hxxp://google[.]com

Analysis

max time kernel
1800s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe

Executes dropped EXE 17 IoCs

pid	Process
5076	VoiceChanger64f(1.80).exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3328	VoiceAI-Installer.exe
4236	vc2019.exe
3052	vc2019.exe
1488	VC_redist.x64.exe
1316	VoiceAI.exe
4176	VoiceAI.exe
3732	VoiceAI.exe
2080	VoiceAI.exe
1704	VoiceAI.exe
1576	VoiceAI.exe
3724	VoiceAI.exe
4808	VoiceAI.exe
4540	VoiceAI.exe
4408	BsSndRpt.exe
2584	APOConfig.exe

Loads dropped DLL 64 IoCs

pid	Process
5076	VoiceChanger64f(1.80).exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3328	VoiceAI-Installer.exe
3328	VoiceAI-Installer.exe
3052	vc2019.exe
3388	VC_redist.x64.exe
1316	VoiceAI.exe
1316	VoiceAI.exe
3328	VoiceAI-Installer.exe
3328	VoiceAI-Installer.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
2080	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ = "C:\\Program Files (x86)\\ClownfishVoiceChanger\\ClownfshAPO64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2aaf1df0-eb13-4099-9992-962bb4e596d1} = "\"C:\\ProgramData\\Package Cache\\{2aaf1df0-eb13-4099-9992-962bb4e596d1}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7A9C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.inf	DrvInst.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7A9C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\voiceaidriver.inf	DrvInst.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7ABD.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}	DrvInst.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\voiceaidriver.sys	DrvInst.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7ABE.tmp	DrvInst.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7ABD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\VoiceAIDriver.cat	DrvInst.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.PNF	VoiceAI.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7ABE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\VoiceAIDriver.cat	DrvInst.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Ghost.ico	VoiceChanger64f(1.80).exe
File opened for modification	C:\Program Files\Voice.ai\AudioPX.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\de.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\AudioChanger.exe	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vst\howto.txt	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\opensource\devcon.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\ca.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\libgcrypt.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\chrome_elf.dll	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\I feel good.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\locales\ta.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall-Off.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Weird.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\locales\am.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\pt-PT.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\sr.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone-Off.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\meta	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
File created	C:\Program Files\Voice.ai\AudioPX.dll	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\River.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\onnxruntime.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\en-GB.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\lt.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\mr.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Vocoder.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\VoiceAIDriver\VoiceAIDriver.cat	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone.bmp	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Melody3.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\v8_context_snapshot.bin	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien-Off.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\tools\vc2019.exe	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\da.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\en-US.pak	VoiceAI-Installer.exe
File opened for modification	C:\Program Files\Voice.ai\VoiceAI-Installer.exe	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Robot2.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\dbgshim.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\es-419.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\gu.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast-Off.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Laugh.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\onnxruntime_providers_shared.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\libgpg-error.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\cs.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\pt-BR.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Applause.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\CefSharp.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\te.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\zh-CN.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.bmp	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow-Off.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Singer.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\cudart64_110.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\libmp3lame.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\uninstall.exe	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\locales\fil.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\sk.pak	VoiceAI-Installer.exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Chorus.ico	VoiceChanger64f(1.80).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Creepy.mp3	VoiceChanger64f(1.80).exe
File created	C:\Program Files\Voice.ai\0.vai	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\he.pak	VoiceAI-Installer.exe

Drops file in Windows directory 22 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{A181A302-3F6D-4BAD-97A8-A426A6499D78}	msiexec.exe
File created	C:\Windows\Installer\e5e4bef.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5e4bef.msi	msiexec.exe
File created	C:\Windows\INF\c_media.PNF	VoiceAI.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI63CC.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\e5e4bdc.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5273.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5795.tmp	msiexec.exe
File created	C:\Windows\Installer\e5e4bee.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5DDF.tmp	msiexec.exe
File created	C:\Windows\Installer\e5e4c04.msi	msiexec.exe
File created	C:\Windows\Installer\e5e4bdc.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A977984B-9244-49E3-BD24-43F0A8009667}	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	VoiceAI.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 19 IoCs

pid	pid_target	Process	procid_target
3148	4432	WerFault.exe	148
2548	3388	WerFault.exe	151
3844	3340	WerFault.exe	160
4028	4240	WerFault.exe	163
396	2144	WerFault.exe	166
3576	4808	WerFault.exe	188
2220	1400	WerFault.exe	203
884	4780	WerFault.exe	234
2860	4888	WerFault.exe	241
3640	228	WerFault.exe	244
3980	4560	WerFault.exe	247
3204	2696	WerFault.exe	251
1524	2448	WerFault.exe	254
3300	3932	WerFault.exe	280
4660	4940	WerFault.exe	287
3208	1108	WerFault.exe	290
3944	4912	WerFault.exe	293
4016	3748	WerFault.exe	296
4120	1684	WerFault.exe	299

