-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/2200-608-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/2200-661-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/2200-6-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/2464-797-0x000001916D390000-0x000001916D398000-memory.dmp

Filesize
32KB

Download
memory/2464-665-0x0000019168FF0000-0x0000019168FF8000-memory.dmp

Filesize
32KB

Download
memory/2464-614-0x0000019166240000-0x000001916672A000-memory.dmp

Filesize
4.9MB

Download
memory/2464-616-0x00000191683E0000-0x0000019168464000-memory.dmp

Filesize
528KB

Download
memory/2464-618-0x0000019169090000-0x0000019169162000-memory.dmp

Filesize
840KB

Download
memory/2464-653-0x0000019168FB0000-0x0000019168FC2000-memory.dmp

Filesize
72KB

Download
memory/2464-834-0x000001916C590000-0x000001916C743000-memory.dmp

Filesize
1.7MB

Download
memory/2464-655-0x0000019169380000-0x00000191693EA000-memory.dmp

Filesize
424KB

Download
memory/2464-816-0x000001916C590000-0x000001916C743000-memory.dmp

Filesize
1.7MB

Download
memory/2464-642-0x00000191692D0000-0x000001916937A000-memory.dmp

Filesize
680KB

Download
memory/2464-662-0x0000019168FD0000-0x0000019168FEA000-memory.dmp

Filesize
104KB

Download
memory/2464-798-0x00000191710B0000-0x00000191715D8000-memory.dmp

Filesize
5.2MB

Download
memory/2464-660-0x0000019169020000-0x000001916906A000-memory.dmp

Filesize
296KB

Download
memory/2464-796-0x000001916D110000-0x000001916D11A000-memory.dmp

Filesize
40KB

Download
memory/2464-658-0x0000019168490000-0x00000191684AC000-memory.dmp

Filesize
112KB

Download
memory/2464-752-0x000001916E490000-0x000001916E4B6000-memory.dmp

Filesize
152KB

Download
memory/2464-751-0x000001916E4D0000-0x000001916E50A000-memory.dmp

Filesize
232KB

Download
memory/2464-749-0x000001916D490000-0x000001916D4A0000-memory.dmp

Filesize
64KB

Download
memory/2464-671-0x0000019169000000-0x0000019169010000-memory.dmp

Filesize
64KB

Download
memory/2464-669-0x0000019169070000-0x0000019169082000-memory.dmp

Filesize
72KB

Download
memory/2464-750-0x000001916D4F0000-0x000001916D502000-memory.dmp

Filesize
72KB

Download
memory/2464-675-0x00000191692B0000-0x00000191692C0000-memory.dmp

Filesize
64KB

Download
memory/2464-673-0x0000019169010000-0x000001916901C000-memory.dmp

Filesize
48KB

Download
memory/2464-748-0x000001916E430000-0x000001916E48C000-memory.dmp

Filesize
368KB

Download
memory/2464-747-0x000001916D3D0000-0x000001916D3DA000-memory.dmp

Filesize
40KB

Download
memory/2464-745-0x000001916D4C0000-0x000001916D4E6000-memory.dmp

Filesize
152KB

Download
memory/2464-746-0x000001916D3C0000-0x000001916D3C8000-memory.dmp

Filesize
32KB

Download
memory/2464-744-0x000001916D3A0000-0x000001916D3BA000-memory.dmp

Filesize
104KB

Download
memory/2464-679-0x00000191694C0000-0x000001916952C000-memory.dmp

Filesize
432KB

Download
memory/2464-720-0x000001916E6A0000-0x000001916F9F8000-memory.dmp

Filesize
19.3MB

Download
memory/2464-719-0x000001916D0C0000-0x000001916D0DE000-memory.dmp

Filesize
120KB

Download
memory/2464-698-0x0000019169B10000-0x0000019169CC3000-memory.dmp

Filesize
1.7MB

Download
memory/2464-680-0x0000019169490000-0x00000191694B2000-memory.dmp

