fa5ee58d75ac53d048c9cac277fe6f5d99e71fe14295b0fe9b25bcf8aa9b5d69

Analysis

max time kernel
77s
max time network
79s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/06/2023, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VoxalVoiceChanger (1).exe
Size

1.5MB
MD5

4e35dbe25ed69344678ed1c1efd25446
SHA1

634ab87acd879650618a85bfc9d2fecd59d564cb
SHA256

fa5ee58d75ac53d048c9cac277fe6f5d99e71fe14295b0fe9b25bcf8aa9b5d69
SHA512

9c3b86ede8b5ebc9cb079c87b00a0cbb85b6ececae35eb2b56438598fefc034cef513bfdfff1767ba887494ad88edf770232af280eb650e34189703317df5a73
SSDEEP

24576:f1lUPDkN3CsCzHSRvqhp1ESYmmc3R9Zc3uunHZELXipffrBLYtXuCdGavk8s:NSa3CsCzavI1xYmmaFczn5tffrBLPCKn

Score

8^/10

discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SET2E52.tmp	voxaldriverinstallerx64.exe
File created	C:\Windows\system32\DRIVERS\SET2E52.tmp	voxaldriverinstallerx64.exe
File opened for modification	C:\Windows\system32\DRIVERS\voxaldriverx64.sys	voxaldriverinstallerx64.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\VoxalInstall = "C:\\Users\\Admin\\AppData\\Local\\Temp\\VoxalVoiceChanger (1).exe"	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx86.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Fairy.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Frankenstein.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Heroic.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Male.voxal	nchsetup.exe
File opened for modification	C:\Program Files (x86)\NCH Software\Voxal\voxal.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx86.sys	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\categories.voxalcat	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Components\mp3el\498__wt	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx86.inf	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Cartoon.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Cyborg.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Stadium Announcer.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx64.inf	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx64.cat	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Cave Monster.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Goblin.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Protocol Droid.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx86.cat	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Klaxon.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Super Villain.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Demon.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Big Guy.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Concert Hall.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Ethereal.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Lost in Space.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Bathroom.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Normal.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Darth Vader.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Components\zlib1v3\zlib1.dll	zlib1v3.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Dracula.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Old Male.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\mp3enc.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx64.sys	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\AM Radio.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Angel.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Squeaky.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxal.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Hangar.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Impossible.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Pirate.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Grand Canyon.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Telephone.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Female.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Jumpin' Jack.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Stuck in a Well.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Female 2.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\CB Radio.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Chipmunk.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Female 3.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Geek.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Male 2.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Old Woman.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Pixie.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Astronaut.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\voxalsetup_v8.00.exe	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Cave.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Jellyfish.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Robot.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Voxal\Announcer.voxal	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Components\zlib1v3\__wt	zlib1v3.exe
File created	C:\Program Files (x86)\NCH Software\Components\mp3el\mp3enc.exe	nchsetup.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	voxaldriverinstallerx64.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	rundll32.exe

Executes dropped EXE 5 IoCs

pid	Process
1920	nchsetup.exe
948	zlib1v3.exe
1388	voxaldriverinstallerx64.exe
1484	voxal.exe
268	voxal.exe

