1f99c907966636e8e0712d4171078ef3ad5f2fc838d690df1e17139e5744a20f

Analysis

max time kernel
23s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

supervoicechanger-9-7-6-6.exe
Size

4.7MB
MD5

4b6b68dc27bc111303202b5984c7e4a7
SHA1

8bba5052ee13a9158a34892e4c8b1e9526d3b4cc
SHA256

1f99c907966636e8e0712d4171078ef3ad5f2fc838d690df1e17139e5744a20f
SHA512

047adf89ae49df27e14bbd8adf261c7fc631e02063fafa2a358fa178810c560254e58b21793074ba5b5defbc9ed2f91c0eb39739f4d777dc4bc3238a4f8b89a9
SSDEEP

98304:Z60sgkACFDbaIjl5ydTJEr0hIJ4xc789LgkbbLqeqO9CW1X:kDDFpA5JErJZw9L7P+TO9LB

Score

9^/10

discovery evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SuperVoiceChanger.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SuperVoiceChanger.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SuperVoiceChanger.exe

Executes dropped EXE 3 IoCs

pid	Process
2308	supervoicechanger-9-7-6-6.tmp
2036	SuperVoiceChanger.exe
224	SoundHelper.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Wine	SuperVoiceChanger.exe

Loads dropped DLL 1 IoCs

pid	Process
2036	SuperVoiceChanger.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SuperVoiceChanger.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2036	SuperVoiceChanger.exe

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-0NL00.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-6L6UB.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SuperVoiceChanger.exe	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-HJHIB.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-PE0PN.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-SC50U.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-6REV4.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-NKG3T.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-5J8HD.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-V98EO.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\animal\is-92P73.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-PGK7P.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundRecorder.exe	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-QU41N.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-2GD47.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-A4Q1H.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundLoader64.exe	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-6L3C8.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-L222C.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-B9OQS.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-9PA56.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-9B9R8.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-1JJG1.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-AATBU.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundSafeSpace.dll	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-HFKQV.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-TJMO9.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-66TP2.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-2DD4H.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-S8O1A.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-LLESH.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundHelper.exe	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-9DVBH.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SafeSoundCapture32.dll	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SafeSoundCapture64.dll	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-I1CPH.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-LLJ38.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\human\is-7O6DJ.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-C9H64.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-JA3QD.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-DTV07.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\nature\is-NPHA0.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-B2U7T.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-O336H.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\human\is-1ULVC.tmp	supervoicechanger-9-7-6-6.tmp
File opened for modification	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\unins000.dat	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-MQSC9.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\is-SA18T.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-4O9PG.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-6RCUQ.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\animal\is-VA4S7.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\nature\is-S1FEK.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-3U3DM.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-OGOQK.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\unins000.dat	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-E1KUQ.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-VU7R9.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\res\is-HAMMT.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\animal\is-KHB13.tmp	supervoicechanger-9-7-6-6.tmp
File created	C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\sounds\is-7NH07.tmp	supervoicechanger-9-7-6-6.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2308	supervoicechanger-9-7-6-6.tmp
2308	supervoicechanger-9-7-6-6.tmp
2036	SuperVoiceChanger.exe
2036	SuperVoiceChanger.exe
2036	SuperVoiceChanger.exe
2036	SuperVoiceChanger.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2308	supervoicechanger-9-7-6-6.tmp
2036	SuperVoiceChanger.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2036	SuperVoiceChanger.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2036	SuperVoiceChanger.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 2308	3168	supervoicechanger-9-7-6-6.exe	85
PID 3168 wrote to memory of 2308	3168	supervoicechanger-9-7-6-6.exe	85
PID 3168 wrote to memory of 2308	3168	supervoicechanger-9-7-6-6.exe	85
PID 2308 wrote to memory of 2036	2308	supervoicechanger-9-7-6-6.tmp	91
PID 2308 wrote to memory of 2036	2308	supervoicechanger-9-7-6-6.tmp	91
PID 2308 wrote to memory of 2036	2308	supervoicechanger-9-7-6-6.tmp	91
PID 2036 wrote to memory of 224	2036	SuperVoiceChanger.exe	96
PID 2036 wrote to memory of 224	2036	SuperVoiceChanger.exe	96
PID 2036 wrote to memory of 224	2036	SuperVoiceChanger.exe	96