Filesize
136KB

Download
memory/2464-686-0x0000019169A80000-0x0000019169A8A000-memory.dmp

Filesize
40KB

Download
memory/2464-690-0x0000019169460000-0x000001916946A000-memory.dmp

Filesize
40KB

Download
memory/2464-694-0x0000019169AD0000-0x0000019169B06000-memory.dmp

Filesize
216KB

Download
memory/2660-1623-0x0000019726C70000-0x0000019726C7C000-memory.dmp

Filesize
48KB

Download
memory/2660-1614-0x0000019726BC0000-0x0000019726BCE000-memory.dmp

Filesize
56KB

Download
memory/2660-1611-0x0000019726B20000-0x0000019726B2A000-memory.dmp

Filesize
40KB

Download
memory/2660-1607-0x0000019726A20000-0x0000019726A2A000-memory.dmp

Filesize
40KB

Download
memory/2660-1632-0x0000019730420000-0x0000019730F74000-memory.dmp

Filesize
11.3MB

Download
memory/2660-1521-0x0000019723320000-0x0000019723434000-memory.dmp

Filesize
1.1MB

Download
memory/2660-1612-0x0000019726BF0000-0x0000019726C06000-memory.dmp

Filesize
88KB

Download
memory/2660-1593-0x00000197268A0000-0x00000197268A8000-memory.dmp

Filesize
32KB

Download
memory/2660-1613-0x0000019726C10000-0x0000019726C28000-memory.dmp

Filesize
96KB

Download
memory/2660-1606-0x0000019726A10000-0x0000019726A1A000-memory.dmp

Filesize
40KB

Download
memory/2660-1597-0x00000197268B0000-0x00000197268BA000-memory.dmp

Filesize
40KB

Download
memory/2660-1605-0x0000019726A00000-0x0000019726A08000-memory.dmp

Filesize
32KB

Download
memory/2660-1604-0x0000019726AD0000-0x0000019726AE4000-memory.dmp

Filesize
80KB

Download
memory/2660-1610-0x0000019726BD0000-0x0000019726BEC000-memory.dmp

Filesize
112KB

Download
memory/2660-1479-0x0000019707660000-0x0000019707D72000-memory.dmp

Filesize
7.1MB

Download
memory/2660-1615-0x0000019726C30000-0x0000019726C38000-memory.dmp

Filesize
32KB

Download
memory/2660-1598-0x0000019726A80000-0x0000019726AA4000-memory.dmp

Filesize
144KB

Download
memory/2660-1624-0x0000019726CA0000-0x0000019726CAE000-memory.dmp

Filesize
56KB

Download
memory/2660-1617-0x0000019726BB0000-0x0000019726BBC000-memory.dmp

Filesize
48KB

Download
memory/2660-1603-0x0000019726AB0000-0x0000019726ACC000-memory.dmp

Filesize
112KB

Download
memory/2660-1618-0x0000019726C40000-0x0000019726C4E000-memory.dmp

Filesize
56KB

Download
memory/2660-1594-0x0000019726A30000-0x0000019726A80000-memory.dmp

Filesize
320KB

Download
memory/2660-1619-0x0000019726C50000-0x0000019726C58000-memory.dmp

Filesize
32KB

Download
memory/2660-1620-0x0000019726C80000-0x0000019726C96000-memory.dmp

Filesize
88KB

Download
memory/2660-1602-0x00000197269E0000-0x00000197269E8000-memory.dmp

Filesize
32KB

Download
memory/2660-1621-0x0000019726CD0000-0x0000019726CF6000-memory.dmp

Filesize
152KB

Download
memory/2660-1601-0x00000197268D0000-0x00000197268E0000-memory.dmp

Filesize
64KB

Download
memory/2660-1600-0x0000019726B30000-0x0000019726BA6000-memory.dmp

Filesize
472KB

Download
memory/2660-1622-0x0000019726C60000-0x0000019726C6E000-memory.dmp

Filesize
56KB

Download
memory/2660-1599-0x00000197268C0000-0x00000197268C8000-memory.dmp

Filesize
32KB

Download
memory/2660-1522-0x0000019723440000-0x00000197235FE000-memory.dmp

Filesize
1.7MB

Download
memory/2660-1524-0x0000019723860000-0x00000197238D6000-memory.dmp

Filesize
472KB