Loads dropped DLL 29 IoCs

pid	Process
1192	VoxalVoiceChanger (1).exe
1192	VoxalVoiceChanger (1).exe
1192	VoxalVoiceChanger (1).exe
1192	VoxalVoiceChanger (1).exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1256	Process not Found
1256	Process not Found
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe
1920	nchsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\cdofile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19"	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.m4v	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.mpeg\Shell	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\webpfile\Shell	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\nrwfile\Shell\NCHslideshow\ = "Create slideshow"	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\sr2file\Shell\NCHslideshow\command	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\wpsfile\Shell\NCHconvertdoc	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nch.voxal\shell\open	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.voc\Shell\NCHconvertsound\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Switch \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\srwfile\Shell\NCHconvertimage\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Pixillion \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\erffile\Shell\NCHslideshow\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind PhotoStage \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.aiff\Shell\NCHeditsound\command	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\ds2file\Shell\NCHconvertsound	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.divx\Shell\NCHeditvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind VideoPad \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.m2ts\Shell\NCHeditvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind VideoPad \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.mkv	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\sr2file\Shell\NCHslideshow\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind PhotoStage \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.3g2\Shell\NCHeditvideo	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.divx\Shell\NCHeditvideo\ = "Edit video file"	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.mov	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.ts\Shell\NCHconvertvideo\command	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\srffile\Shell\NCHslideshow\ = "Create slideshow"	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\htmlfile	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.m4a\Shell\NCHconvertsound	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.m2ts\Shell\NCHconvertvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Prism \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\tgafile	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\dngfile\Shell\NCHslideshow\command	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\wpsfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19"	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.vob\Shell\NCHeditvideo	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.voc\Shell\NCHconvertsound	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.3gp	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.mpg\Shell\NCHeditvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind VideoPad \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.mpeg2\Shell\NCHconvertvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Prism \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\arwfile\DefaultIcon	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\AcroExch.Document\Shell	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\deprojfile\shell\open\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Disketch \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.aac\Shell\NCHconvertsound\command	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.m2ts\Shell\NCHconvertvideo	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\arwfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\cdofile\ = "Unhandled Extension Handler Finder"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\nppfile\shell\open\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind ExpressPoints \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.ogv\Shell\NCHconvertvideo	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\crwfile\Shell	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\raffile\Shell\NCHslideshow\command	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.aac\Shell	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.shn\ = "shnfile"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\exrfile\Shell\NCHconvertimage\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Pixillion \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\jp2file\Shell\NCHconvertimage	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.webp\ = "webpfile"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\Paint.Picture\Shell\NCHslideshow\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind PhotoStage \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\voxfile\Shell\NCHconvertsound\ = "Convert sound file"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.erf\ = "erffile"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.aif\Shell\NCHconvertsound\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind Switch \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\srffile\Shell	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\nppfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19"	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.oga\Shell\NCHeditsound\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind WavePad \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\rw2file	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\jp2file\Shell\NCHslideshow\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Voxal\\voxal.exe\" -extfind PhotoStage \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\wpdfile\Shell\NCHconvertdoc	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.aac\Shell\NCHconvertsound\ = "Convert sound file"	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\bz2file\Shell\NCHextract	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.flac\Shell\NCHconvertsound\command	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\VLC.mpeg2\Shell\NCHeditvideo\command	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.srf	nchsetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1920	nchsetup.exe
1920	nchsetup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1484	voxal.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	1388	voxaldriverinstallerx64.exe
Token: SeLoadDriverPrivilege	1388	voxaldriverinstallerx64.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeRestorePrivilege	824	rundll32.exe
Token: SeLoadDriverPrivilege	1388	voxaldriverinstallerx64.exe
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1192 wrote to memory of 1920	1192	VoxalVoiceChanger (1).exe	28
PID 1920 wrote to memory of 948	1920	nchsetup.exe	29
PID 1920 wrote to memory of 948	1920	nchsetup.exe	29
PID 1920 wrote to memory of 948	1920	nchsetup.exe	29
PID 1920 wrote to memory of 948	1920	nchsetup.exe	29
PID 1920 wrote to memory of 1388	1920	nchsetup.exe	30
PID 1920 wrote to memory of 1388	1920	nchsetup.exe	30
PID 1920 wrote to memory of 1388	1920	nchsetup.exe	30
PID 1920 wrote to memory of 1388	1920	nchsetup.exe	30
PID 1388 wrote to memory of 824	1388	voxaldriverinstallerx64.exe	34
PID 1388 wrote to memory of 824	1388	voxaldriverinstallerx64.exe	34
PID 1388 wrote to memory of 824	1388	voxaldriverinstallerx64.exe	34
PID 824 wrote to memory of 1728	824	rundll32.exe	35
PID 824 wrote to memory of 1728	824	rundll32.exe	35
PID 824 wrote to memory of 1728	824	rundll32.exe	35
PID 1728 wrote to memory of 1084	1728	runonce.exe	36
PID 1728 wrote to memory of 1084	1728	runonce.exe	36
PID 1728 wrote to memory of 1084	1728	runonce.exe	36