C:\Users\Admin\AppData\Local\Temp\supervoicechanger-9-7-6-6.exe
"C:\Users\Admin\AppData\Local\Temp\supervoicechanger-9-7-6-6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Users\Admin\AppData\Local\Temp\is-TCS49.tmp\supervoicechanger-9-7-6-6.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TCS49.tmp\supervoicechanger-9-7-6-6.tmp" /SL5="$A006C,4665430,58368,C:\Users\Admin\AppData\Local\Temp\supervoicechanger-9-7-6-6.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SuperVoiceChanger.exe
    "C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SuperVoiceChanger.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2036
  - - C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundHelper.exe
      "C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundHelper.exe" -StartBySuperVoiceChanger
      4⤵
      Executes dropped EXE
      PID:224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x478
1⤵
PID:4864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundHelper.exe

Filesize
64KB

MD5
07a0e51a874bd21799949da783dc8a2b

SHA1
5dc6bcd3b8cc5b064132d5e9ba318b3fcccdc0f0

SHA256
705724176b658a64e9fc0dcd07ce33cb15e2364c6cb5f530c35541adb76e54b1

SHA512
d342bbead9045c380ac9a7dbfb660c1bc7c84f39c18438fe863ffd6c2a595652e9075644986a0fbd974809c4e2af71ab3b3786d41d95d88da4c4c53d90248a9f

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundHelper.exe

Filesize
64KB

MD5
07a0e51a874bd21799949da783dc8a2b

SHA1
5dc6bcd3b8cc5b064132d5e9ba318b3fcccdc0f0

SHA256
705724176b658a64e9fc0dcd07ce33cb15e2364c6cb5f530c35541adb76e54b1

SHA512
d342bbead9045c380ac9a7dbfb660c1bc7c84f39c18438fe863ffd6c2a595652e9075644986a0fbd974809c4e2af71ab3b3786d41d95d88da4c4c53d90248a9f

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundSafeSpace.dll

Filesize
2.0MB

MD5
e4e7227128771ef7723f53a66595d87e

SHA1
a8e90368e5cf914fde9d47f25118def13fb5cd71

SHA256
99df6d720e26ad68cae894ede7e3ad67d558103bf53d124806ec56d96fa37a0f

SHA512
8d391f547d5224136318cbdadbf0f6ee17f8ac5414a8b61b7efd7a1fdd8b4f95e7641c557f5942b885d16af2f6678956e4ef7c6d868558d4ab122df2bdea733d

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SoundSafeSpace.dll

Filesize
2.0MB

MD5
e4e7227128771ef7723f53a66595d87e

SHA1
a8e90368e5cf914fde9d47f25118def13fb5cd71

SHA256
99df6d720e26ad68cae894ede7e3ad67d558103bf53d124806ec56d96fa37a0f

SHA512
8d391f547d5224136318cbdadbf0f6ee17f8ac5414a8b61b7efd7a1fdd8b4f95e7641c557f5942b885d16af2f6678956e4ef7c6d868558d4ab122df2bdea733d

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SuperVoiceChanger.exe

Filesize
456KB

MD5
3c0ac8c32b4f49b060b4f1bccb623864

SHA1
cebd428c0b17a58a1a11b5e2ae0aea1500c9e42b

SHA256
3297ad24c56b2f62e2b2ac564cc11cbbc1839e8ce073daf00b4b1a87540c8320

SHA512
42dd25c71aff1ab538b2cd02301fc44d4b35f5cc1fb7de04ec051290e7ff1d117d23a329ed7055e7ef8b8092ffc7dba54d494c6db201b73614771686a5e1174c

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SuperVoiceChanger.exe

Filesize
456KB

MD5
3c0ac8c32b4f49b060b4f1bccb623864

SHA1
cebd428c0b17a58a1a11b5e2ae0aea1500c9e42b

SHA256
3297ad24c56b2f62e2b2ac564cc11cbbc1839e8ce073daf00b4b1a87540c8320

SHA512
42dd25c71aff1ab538b2cd02301fc44d4b35f5cc1fb7de04ec051290e7ff1d117d23a329ed7055e7ef8b8092ffc7dba54d494c6db201b73614771686a5e1174c

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\SuperVoiceChanger.exe

Filesize
456KB

MD5
3c0ac8c32b4f49b060b4f1bccb623864

SHA1
cebd428c0b17a58a1a11b5e2ae0aea1500c9e42b

SHA256
3297ad24c56b2f62e2b2ac564cc11cbbc1839e8ce073daf00b4b1a87540c8320

SHA512
42dd25c71aff1ab538b2cd02301fc44d4b35f5cc1fb7de04ec051290e7ff1d117d23a329ed7055e7ef8b8092ffc7dba54d494c6db201b73614771686a5e1174c