NSIS installer 10 IoCs

installer

resource	yara_rule
behavioral1/files/0x000600000002334d-938.dat	nsis_installer_1
behavioral1/files/0x000600000002334d-938.dat	nsis_installer_2
behavioral1/files/0x000600000002334d-958.dat	nsis_installer_1
behavioral1/files/0x000600000002334d-958.dat	nsis_installer_2
behavioral1/files/0x000600000002334d-959.dat	nsis_installer_1
behavioral1/files/0x000600000002334d-959.dat	nsis_installer_2
behavioral1/files/0x0006000000023355-1340.dat	nsis_installer_1
behavioral1/files/0x0006000000023355-1340.dat	nsis_installer_2
behavioral1/files/0x0006000000023355-1341.dat	nsis_installer_1
behavioral1/files/0x0006000000023355-1341.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Desktop\ForegroundLockTimeout = "0"	BsSndRpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Desktop\ForegroundLockTimeout = "18083160"	BsSndRpt.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 61 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption"	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374331665204969"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\voiceai\shell\open\command	VoiceAI-Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{A181A302-3F6D-4BAD-97A8-A426A6499D78}v14.31.31103\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ = "C:\\Program Files (x86)\\ClownfishVoiceChanger\\ClownfshAPO64.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle\ = "{2aaf1df0-eb13-4099-9992-962bb4e596d1}"	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MajorVersion = "1"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{2aaf1df0-eb13-4099-9992-962bb4e596d1}	VC_redist.x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\FriendlyName = "ClownfishAPO"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\PackageName = "vc_runtimeMinimum_x64.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxInputConnections = "1"	regsvr32.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	VoiceAI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	VoiceAI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VoiceAI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VoiceAI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VoiceAI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	VoiceAI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VoiceAI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	VoiceAI.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
232	chrome.exe
232	chrome.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
5104	msiexec.exe
5104	msiexec.exe
5104	msiexec.exe
5104	msiexec.exe
5104	msiexec.exe
5104	msiexec.exe
5104	msiexec.exe
5104	msiexec.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
2080	VoiceAI.exe
2080	VoiceAI.exe
3732	VoiceAI.exe
3732	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
1704	VoiceAI.exe
1704	VoiceAI.exe
4808	VoiceAI.exe
4808	VoiceAI.exe
1576	VoiceAI.exe
1576	VoiceAI.exe
3724	VoiceAI.exe
3724	VoiceAI.exe
3724	VoiceAI.exe
3724	VoiceAI.exe
3724	VoiceAI.exe
4540	VoiceAI.exe
4540	VoiceAI.exe
4540	VoiceAI.exe
4540	VoiceAI.exe
4540	VoiceAI.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
5076	VoiceChanger64f(1.80).exe
5076	VoiceChanger64f(1.80).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: 33	3572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3572	AUDIODG.EXE
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4176	VoiceAI.exe
4176	VoiceAI.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4176	VoiceAI.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
5076	VoiceChanger64f(1.80).exe
3632	Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
3328	VoiceAI-Installer.exe
3528	chrome.exe
4432	SearchApp.exe
3388	SearchApp.exe
4236	vc2019.exe
3052	vc2019.exe
1488	VC_redist.x64.exe
3340	SearchApp.exe
4240	SearchApp.exe
2144	SearchApp.exe
4512	VC_redist.x64.exe
3388	VC_redist.x64.exe
4324	VC_redist.x64.exe
4176	VoiceAI.exe
1400	SearchApp.exe
2584	APOConfig.exe
4780	SearchApp.exe
4888	SearchApp.exe
228	SearchApp.exe
4560	SearchApp.exe
2696	SearchApp.exe
2448	SearchApp.exe
3932	SearchApp.exe
4940	SearchApp.exe
1108	SearchApp.exe
4912	SearchApp.exe
3748	SearchApp.exe
1684	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 4524	4416	chrome.exe	83
PID 4416 wrote to memory of 4524	4416	chrome.exe	83
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 2960	4416	chrome.exe	85
PID 4416 wrote to memory of 4944	4416	chrome.exe	86
PID 4416 wrote to memory of 4944	4416	chrome.exe	86
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87
PID 4416 wrote to memory of 4772	4416	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ea49758,0x7ff94ea49768,0x7ff94ea49778
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2012 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3904 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5828 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5464 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5736 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3736 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3368 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6140 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6368 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6428 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6580 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6584 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Users\Admin\Downloads\VoiceChanger64f(1.80).exe
  "C:\Users\Admin\Downloads\VoiceChanger64f(1.80).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5076
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" stop Audiosrv
    3⤵
    PID:4732
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Audiosrv
      4⤵
      PID:2104
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" stop AudioEndpointBuilder
    3⤵
    PID:3352
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop AudioEndpointBuilder
      4⤵
      PID:2640
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" start Audiosrv
    3⤵
    PID:3496
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 start Audiosrv
      4⤵
      PID:3204
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" start AudioEndpointBuilder
    3⤵
    PID:4368
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 start AudioEndpointBuilder
      4⤵
      PID:3428
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll"
    3⤵
    PID:1436
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll"
      4⤵
      Registers COM server for autorun
      Modifies registry class
      PID:2852
- - C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe
    "C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6676 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6848 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6452 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Users\Admin\Downloads\Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe
  "C:\Users\Admin\Downloads\Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3632
- - C:\Program Files\Voice.ai\VoiceAI-Installer.exe
    "C:\Program Files\Voice.ai\VoiceAI-Installer.exe" /path "C:\Program Files\Voice.ai"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3328
  - - C:\Program Files\Voice.ai\tools\vc2019.exe
      "C:\Program Files\Voice.ai\tools\vc2019.exe" /q /norestart
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Windows\Temp\{657DFC19-E93A-4A43-8F9A-1D40B4A7F8D7}\.cr\vc2019.exe
        