C:\Users\Admin\AppData\Local\Temp\VoxalVoiceChanger (1).exe
"C:\Users\Admin\AppData\Local\Temp\VoxalVoiceChanger (1).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe" -installer "C:\Users\Admin\AppData\Local\Temp\VoxalVoiceChanger (1).exe" -instdata "C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe
    "C:\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe" -LQUIET -instby fiVoxal -instsvar VOXALDarkv3onLLIBInstquickoff
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    PID:948
- - C:\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe
    "C:\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe" "C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx64.inf" I
    3⤵
    - Drops file in Drivers directory
    - Drops file in Windows directory
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1388
  - - C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32 C:\Windows\system32\SETUPAPI.DLL,InstallHinfSection AddRegOnly 128 C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx64.inf
      4⤵
      Adds Run key to start application
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:824
    - - C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        5⤵
        Checks processor information in registry
        Suspicious use of WriteProcessMemory
        
        PID:1728
      - C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        6⤵
        
        PID:1084
- - C:\Program Files (x86)\NCH Software\Voxal\voxal.exe
    "C:\Program Files (x86)\NCH Software\Voxal\voxal.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1484
- - C:\Program Files (x86)\NCH Software\Voxal\voxal.exe
    "C:\Program Files (x86)\NCH Software\Voxal\voxal.exe" -installsched
    3⤵
    - Executes dropped EXE
    PID:268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:1516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x480
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\NCHSOF~1\Voxal\voxaldriverx64.sys

Filesize
54KB

MD5
0e9b2b51e0358dbabd98aa1808e56f56

SHA1
43e555a9e27944c5dc30a6c6699127a8f4a8d75e

SHA256
7af549c9c0daaeed20000388b2122ca63a1e2e7f270cbca879d34e0304e7152c

SHA512
1abc06cf3523e481047c1c0610f8c91222d30a914410eca1d04ffd8a1df37a3f276975a3d7e42a02912e3155961c4880f7cfb36d66678ae224ded584d1f7b03c

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe

Filesize
116KB

MD5
ffd6d7e8623954fbe52724ac9cf7adfc

SHA1
18dcff2813e7db744e331598cfe6af851051d390

SHA256
5b7a3bc4026a969b6c4f0ce3cf4bbd6e09f16c12e7ee1c2cb21581d023cc7e3d

SHA512
812affaca5508f3b69ecde777f1890d12325b6deb4ea2e4f841dbc39b3e7ab19209956defa952b0faaa331d89c7ad56b5f02e541f08b82f100608f5c565613a8

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe

Filesize
116KB

MD5
ffd6d7e8623954fbe52724ac9cf7adfc

SHA1
18dcff2813e7db744e331598cfe6af851051d390

SHA256
5b7a3bc4026a969b6c4f0ce3cf4bbd6e09f16c12e7ee1c2cb21581d023cc7e3d

SHA512
812affaca5508f3b69ecde777f1890d12325b6deb4ea2e4f841dbc39b3e7ab19209956defa952b0faaa331d89c7ad56b5f02e541f08b82f100608f5c565613a8

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\voxaldriverx64.inf

Filesize
2KB

MD5
49ad81a10525bf172189ba6dc87b3ec4

SHA1
47de3afde62a30a60c231441f07f39ee24dc5c84

SHA256
4f0d5559ae7ad53196aa1424efa3658b7a54098140bb642d05f1d0cc57b88a1e

SHA512
a49ff94e2ebd45581f2609466a12c39692d775fc1675403c85bae576aba48fed6ed8af6158e122587cd3386ca29ec0860d8aa998d90ac73b1d1c1937a04ff3d1