Download
memory/2660-1631-0x000001972F7C0000-0x000001972F8BE000-memory.dmp

Filesize
1016KB

Download
memory/2660-1609-0x0000019726B00000-0x0000019726B0C000-memory.dmp

Filesize
48KB

Download
memory/2660-1510-0x0000019709950000-0x0000019709960000-memory.dmp

Filesize
64KB

Download
memory/2660-1523-0x00000197237B0000-0x0000019723860000-memory.dmp

Filesize
704KB

Download
memory/2660-1592-0x0000019726890000-0x0000019726898000-memory.dmp

Filesize
32KB

Download
memory/2660-1625-0x0000019726CB0000-0x0000019726CBA000-memory.dmp

Filesize
40KB

Download
memory/2660-1608-0x0000019726AF0000-0x0000019726AFC000-memory.dmp

Filesize
48KB

Download
memory/2660-1586-0x0000019726820000-0x0000019726854000-memory.dmp

Filesize
208KB

Download
memory/2660-1591-0x0000019726880000-0x0000019726888000-memory.dmp

Filesize
32KB

Download
memory/2660-1579-0x00000197268E0000-0x00000197269D2000-memory.dmp

Filesize
968KB

Download
memory/2660-1590-0x0000019726870000-0x0000019726878000-memory.dmp

Filesize
32KB

Download
memory/2660-1589-0x00000197267E0000-0x00000197267EC000-memory.dmp

Filesize
48KB

Download
memory/2660-1588-0x0000019726800000-0x0000019726820000-memory.dmp

Filesize
128KB

Download
memory/2660-1587-0x00000197267A0000-0x00000197267AC000-memory.dmp

Filesize
48KB

Download
memory/2660-1616-0x0000019707660000-0x0000019707D72000-memory.dmp

Filesize
7.1MB

Download
memory/2660-1525-0x00000197238E0000-0x0000019723950000-memory.dmp

Filesize
448KB

Download
memory/2660-1526-0x0000019723300000-0x000001972330A000-memory.dmp

Filesize
40KB

Download
memory/2660-1499-0x0000019722610000-0x00000197226E4000-memory.dmp

Filesize
848KB

Download
memory/2660-1578-0x00000197267C0000-0x00000197267DA000-memory.dmp

Filesize
104KB

Download
memory/2660-1543-0x00000197241A0000-0x00000197241B4000-memory.dmp

Filesize
80KB

Download
memory/2660-1539-0x0000019724080000-0x0000019724092000-memory.dmp

Filesize
72KB

Download
memory/2660-1527-0x00000197232F0000-0x00000197232FA000-memory.dmp

Filesize
40KB

Download
memory/2660-1541-0x0000019723E70000-0x0000019723E7E000-memory.dmp

Filesize
56KB

Download
memory/2660-1542-0x00000197240A0000-0x00000197240AA000-memory.dmp

Filesize
40KB

Download
memory/2660-1540-0x0000019723E60000-0x0000019723E6E000-memory.dmp

Filesize
56KB

Download
memory/2900-721-0x000001CCAC9F0000-0x000001CCACB0D000-memory.dmp

Filesize
1.1MB

Download
memory/5064-1481-0x0000000000400000-0x000000000067A000-memory.dmp

Filesize
2.5MB

Download
memory/5064-909-0x00000000022F0000-0x0000000002430000-memory.dmp

Filesize
1.2MB

Download
memory/5064-914-0x00000000022F0000-0x0000000002430000-memory.dmp

Filesize
1.2MB

Download
memory/5064-924-0x0000000002F10000-0x0000000003050000-memory.dmp

Filesize
1.2MB

Download
memory/5064-904-0x00000000022F0000-0x0000000002430000-memory.dmp

Filesize
1.2MB

Download
memory/5064-919-0x00000000022F0000-0x0000000002430000-memory.dmp

Filesize
1.2MB

Download
memory/5064-1391-0x0000000000400000-0x000000000067A000-memory.dmp

Filesize
2.5MB

Download
memory/5064-1509-0x0000000000400000-0x000000000067A000-memory.dmp

Filesize
2.5MB

Download
memory/5064-1392-0x0000000002F00000-0x0000000002F0E000-memory.dmp

Filesize
56KB

Download