        "C:\Windows\Temp\{657DFC19-E93A-4A43-8F9A-1D40B4A7F8D7}\.cr\vc2019.exe" -burn.clean.room="C:\Program Files\Voice.ai\tools\vc2019.exe" -burn.filehandle.attached=568 -burn.filehandle.self=716 /q /norestart
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Windows\Temp\{0D63FF5E-4C40-4B06-939C-90AEDFE48201}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{0D63FF5E-4C40-4B06-939C-90AEDFE48201}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{6924E641-CF59-4669-8080-0E36C18A6356} {B4DB4037-2AB3-4B2A-9860-3BE75E1244D1} 3052
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1212 -burn.embedded BurnPipe.{6AC7E11B-6272-43E0-A7A4-8AA3482787AA} {04860ECF-F81E-4BCA-A144-ACA0B42799B6} 1488
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1212 -burn.embedded BurnPipe.{6AC7E11B-6272-43E0-A7A4-8AA3482787AA} {04860ECF-F81E-4BCA-A144-ACA0B42799B6} 1488
        8⤵
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3388
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9A30A341-4405-43AC-8B81-BFD887E4A56D} {40141B9F-5410-49DD-8BA9-FFDF89B71931} 3388
        9⤵
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4324
  - - C:\Program Files\Voice.ai\VoiceAI.exe
      "C:\Program Files\Voice.ai\VoiceAI.exe" installdriver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Windows directory
      Modifies system certificate store
      PID:1316
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "C:\Program Files\Voice.ai\VoiceAI.exe"
      4⤵
      PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3964 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6484 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6520 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6052 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5168 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3868 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7100 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1888,i,1302156056330350538,11168986456401531348,131072 /prefetch:8
  2⤵
  PID:1616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x29c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3572

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\c49ec42a6dc8471f98b820fdf44e5ef6 /t 3792 /p 3764
1⤵
PID:1136

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4432
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4432 -s 3604
  2⤵
  - Program crash
  PID:3148

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 4432 -ip 4432
1⤵
PID:3160

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3388
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3388 -s 3600
  2⤵
  - Program crash
  PID:2548

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 3388 -ip 3388
1⤵
PID:2144

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3244

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3340
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3340 -s 3568
  2⤵
  - Program crash
  PID:3844

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 3340 -ip 3340
1⤵
PID:4084

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4240
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4240 -s 3596
  2⤵
  - Program crash
  PID:4028

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 4240 -ip 4240
1⤵
PID:4864

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2144 -s 3664
  2⤵
  - Program crash
  PID:396

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 588 -p 2144 -ip 2144
1⤵
PID:3620

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:4228

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5104

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
PID:4536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
PID:4364
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c6b8b40a-2d6b-904f-b98b-310fe5b13599}\voiceaidriver.inf" "9" "46b7f3743" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "c:\program files\voice.ai\voiceaidriver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  PID:4380
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11bfc96d40:VOICEAIDRIVER_SA:16.36.0.99:root\voiceaidriver," "46b7f3743" "000000000000014C"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  PID:4940

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2900
- C:\Program Files\Voice.ai\VoiceAI.exe
  "C:\Program Files\Voice.ai\VoiceAI.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4176
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:\Program Files\Voice.ai\VoiceAI.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=2600 --field-trial-handle=2652,i,5639151057918457544,9632025539879023977,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=4176
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3732
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:/Program Files/Voice.ai/VoiceAI.exe" discord 4176
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2080
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3608 --field-trial-handle=2652,i,5639151057918457544,9632025539879023977,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4176 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4808
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4808 -s 2956
      4⤵
      Program crash
      PID:3576
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3532 --field-trial-handle=2652,i,5639151057918457544,9632025539879023977,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4176 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3724
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3188 --field-trial-handle=2652,i,5639151057918457544,9632025539879023977,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4176
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1576
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3208 --field-trial-handle=2652,i,5639151057918457544,9632025539879023977,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4176
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1704
- - C:\Program Files\Voice.ai\VoiceAI.exe
    "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3920 --field-trial-handle=2652,i,5639151057918457544,9632025539879023977,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4176
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4540
- - C:\Program Files\Voice.ai\BsSndRpt.exe
    "C:\Program Files\Voice.ai\BsSndRpt.exe" /i "C:\Users\Admin\AppData\Local\Temp\tmp6E55.ini"
    3⤵
    - Executes dropped EXE
    - Modifies Control Panel
    PID:4408

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x29c
1⤵
PID:2304

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 4808 -ip 4808
1⤵
PID:772

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1400
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1400 -s 3636
  2⤵
  - Program crash
  PID:2220

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1400 -ip 1400
1⤵
PID:2988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2432

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1616

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:2580

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4780
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4780 -s 4128
  2⤵
  - Program crash
  PID:884

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 4780 -ip 4780
1⤵
PID:1888

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4888
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4888 -s 3560
  2⤵
  - Program crash
  PID:2860

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 512 -p 4888 -ip 4888
1⤵
PID:5016

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:228
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 228 -s 3588
  2⤵
  - Program crash
  PID:3640

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 228 -ip 228
1⤵
PID:1612

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4560
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4560 -s 3612
  2⤵
  - Program crash
  PID:3980

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 4560 -ip 4560
1⤵
PID:4204

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2696
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2696 -s 3628
  2⤵
  - Program crash
  PID:3204