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe

Filesize
95KB

MD5
a1c1c984b1b2d2375b43fb66b3211e51

SHA1
a7fc0483d2507dfdc14cd8bf061a12551c1bd986

SHA256
db5fca90b5b3332bf06e15b4fd2a41fb4ba418e0e7f2b92a76defee0af26cedd

SHA512
bd84f65b118342b5b26085eedb71114b84b75a112f727862e43fd87d2f747243c7424b6cbffbf01e8f1aada30a65797206d60558a4c9e7d1d4d0ccbc249e7aac

Download Submit
C:\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe

Filesize
95KB

MD5
a1c1c984b1b2d2375b43fb66b3211e51

SHA1
a7fc0483d2507dfdc14cd8bf061a12551c1bd986

SHA256
db5fca90b5b3332bf06e15b4fd2a41fb4ba418e0e7f2b92a76defee0af26cedd

SHA512
bd84f65b118342b5b26085eedb71114b84b75a112f727862e43fd87d2f747243c7424b6cbffbf01e8f1aada30a65797206d60558a4c9e7d1d4d0ccbc249e7aac

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\AM Radio.voxal

Filesize
452B

MD5
31bfc502239f91edb4997f9ec9860328

SHA1
4bacd4d5ad96f62ba2630ecf234d4026c1b27b81

SHA256
91ddea5697e4563e30502be486af81d48bc5a68e62eda0a83816cfe4a1c8451c

SHA512
e2ef013abef7c7ff0176124aea16c8047f2c8855e99c99d3c86360040c495781d5439a24cbb72b00288b12bd9bda5c0ff6699171d92c3148a07d123ca56b17a0

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Alien.voxal

Filesize
339B

MD5
ae525721e867e0d31074f0c21c209340

SHA1
30709a728ca9be154c0167113531ff0942dd8625

SHA256
3244a3d85a5967d24ba2c0fdcd07ef02c1648608211dc588de4b2ed9d68a99db

SHA512
1cfefc6e6d98e87fcd45f2d39d010dae71878b81d963f51f3476ac99a45499f1dc82d3d100e4f043f9aeb6fd6fa061eed970122f547895609ab9ee24ac0d68f7

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Angel.voxal

Filesize
587B

MD5
dfdd18cb67b436a74d8f509d104daa8a

SHA1
6e47c5d6e1f9ee057e14984b8a81dbb64218cf60

SHA256
51c46ad26577dff7945ff5ea64cd612d9ed98b4fde139e4938861b5b8962b859

SHA512
10eb8a79f5741b95ac4e9d46c17b3e6971a6ede976db45b0cfa50ed3a7fa5e41e60669beb8ed3f4c787f6815e1baec75d1c0c17ab2a5fd48328af1eb0dac2aeb

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Announcer.voxal

Filesize
473B

MD5
b851080d2a5f691a5f80460b23dd1748

SHA1
58c4a17b387c814dfa82aff0cb9f0e781c7c5fc1

SHA256
ce3d4e32d2be35194cbed06f9bed4112fb69bb6bf3bad4f8dd94d2efcf264725

SHA512
504f2c17962faa5b3effc3f30744774934c421eeaa3d7833c9596d74e8be2f5de14f08218afa3c165911414b0bcb7099560e7d7186c422b63d0acdcb0a7154e2

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Astronaut.voxal

Filesize
355B

MD5
3992667992265d6edfadc5668b308e9e

SHA1
f1c94aa25a9b9bc18768085d3b71feafae4dc856

SHA256
272879bd8579b0821106e4bb0193c921505241210264fa573f78815638d36ff2

SHA512
36c60699414be2d6872bd0e672649c6e21bcaa3b8365fc21e823fe2a3cba459cdcfd00c0d2997fbeeb574d0c4b5d8b00bfc03825bc75f879955a13c4e31f1a5a