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\config.xml

Filesize
6KB

MD5
ad3b141ea0b9dc5273c407105048701c

SHA1
b3b70422b5cc1ddcea944854008591b81bdb6c27

SHA256
ba091c817207369e7036a5452eeacce303caf62202cf2dfcfc61075b967f8cb6

SHA512
e8b444064b7e67ac1647e154054f3b6b77b92d7253ca66e216e89401a9faddd71c3dd662d1c44d3fbef1da09c1e67a4439a15f6b541c6f872320a75911c98561

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\soundcore.dat

Filesize
2.0MB

MD5
413434eb5e2b736889fea6115b6c4773

SHA1
76b9261ddf3a26df39805b16b9f996238982004a

SHA256
5ad5f362151c40ac69f3a9dacdb9cc51d940761dfd64d9241dafc43cf240bb26

SHA512
c397a13574c587810a5c4c053d3ad371d1ece9fc775696bf0fc2712dda3ae9f2a086be7ff53204ff9e9293247e8c4c123173878951ae1737868de248f5d7a208

Download Submit
C:\Program Files (x86)\SuperVoiceChanger\9.7.6.6\voicepacket\animal\is-92P73.tmp

Filesize
130KB

MD5
888a0b6408b50905ba81c55731ad6a6f

SHA1
01db640791d53d6f72d638e2c6a3271c3341d708

SHA256
88b542a658a00cdbbd6a2193af1b1143c8f1af4dccbd912978cbd4bfc420aac0

SHA512
0c53d42684905205b4eb2d59a4306530a5e0da02827aefe1c25c8d9850922e97db4f5efad83246e460316c53140f38c9cee1da11a6d0f1b7414f3a9d735c5d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TCS49.tmp\supervoicechanger-9-7-6-6.tmp

Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TCS49.tmp\supervoicechanger-9-7-6-6.tmp

Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
memory/2036-262-0x00000000047A0000-0x00000000047A1000-memory.dmp

Filesize
4KB

Download
memory/2036-256-0x0000000010000000-0x00000000104FC000-memory.dmp

Filesize
5.0MB

Download
memory/2036-291-0x0000000004DB0000-0x0000000004DC3000-memory.dmp

Filesize
76KB

Download
memory/2036-260-0x0000000004740000-0x0000000004741000-memory.dmp

Filesize
4KB

Download
memory/2036-261-0x0000000004790000-0x0000000004791000-memory.dmp

Filesize
4KB

Download
memory/2036-263-0x0000000004750000-0x0000000004752000-memory.dmp

Filesize
8KB

Download
memory/2036-290-0x0000000004D90000-0x0000000004DA4000-memory.dmp

Filesize
80KB

Download
memory/2036-264-0x0000000004720000-0x0000000004721000-memory.dmp

Filesize
4KB

Download
memory/2036-265-0x0000000004780000-0x0000000004781000-memory.dmp

Filesize
4KB

Download
memory/2036-266-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/2036-267-0x0000000004730000-0x0000000004731000-memory.dmp

Filesize
4KB

Download
memory/2036-268-0x00000000047E0000-0x00000000047E1000-memory.dmp

Filesize
4KB

Download
memory/2036-288-0x0000000010000000-0x00000000104FC000-memory.dmp

Filesize
5.0MB

Download
memory/2036-258-0x0000000010000000-0x00000000104FC000-memory.dmp

Filesize
5.0MB

Download
memory/2036-281-0x0000000004800000-0x0000000004801000-memory.dmp

Filesize
4KB

Download
memory/2036-273-0x0000000004850000-0x0000000004851000-memory.dmp

Filesize
4KB

Download
memory/2036-274-0x00000000047D0000-0x00000000047D1000-memory.dmp

Filesize
4KB

Download
memory/2036-275-0x00000000047F0000-0x00000000047F1000-memory.dmp

Filesize
4KB

Download
memory/2036-276-0x00000000047C0000-0x00000000047C1000-memory.dmp

Filesize
4KB

Download
memory/2036-278-0x0000000004770000-0x0000000004771000-memory.dmp

Filesize
4KB

Download
memory/2036-277-0x0000000004860000-0x0000000004861000-memory.dmp

Filesize
4KB

Download
memory/2036-279-0x0000000004810000-0x0000000004811000-memory.dmp

Filesize
4KB

Download
memory/2036-280-0x00000000047B0000-0x00000000047B1000-memory.dmp

Filesize
4KB

Download
memory/2308-139-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/2308-257-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3168-133-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3168-259-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download