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 552 -p 2696 -ip 2696
1⤵
PID:3560

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2448
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2448 -s 3628
  2⤵
  - Program crash
  PID:1524

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 2448 -ip 2448
1⤵
PID:3068

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3932 -s 3716
  2⤵
  - Program crash
  PID:3300

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 3932 -ip 3932
1⤵
PID:4440

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4940
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4940 -s 3580
  2⤵
  - Program crash
  PID:4660

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 4940 -ip 4940
1⤵
PID:3152

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1108
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1108 -s 3532
  2⤵
  - Program crash
  PID:3208

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 1108 -ip 1108
1⤵
PID:1956

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4912
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4912 -s 3540
  2⤵
  - Program crash
  PID:3944

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 4912 -ip 4912
1⤵
PID:780

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3748
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3748 -s 3616
  2⤵
  - Program crash
  PID:4016

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 3748 -ip 3748
1⤵
PID:3904

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1684 -s 3544
  2⤵
  - Program crash
  PID:4120

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 1684 -ip 1684
1⤵
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5e4be1.rbs

Filesize
19KB

MD5
954f288bb99313add470f64d0bf34f3f

SHA1
f7b1e45ae9653ae05ee011750a25920f0582d2fd

SHA256
262fffa899db56c63e33cb1744c6b537a1c363a4e638044d8d4dc220a81be34e

SHA512
4430748b4e3ed3996b9d0047cacd3098366b3ef13e4ee36f05ecd12378ef69fd403335fd428c0d8891787f1ca1ecc29add0eb0a337306c9b89cbff662bfe69ff

Download Submit
C:\Config.Msi\e5e4bed.rbs

Filesize
19KB

MD5
4c09a9d1e3240f8898515a7bdd83e0f6

SHA1
a4a25b8a73b5541ff7789e2ea24f1b412f2c1575

SHA256
bb66052e85c112d86a20e86433362dd00e920f020f3a5382e1181dafc8264606

SHA512
286c289c438b6a3aa44d1861bd69489f11920c2e6b024c84ba2152a181d8471514e183cde7f9fea0f9f19838aa464c01a25ea89a28deba3c15fdff70c38fffd5

Download Submit
C:\Config.Msi\e5e4bf4.rbs

Filesize
21KB

MD5
a807c444bbea35a9253758f5cf1c2136

SHA1
767c736a336f2b36d414d3e0500a83a8ddb9a601

SHA256
b0af81b3b76dfa17892762b8c9632f47dd6dadc74ae5ec8c8cd775a4887ad1b2

SHA512
82ce21eabb43cd1d2066c500743ad0790ec33a86796997ce9d7edaf00ee416649d9d2dab9fa5f96f4c9dca8601c69267e28b5b47e4c7686309c683ca82b9e4c1

Download Submit
C:\Config.Msi\e5e4c03.rbs

Filesize
21KB

MD5
0f3c70733f61860f6436743cd3ff4be2

SHA1
4e63418f1e4f65d435571b8d8257758452bb4805

SHA256
63a4f3c766c4df84c0d4a472e874f924fd58df336abc0d2fb08920c96fa4329a

SHA512
636cbd656a53a2bfe98888972daa73973bfdec22044cce950fbf177ec7a4d27c598d8630ea208cef40ae3b2302da6dbbfe171bf1d5c305b8c6b5a9c95b7b7a5f

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe

Filesize
929KB

MD5
d938d8d428318a28580e197e28c258c0

SHA1
088fa7ad6ce7e7fae5a02c6c0a943367948bd124

SHA256
f8eec01dfc8f1cdb1cc3d9e8faef83ce84e050de30a22785ee4ebbd741fa07d2

SHA512
f4fb258b891f6465e7a130556b12fccd6362afc6b7c77610c2b5fec0607b7e01557d06286d24950ec4d8ab17f5fbb9680b9fdcbf24dcc9a28895fdf2a8a24fce

Download Submit
C:\Program Files\Voice.ai\VoiceAI-Installer.exe

Filesize
699.3MB

MD5
e02c03538e01da04689406b0c3834c05

SHA1
9798ef0ebda90b6ebafc7c292081f531a31ea5c6

SHA256
a836eb6e70b39a533230dc50e8b8beeab2e9ca67931c5b0c3153d5ae8ec1dc1c

SHA512
d741d33cbb60198f173fbe0d058329ae2442be80c7bdc56262eca035bfde7c9061a402d335fc85af4104c6868c97acb5d252a55a5e7460c2c197e74228807864

Download Submit
C:\Program Files\Voice.ai\VoiceAI-Installer.exe

Filesize
699.3MB

MD5
e02c03538e01da04689406b0c3834c05

SHA1
9798ef0ebda90b6ebafc7c292081f531a31ea5c6

SHA256
a836eb6e70b39a533230dc50e8b8beeab2e9ca67931c5b0c3153d5ae8ec1dc1c

SHA512
d741d33cbb60198f173fbe0d058329ae2442be80c7bdc56262eca035bfde7c9061a402d335fc85af4104c6868c97acb5d252a55a5e7460c2c197e74228807864