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Auditorium.voxal

Filesize
204B

MD5
4c164bf12916aa74ededb3dd5d455de5

SHA1
9fff9b8d509d8fbf467a3b0ec9182b71ae35ce4a

SHA256
c0fecad43620b5130c5a2141a1f2a34718ca9ce209fa36c5f825e3e1e9ac52d1

SHA512
7c6b3a17cc45862eb3961452e6ec0e7b0be202ed74a16df0f086af8faf0507598f4836c49df88dadfc1d0293b7b553a818240bd6428e1a437d78df148e360f52

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Bathroom.voxal

Filesize
273B

MD5
a91db6a951a5d443b043b44077f2d172

SHA1
5ff51092436f34499b5f44515bdebfac70b53595

SHA256
190ff6cf7dda8df2666727745a69b98f458b3b4c91ac2ce6a0d5c079b2d9f798

SHA512
9160da8d6db81d4579fee3e957c5161a0a82d21fd6a67cd81b8c2d7e07145cdd177092bd5e0c4b5645f67d9603375279edb136fc733c02f67ba6d0c2d7a57a02

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Big Guy.voxal

Filesize
304B

MD5
87efbdbbda1a71be9466dc871a829941

SHA1
2fdff76e46ac29c0c1bd0891c130584b2818df25

SHA256
da2d7d7f23ecf80d18ca1ff0aa5178bfcb3515e9aee10a9306476cb73a151136

SHA512
71c68cd93c8dec5055bea179a4e2a5a9a5c742c249af28beda5582cf447ebc15ee1001c919a7e3a781a5dcb2053f6ebc5bff6029c0f16891b45918e31f7e162d

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\CB Radio.voxal

Filesize
377B

MD5
3ed42cf649b45a599ad422bde3d03bce

SHA1
824d58da234f609aaa6becf31d74b2eeecff854f

SHA256
005fe3921e48a4a08d17bee3a11f3f3f52043ef125028c74034d0109a58f2d61

SHA512
8e63e16b2dc90187ebf85bb6b3d48cee370a98840e0850ba8b03f194826e28eb86e62c9723304356cf0cd0737cd402de0cd3a6841ffdc9d26cf10b0bbcf4f2ba

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Cartoon.voxal

Filesize
433B

MD5
6d90671ef87dee92c852e0cd1ddac886

SHA1
ac8e4a1d7bb17c4aba6b7d50cec85b6526a95496

SHA256
c31a8b2c2f0838ca92f3fa6106c08924a29d1403b4749bcab2b0ceae9c9fb885

SHA512
bf8c183f47019061781a82b9246fa72a6cbba8cf655f39200a6b49692fd0a8436b8c7fe34131effd2dd68a643733c9dca0f99b712eaa1acbfb8b4919005b932c

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Cave Monster.voxal

Filesize
707B

MD5
d1c73e99b7e952ed0bd923c2b1fa71f4

SHA1
2b8459f386100e97ae90c5582cf4f337b70e9ed1

SHA256
82e165ce28484d69b254bd88eda96244ee208a8cf2d4485e1ce971a9201493c1

SHA512
02760dc3cf1e1f4caa67ba0f5a2322a81aeed125f6e2d0ba3b0ad97118ac33bbaafe17cec422b657ae13347b0979a1b5ef91a3379031b99185f7e5447f7d0f65

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Cave.voxal

Filesize
374B

MD5
0166e805535c27c6f3c8c998d3db6f77

SHA1
f841ce3755c7d31441244b75772e129de9556732

SHA256
2cf13001e119cd27497e6eacf498bf12667ee696062e02f94d1c333b931cf6f5

SHA512
fdecca704faa5a9ec9666def29ba390f0c11cc231927afc1f63885733be2508efc93d0217416fe2222174eed8c4286d9d5bd2aea2c5b4d35241b1a5272301314

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Child.voxal

Filesize
448B

MD5
ce41c11ee1ec0be0a3eb3ff336f10859

SHA1
0498eac741d25040d0f65d2c70766314fab77339

SHA256
aa0bd025198afa5a2dee1a98a0209463a87659b0e10663adfe77c483aac125a0

SHA512
ebeffaee5da177c6b909e3eeaf0d65ae002661f6c141ea25c5f159892fa40479f25e9b9c83230530d56ff2c87e962b5323430c3b150f3b62d14255e65839ea1b

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Chipmunk.voxal

Filesize
231B

MD5
900873244034430edd6cf1fc283abc54

SHA1
6874a63591dbb4ffc5b0be80d6ca003c1db1d1b4

SHA256
bc01d1e7785ab77eb9b439249a096b7ba4ec9faaccc706384d633b1483323a0f

SHA512
1de179ed52811c26a86cdff2fc1bc8e28f0ac395a9ffca1922290d3c406f3a16407fad42fa0d155a76dae256d0446befde3b3a5adaf53190cdfcad77e17dfeb5

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Concert Hall.voxal

Filesize
486B

MD5
f6be420042ebd0d962f7ddd429651d77

SHA1
17933c67ccb644f6bf7d14eb4cdf8010c1a75ff9

SHA256
23ecfffd56f840894b7a437297ef3f5974455f026e84083f487e2052ea09f6a5

SHA512
f4afbf8b267f20f750594ea038fdc73ad429353f81171415f23f7e1da2dcce61e480bb77113db77d16395aa4addee3f2372f298fae4499ea025896abc06c99db

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Cyborg.voxal

Filesize
424B

MD5
6304e3aa27417b488c392e00f69bef07

SHA1
b2a7ab7f8a3da482af61a2fc07c06fe6d4ff6590

SHA256
f868b60faa9b8428ce48d04cd77feb37d8de10b2c92f70301d59f00aeffce1c7

SHA512
4340e9171853fbce9907f91e24f54c41b42013729a5a466d6f14256c28a855b4064ef31d1b8ca41a5e4246fdb6d3d0ed06b09e59205fbcca57ac1955571023f1

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Darth Vader.voxal

Filesize
270B

MD5
3fb746cb8ab2f70538a408809cf92fa4

SHA1
f8ea4502287088f79ba1c6621145ef1e6cadbb25

SHA256
f8a3559029fabc46eff32eda7acfe9a36b3e7121c28b5c0ca25deb92080af4a7

SHA512
86650f6ccf52f62565c0f3aa8f9a95b7b442533313595ea003c2c68b9e5aff6e9d20e5ebb344c7c95e39e43f05a342fd70c317f77543db52eeb91468adaa4614

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Demon.voxal

Filesize
494B

MD5
cbcd84641b9d84896afc0739cd59aacb

SHA1
dc5596c8397c30c6a5161fa54720715b822c77af

SHA256
560739b2cb2a9fa69d7b78afe31596a5a303de9df90a3bc729f70feb017af3be

SHA512
bc14687a36f200c9bf99b1738e55b2522b67774d210cdbdba279a5ebaf8cfcc353542b954b53844be53ca646eae31639dcd989373101db0c4ff99f6a15ffb48f

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Dracula.voxal

Filesize
494B

MD5
e5d17e19858f6090fceda8f33d848f7b

SHA1
ccca4291c3ab4fb2907f01fac0e43c1136252a50

SHA256
371ec5e7ae72e8b424b1bb415f84504d1f283645d9a483545fe528418682df04

SHA512
837b8fe21f9b2610490c781fdbaa272842b04c7b3f00ac1cf3630f97097c578942f41ce180ca9228f12d8ad71a5b477900bc212bfbaf47e04622caa687ac11fa

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Ethereal.voxal

Filesize
726B

MD5
f97ac47cd5bfa24f423623a177cdd6ca

SHA1
8c8bb1ba0de42648b1dead012b4fb5950fa013a6

SHA256
7ce213edf0099e23a512df8d2348024aad5298104448517b0d2e14c89870cb18

SHA512
0dd81ec5f0288e0fe74030fe0aebc50731de1ab007163ccb2eec9d59bdfc46d4382ed2b1054e1977aa229efa5a10fd0377c0e5f37e6d811730911b96e0489b7a