Download Submit
C:\Program Files\Voice.ai\VoiceAI.exe

Filesize
3.7MB

MD5
2df3814949cc733fc719f6948f7a6235

SHA1
7c645a39365f4dad60aedd4139f76a0ae3a03fc5

SHA256
315d86141a39c1d9465b37e2804d819feac820fa8560cee71a63b8835817dae9

SHA512
e0a9ee5155b81482530cd276f4a7555ed8d6771528135a6a9228143f064dc60c044df2254a18802214517f65c01b779850d7cbfc1c39307a79b337247a443922

Download Submit
C:\Program Files\Voice.ai\installer.log

Filesize
16B

MD5
7363e85fe9edee6f053a4b319588c086

SHA1
a15e2127145548437173fc17f3e980e3f3dee2d0

SHA256
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

SHA512
a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85

Download Submit
C:\Program Files\Voice.ai\meta

Filesize
65B

MD5
ee1d150da153d6f684745591fdabe67a

SHA1
65a8682aea8b83752744eaadc32b3908b91bc465

SHA256
bad7fabefa7d7d42a275ef2954758143c292ebbce47f4174b49a009b7da50b19

SHA512
1371566c5470763d8d9fee45e42e68c67837c0049d2bd4012c2543d391a0c0d483a34394de26f1995ee3c3b184a44c419070177c2799029cb904d053577e533c

Download Submit
C:\Program Files\Voice.ai\tools\vc2019.exe

Filesize
24.1MB

MD5
4a85bfd44f09ef46679fafcb1bab627a

SHA1
7741a5cad238ce3e4ca7756058f2a67a57fee9d1

SHA256
37ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b

SHA512
600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98

Download Submit
C:\Program Files\Voice.ai\tools\vc2019.exe

Filesize
24.1MB

MD5
4a85bfd44f09ef46679fafcb1bab627a

SHA1
7741a5cad238ce3e4ca7756058f2a67a57fee9d1

SHA256
37ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b

SHA512
600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b2ec319749b43aac51426e1aea15f71b

SHA1
19a0a2a5597ebb59050da5f8015836a7541aa44a

SHA256
69dde5e38440b3882fa56ecfe5498f3044ce0301de162cf8641fe7048d056a11

SHA512
3fc9fc71d00bf1d003c16e1de2a03ba8e4c65e8d79a82c270266dfdf08e30b84f2113d784e8aa45b89b173ffed9ba9dc4ea849cf7be01d6105a6dbf2b089c0ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
cfbc16e33dcbef6f773f0f79af528f45

SHA1
ecb8d5e8107bc671dd57fb2a137c00bffa419f1f

SHA256
f0937890fb1053069baac97b7992c6d22cb74cae20317fc05d51070d96950ffa

SHA512
59ac2ead1eb84edffb06867850beb1e63f72c5b5415abd2fd4e7c2a1922c368f612d2a0288c00e32d5da47c4a77968ffbe72660a8d1f577f44fb20df9c11a4af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e60935f2ee95ebc87c17e3615e6b8bed

SHA1
5d9146944c20ac0f685eecbb3f1b8ac621699f21

SHA256
2e4a70893a1796d8b93dd2d1da92ce7aa5340d05d061c6b7985f045caa139c01

SHA512
006bff98b504459833460127f74fffc28619a4ac59652e6f58e7235e4dfc1c262378da220b4a27efd7aec07da0f48c0ca834f6808d18380e918d45c67fbf989c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
1941eae452f85e0588a335c21898e9c9

SHA1
34ec64eba80adbe10106636c43c2efa56e91aece

SHA256
93e00efed78991266fe9bcc2a4c47bc8fd15d9921e09a1c70449498fa835b8e1

SHA512
12a17d05bec0d042ab2391320ac6e61c745826a61ebdf5038e4bd100b2a42edf9ac6d9b476ebc3badb1be737c314044ef2173bc451dc1f443cbf928c0d54590a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
39KB

MD5
6a3bb9c5ba28ee73af6c1b53e281b0cf

SHA1
d96e403c99c1707f82ea29c2c1f134e792c64097

SHA256
2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740

SHA512
6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
70KB

MD5
1aa6150f7bd36648316bbb3d7229f838

SHA1
f03c45d1bfea4357e2407a937d61e6a1573e5291

SHA256
350ddd1b07c20d3aa9cb1a68d5524725c00fd56597aa02894552d085da75fb32

SHA512
5eb1ca5211bda94ba28217a98d76bd1e08817222a49f16c3872d34afb41de23f9c6b959d3ab94219ad844b2bd03ff45d28589d5e568903b64bd6835b69d1ebd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
84KB

MD5
6c98e28e6012cb890c1844de96f45570

SHA1
9b69f0ab3fb048a96549ac26a376bcc64a360044

SHA256
b4632e8a58bf796e730f8d0bfdf0d664c0d3e134ecf6dc0f3d345820bbccf7b5

SHA512
5cdeb4757e17e8cc9220a9d375d261a6f3048007848d0c6cd98890aa8e57479b6aac35b685b6efd256135f824a1e6f48889a91284f75ba61e1288cf180c3c393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
27KB

MD5
577a8839d8aace33f707df1f9ef1d4e9

SHA1
4320842226a252a4c8f5aaa8198feefff7a793b9

SHA256
4be7357e996010f3e380c2280de350f14d8ec6294758c561a4096e4aea403454

SHA512
83c68111c6e16bb5a5f6ef31299a778cc124e55173bf0b891801e14221d6d98d4b92850e9ff26c2d4177499f4d6b3fa7605a0e05bd281547d4d4fccd27eb2580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
56KB

MD5
8b7b5c43ebce0caa5b754c6505f4e53a

SHA1
40f368d09600329be771c0ce7497ea07487a1c99

SHA256
82b6d7aec7801c5c16af4dcd0781af1fc7c045e3ef4eba780c2118100d207cf1

SHA512
4c2abda3de2afed32b6bd9b6c0852bc4f54671e16ad06932161e39f555b111933833dd98e8fccc8f7752f8960aab0afbc730989ea6888989c77e5a8a75f750ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
27KB

MD5
7a2650fc308c9d3f4596c038c40333d8

SHA1
6a1974e21a0002895c50de5f27afba17fb4fe47b

SHA256
28dc32173419ae6442ac74e53c0334021d1a15fa3fe8bbe0c0e0fdef7e75eb41

SHA512
9250e90cb5102ddc70ad4ea1e7e9dc9fd67d09c32d207d7898292aa68c25c6bdae5185325e184b5290f944753b07feefd29ea8e13459dc69e4851137bd50ef46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
54KB

MD5
acd31f178f50b6cbf2246edb86e5753a

SHA1
b8dff016a8ae879c1e63aa98d18f06e61981a265

SHA256
90154ae77fdaabee7d9e9401da17bace042a7d9c9a2e9bc8b216a71b0ec1057d

SHA512
b01b683d111cb4be42b04e68fea121af7e99287b9324ac52189fbb2b52675426fcd82fff1d3cf63a9a075c839db0b19f9576cf6e7379358a7476c4edee021ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
711KB

MD5
cf7010f595f2117b6076d11adee2c443

SHA1
5be6552e79e1249689886661f4532ca80c72d60a

SHA256
b9b37c632ed99c141903ad2cb2ba604473a31ac1412bbfba09bad2a497cb1dab

SHA512
2f012eea5fc50845e70e3541f04906c1676ec01e4a29d3b617c15bab5cb16516894a0203de836e5e6e6faf7b9d84000768b11865dd912648db3fa7e8e18f873d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
56da400997ab355c16771b9a37ac212b

SHA1
6229d6b6670fd051d1241f21cbe19fdf3f68ee82

SHA256
24617ca5680055828d129046ec52758f34c1a670566960686dc6cdc81f769591

SHA512
4e92c3a96e09cba43532ee781f7b38e2671db4367bf2e14279eb05b5183e3a1c7e8af44eae25d714fe897e5ba340ac56004268dd7febaeca76977bb2aebf8b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7b29e19fd8e7f1d6c8c3d5685fd76efd

SHA1
de71780c2e94400abc5e8438fd37549fd81155f8

SHA256
516b63dd6342544261b0eac55a1c2e153d8e07073c919f5fd2d4517abd7fcc8f

SHA512
f2a3da6519b4753562343f157b0bec207844ee354bef693c532fa1558c6fd379957fa6911525e748b8cd82871b9ea21ac8368e614317fc4f9e79b42b68d9e999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e81b2f611802e97c4f6f5742ecc7d735

SHA1
6b07e672194e20d863894858826351ff54dfbcf7

SHA256
6de7c15885010ac7398e44b343c5562e4cd1e799886a057c3895b19aa6279724

SHA512
ca817081892af85a63aeaab7951c5fffcea7b9ac6347e8f8b408e49ab9fa5017d11d39438ff7945c99dcde41434200623325f19e4c2c15c7276560183f1306da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a87062fc9b0f937bf80d312b181d80e6

SHA1
8c12f485c28bceb552b5b5e2dd6c49081a44d1db

SHA256
08894d407e69c5176b5cba98b85f5902f39c6a2abc0caa2ae126733b969b3cb6

SHA512
c1d918cff0b51f63b346a3ae86443f6ce3f3ac93a5044fdd3766b2ed76d65a0b4f0bf2cb6b07901455a861ca50df760e49b8e47e46c44301efda92a31254958e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f4259dbe346d92bffbac09174f6cb22e

SHA1
eeee3e2f6110f23800631e4ff85e59620e9a30f1

SHA256
5d5df25728a44e35ad9646c856cdefba09fdf4ebbd6acd6196d0be3efff864f6

SHA512
3e67a984635d58af073f60a73ee3bed2c17e35528ee40127955cbc574efb238e3ed9a9b69de35a65a1b69b52cdcbe06bc4462059b5cb99d24ff862fec19ef43e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e45174ec4e9bb0402b4c40f4d92dfc19

SHA1
ea22c10a7540ad301de643445edfe15713c0065a

SHA256
00dee495494efde5c3a1a6ca830ae15758c8460c375176a3b730fa1c060c3ca6

SHA512
46ab4fbd9f2d495371f267117da94747fe0c39b1c74ad43630631e63fc694dc956ea52e7b51370480f9d281267b2d2039183bfeee21966c0d92fc4c21902f1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a1723.TMP

Filesize
1KB

MD5
6a420646ecbb5b268fe9dcf1cd67d10f

SHA1
feeccdc8c5090cef9ef67696b4e55307f6f5463d

SHA256
f9c590c156df5623f87e81171a105a192013c6dbb26f6dc1238edf362649367d

SHA512
e3d5c4cecf38eaa4898330a7a7c6bd36a8cffb8cceddbe9cf5dfaa713f849ef0a927ba75f87a8bdc82fb027653aedb91406d29ab65ebfc2870da2faf234a0979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2886730d-4414-4a46-b281-ec57da1690a5.tmp