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Fairy.voxal

Filesize
457B

MD5
243558388e906b4f416521ec8ad1b315

SHA1
2982f87e86ee0bfeee15162b5aef263e4c92e975

SHA256
cc4f6cabcf48eb1420408adbf7cacb148a7ce941d980214d66b2ad0dfc9d83e0

SHA512
2298c839fc5afd61ed471faa96c13659232ec70ac45b2dc79652cc68f488df52ab867d808e5e82faee5df7803ac5371e6e9825d7bbf86b95b6500b13d6841f9b

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Female 2.voxal

Filesize
448B

MD5
92da3522880b31137b5eef296b4e0099

SHA1
863a5b36d419d5f2f873c987f05824ae950d1686

SHA256
3072f7b3daa07bee179232e5a303cb6b4aebc45a3dddb116457b2dfa2c7d5ece

SHA512
6dd83c11bf5a8ba7a2150b55fa216e73a96b3c62e931856bfd3e0447853038771b94401a756710a62384a142557cfe401e51cfd15335e6e16e8a8b687c93ac9d

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Female 3.voxal

Filesize
222B

MD5
6c2f8a04ebce7758bbbb4f62d9147ec2

SHA1
3a4efb953341619ca97fbc24759561132eda4689

SHA256
1bcd784c92303770bd5fe3e0fe78a6bfccce49b0e99ef3bd88a2769aa88b4aa1

SHA512
1987fdfc7ec8b0b8706ccba309d30241b5f2f7691f2ad57f7d0c1057e876f1d180f0b16ae1acf720a5013ebc52ace5b197f2bce29fdcb733d98e580dce5d7418

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\Female.voxal

Filesize
222B

MD5
f751a879cc40a2a7039ced7e13fd15c3

SHA1
0b4683c03735ef3e7133b1486c45c87d20f552a8

SHA256
aee838e593b7085e9b2cd1913bc906d9e913d5ba83c042a2b7ec56f8526f7e38

SHA512
8644a6f02651932cf336fe90c2472ef74082c542c35302bfed2202fdc57bc33a4156764e34842bc353b2b1ece5d759e9216838866469ae8559eb039eda5e3570

Download Submit
C:\ProgramData\NCH Software\Voxal\Voices\categories.voxalcat

Filesize
259B

MD5
efa35503a4a285fb31fd1f9bc065b5a3

SHA1
026a554aba67d459b91c98695da997317e3bb06f

SHA256
0c4793e04992828e3e53dd749c601f90a1a9000552374691e93c625da9aa668b

SHA512
ce3163605c2d25f3757861216afa65c497f9d460e57addab7bef3337204124914dbe4d8050f13c6adc6351c7db289255f04e9d442057cef356b80b283d10989d

Download Submit
C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat

Filesize
587KB

MD5
0925c703822205d99c0e6329308cc7ea

SHA1
ea6885af1c6fc0b8da52feb07d6393a3a5a5798f

SHA256
256b53baaad3ede2d36da7f0ce146c4653981adee9b8088274c0f21def6be138

SHA512
2a5a4a37dd8899acb7a3093f7928e5c7fdbeb9a0c41903f84aa48a980a5ebe9216859e5f839b24d7caa0a24de50cf76ddeef95296ed8c9e5da72dd30131c68b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxal.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe

Filesize
116KB

MD5
ffd6d7e8623954fbe52724ac9cf7adfc

SHA1
18dcff2813e7db744e331598cfe6af851051d390

SHA256
5b7a3bc4026a969b6c4f0ce3cf4bbd6e09f16c12e7ee1c2cb21581d023cc7e3d

SHA512
812affaca5508f3b69ecde777f1890d12325b6deb4ea2e4f841dbc39b3e7ab19209956defa952b0faaa331d89c7ad56b5f02e541f08b82f100608f5c565613a8