Filesize
11KB

MD5
a1a9752e14a64edcf198f0e61b448041

SHA1
8a1ce35d4c9c55cbc41e80daa22d3b134ff9724d

SHA256
da27786ead674a1224f854b53856cf13a335bb1b683fb3ea9c2fd2dcfab13510

SHA512
4072e34d970a812b22016a857afe3cda0adfdf19ca53927d32c5da8c75e1ab046e5dfe01f9b0976e2b904411da6ff853d33d1511862d8ae1f40afa159cea4a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
fc8406edee68d52384adb3c705fae191

SHA1
5acb7bc9f72a3635621b3fa5aefceac08765d3bd

SHA256
b4d961eb427c8f7870a5731e8c22e4885c34bb855b05a4174c03c7d80f3b7c58

SHA512
85e2bf53ced31c0bc88e03781c3502753be780aa4c58c9ef5d3471065e22db8ede95d7e4e749c5a605ee2cfb756a2c3486cdcd8fdf5d792cbe56998572f60461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3bcb9966d498abe5dc51892ab463d4bd

SHA1
3f9c4be6e1933eb56aeda3868c83fa3f466bfde8

SHA256
76ed78b313457276926ac098c9b9cd005e3ebaad94761c09f5313e42f0c73ea4

SHA512
83ad19ead1437c1b5d96195d2d8941e590293bc2adf43c271b4ec7d045218654023f9541760576ac2028902efc5861687ab9723a0d0edd0906723be56aa1489b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
11a39456c9c628ac715f129f22fa7ac6

SHA1
320a93d554ca2a3b3423219cf579d02539fc85e9

SHA256
ddee9b3b12198c0bb3ab88a7b6d22a5cd425c6fbf093c5480084691ac7958db7

SHA512
7921acdb82d0c3d49b9b0fac93276e9646a952e7d73ee46f8f54a420946bcd767dd4d6c6ba71de3ad3ce9a10d2d3b16d01a737a482351032bb1b44dff5fa9a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
8b3cc13d199bb7f380cb9c9efee426fd

SHA1
ba8654feb7194bae7b164321fc230cb18995059d

SHA256
e9a462b513beeaf134774413b615628e51006b2eeb8227ae5f63002f9503e023

SHA512
5188d14e07fd41a0f182c4bdf0f89580dd7950476582a26db9937af71e510f0a59c10a8f24c6388d510a1eab1dd0b87f0a25eba3dbe23ebdaec27c3c85e6ac6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
6544ce860b1d0c950cb2c6f765ff26b6

SHA1
a9f734f7ef031130da0dd4c20b066f23cbd84c8f

SHA256
65a156aac0f8932534d6856fd0a7cf1538f83aacb9ac57dd8cc739a9de13c1f4

SHA512
6725673d694ff11290aece6c260828482b7448674221e80b60a526f893a2d3441bd18b70a1cddbc62f53a295e676a92ba7a11a3273a1915c4240c7a855a9393e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
488507a1418a0438098d8e501b5805c4

SHA1
e813a5e6d08f6fd529c6aa400b775fb62d441e55

SHA256
01676cfdef8a4d34715a2084592957245fd6d6baed492c47244737ac5ca604af

SHA512
0c1ce700fb59bb34f622365375ffe6bcf4bad80ec6a0b8c42663f569419b6608cd4611dc4841ed0d8457bbd3c9dfb8f9124f6504065cc9b8aab011dd876860c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3269b3d981fced824c633ba9bca8c63e

SHA1
d6cd52e873fdf0c16513d5a58831199c495fb203

SHA256
3a353b6f8f12b2db05e92327a52e63d227443f70a14df700790cef9871c0064c

SHA512
929d784d4dba952141c440e1a1b6edda1b5410aad79e72b78e76c71b3916538c70a91c4d0ce68e3e8ec39e1df2bac237caa4401b5112ab4a716a28b7037d6373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
533dafd0d14ba9dc75c98d0aafe0c9b1

SHA1
5ff7b06af2cf30f7d7092205d180dac553192fa6

SHA256
d67083bc7ca61aa808e79b756a65b50b27430400b2802cc41bb3bd7dedf529b6

SHA512
99e2a45dc1e1b95aabf804a85bda88301c1f7e58e480689d832aec43d65f0e0e3d467e47f4b3ce515bdb8be8a4b40db80b02f51d7d627035a08abad023346614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0b53a6ff33ce87b262649c577be59fc3

SHA1
f014289f664b5de0f133d155e0b99b53a34f3104

SHA256
a41344f4a9db811a20b99a7c0fd0581dc854afb0e9d77538b488fa444e773b60

SHA512
1a7c40c83321fb0846ee5caad76c340d63bb5a69ba3b65fa70ea463f78e7b4f3a0047878798e40af5e4663171524b94f95450a2e010fac481ca9172e7ba3138d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0c5699940605a04f71a326399c101377

SHA1
505f115bd02ddf9fee5d62b7f3973b4f4bc50c9a

SHA256
7f05a7508aa202adeaf504853cab91cea740ba5f23172e0a2865adda78b3e000

SHA512
1203f3659c51a063db157df0ea36736048a4320d87df7635289961323a4db6498e24d9b8879255ad006b12f94db399bf7845bbfef046ece49e68208eb57c761a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
cf0b3d1651cd628e90a573b9abb2784e