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe

Filesize
116KB

MD5
ffd6d7e8623954fbe52724ac9cf7adfc

SHA1
18dcff2813e7db744e331598cfe6af851051d390

SHA256
5b7a3bc4026a969b6c4f0ce3cf4bbd6e09f16c12e7ee1c2cb21581d023cc7e3d

SHA512
812affaca5508f3b69ecde777f1890d12325b6deb4ea2e4f841dbc39b3e7ab19209956defa952b0faaa331d89c7ad56b5f02e541f08b82f100608f5c565613a8

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe

Filesize
116KB

MD5
ffd6d7e8623954fbe52724ac9cf7adfc

SHA1
18dcff2813e7db744e331598cfe6af851051d390

SHA256
5b7a3bc4026a969b6c4f0ce3cf4bbd6e09f16c12e7ee1c2cb21581d023cc7e3d

SHA512
812affaca5508f3b69ecde777f1890d12325b6deb4ea2e4f841dbc39b3e7ab19209956defa952b0faaa331d89c7ad56b5f02e541f08b82f100608f5c565613a8

Download Submit
\Program Files (x86)\NCH Software\Voxal\voxaldriverinstallerx64.exe

Filesize
116KB

MD5
ffd6d7e8623954fbe52724ac9cf7adfc

SHA1
18dcff2813e7db744e331598cfe6af851051d390

SHA256
5b7a3bc4026a969b6c4f0ce3cf4bbd6e09f16c12e7ee1c2cb21581d023cc7e3d

SHA512
812affaca5508f3b69ecde777f1890d12325b6deb4ea2e4f841dbc39b3e7ab19209956defa952b0faaa331d89c7ad56b5f02e541f08b82f100608f5c565613a8

Download Submit
\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe

Filesize
95KB

MD5
a1c1c984b1b2d2375b43fb66b3211e51

SHA1
a7fc0483d2507dfdc14cd8bf061a12551c1bd986

SHA256
db5fca90b5b3332bf06e15b4fd2a41fb4ba418e0e7f2b92a76defee0af26cedd

SHA512
bd84f65b118342b5b26085eedb71114b84b75a112f727862e43fd87d2f747243c7424b6cbffbf01e8f1aada30a65797206d60558a4c9e7d1d4d0ccbc249e7aac

Download Submit
\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe

Filesize
95KB

MD5
a1c1c984b1b2d2375b43fb66b3211e51

SHA1
a7fc0483d2507dfdc14cd8bf061a12551c1bd986

SHA256
db5fca90b5b3332bf06e15b4fd2a41fb4ba418e0e7f2b92a76defee0af26cedd

SHA512
bd84f65b118342b5b26085eedb71114b84b75a112f727862e43fd87d2f747243c7424b6cbffbf01e8f1aada30a65797206d60558a4c9e7d1d4d0ccbc249e7aac

Download Submit
\Program Files (x86)\NCH Software\Voxal\zlib1v3.exe

Filesize
95KB

MD5
a1c1c984b1b2d2375b43fb66b3211e51

SHA1
a7fc0483d2507dfdc14cd8bf061a12551c1bd986

SHA256
db5fca90b5b3332bf06e15b4fd2a41fb4ba418e0e7f2b92a76defee0af26cedd

SHA512
bd84f65b118342b5b26085eedb71114b84b75a112f727862e43fd87d2f747243c7424b6cbffbf01e8f1aada30a65797206d60558a4c9e7d1d4d0ccbc249e7aac

Download Submit
\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
b1b318d9d23c93535fa177239094fdf2

SHA1
053456d8b2f40eae4fabb60f5f3bedacc2c21f97

SHA256
62ad82cceed22563c54cceffd86e203ac9ca0667fe89d9e01f6148dcc33d47f0

SHA512
14c2dbeb4711c9613c92f8107f8cffbfc928fa2243f62de86129ce1013809eae9f284e0f3d5a8b83c0e128cb468560b5dd9889a61da591ba2c6c9ecb6f81926b

Download Submit
memory/1920-76-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download