SHA1
3ab4bee82c0468a365d53378cbcd6a7ce52dc6e5

SHA256
5bc90ae27a4c5fa33cbf8cea23f09603bc95e04a43e306df5946afc702747d57

SHA512
ff41d976f8f12d19c7c3ebd49dd32d19a767e07775315c2634c115dc958a89f1ff9a9e1ad326b5c79a8c484b25f18db2f48d9e8bc0596ed5ee378d1663ef1772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9acff4f0ea0929ac4ff5668aae3a0bd3

SHA1
bdd6c51b3b46927f6bdde389b5c106dcb8609001

SHA256
079d58f8c2c72c170cb7cad7d88f741671955f5db0c6f51d4aadd4fa4ba544f7

SHA512
86459fadf2fc4d6cec36e6fbab9f0c2e19bddcae4d0030d19ccd748570d74c724ec2d37107780606908567b6c5729024c84699355b62d6e7697fd058cc3ebcf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7f52ef397bfcef11b23a2e17e537c029

SHA1
e9fbde4055a226f9864b28ab02b8b35e9db41126

SHA256
b05146129a2b624747505f910d1fd500e2f8778d19260dea4f42fb2bf7ff1e29

SHA512
1ae4d86253b766e3051aded7a8e88bce952c7b532208644d3f1dffbeec00c9fd6f3ae3d1da40d8c3909022a7a2e977341163f3fe439df11b04a147c91c609a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b0965b9a4f4ab8ef28e6a44cbcf9f842

SHA1
06c6532370f7df19259d03b6b04e77ef02491af2

SHA256
53dcdd38f2db1fdb0e6240ef953adae71de322be320358a40cae3593dbbfa2ab

SHA512
34c38fa63ccee5dc4dc46b69f0f29723e2b3adfe7e5a3847af8b4c02d72d20b7a05e84aca7649e9e9b4867f61c60f4758a5708e5502b7af1ab7ecafe6ae42600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
74094c56ba48e629de102074ac339543

SHA1
bc005509a62e30a621344ef8c4ce6cd64d27275f

SHA256
3c34432c131dde8c1d1bf81def28f5da6510308a9d56709f23766fbd6850ad1f

SHA512
a725c51246a6193122998c1ff21fc265af6153f7bcd73b7213f2b5e7e58bb693f65c3735cf338e35f6e461d1bdce5d31b105721a32421b129932cf03110c0d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9c216505a2431ff4a6c686a16c672060

SHA1
49ae6fa55cb31c74d8bf53504028a74d948eb207

SHA256
d13e210af8dea4b13cbccd45c84d78140ea16577123eb2ee0b2775795d4a0b51

SHA512
bbfb5c73f74cf1a077ee11c224cc07f48dc859cdda5fdd4d22dd6b6d948d55db9a69853573ddfa8141d804237e46b48444ecb06098ea4074ce1764aa57cad430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64753dc18b9891ec895258926ef45b40

SHA1
0a3e1db90305122b1633dd67794e435280f24474

SHA256
d07b71aa22af18ed5efca80d364f06b7259331f5beae132a3c89837fab31720d

SHA512
4a42a2c72681b5a937075fa4ff28dd31c8f6c2453cedd539a9cf5942835e06010038438a06625106d0c18237e4b5efaa0d01c1dc05f27c0a90f069ef578461dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fae567a9cccf46071d0fd7c912377c3a

SHA1
f0a9d40db7f6ab0bcdd10fb3b5baf6b5e92ec340

SHA256
9ca8262fd80d512cc7a1ddf5c30c520a378ededbf0518f4a6c5bca0915ab08ec

SHA512
2fd6e23aeb7a26da13a80741cd4d5ad96a2c9c17faad3a766da62f2dcc28050db944656d1bbbdb5a35371ea28111c976c142c0033b8183e6f8f3eae827f36abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ef6a87aad63616b919f83f46a15c1eaf

SHA1
3377ecf7d11ae0b4a249a5b0adb605a257dc459b

SHA256
5b1049e8c252827856db1736c59f0e1a89e19c95f366d4642e8e5132460026ce

SHA512
4f00e27f90c81fedc3eff2e84dc77758f91a0c4debcbda8c984cefdd934c190b14701a56aa18638f5023911c4f94441c8b7aa7c3078dfb36ea00dab2af428972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1a953aea79daec14e298ed07b088b0e7

SHA1
802186c446a77d2bc31b05344e6f11b5aa6bd549

SHA256
464477b3b12d5e8f7a1c9efd6ca91cbf908f4f9e577edc0469730f670f82dda2

SHA512
2f94cdee97aebf6dc8996e56f1a652a37372f6b8f7eaad044052d8498564ea4b9b974d48e7440bed5ca6f7c07da8ffcc40b8007b0a77276c98dbb8981eb212e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
60a25a0246a3bca7d3ea903c329523ea

SHA1
6392083a6bcfd0509f124e51f66f0ee4f1c17cd9

SHA256
ae5d25432feee7e5942b97513b179be38a2f73c905b3969ad0ef6f0026a6130c

SHA512
aa471d990d3411fda1db9573d1ce565bdd163708f28fc1465d9c5cc960b27680950a60fa7e6d0b45cf95972190ec17434aac41a4261b77a8d103dbb67776fd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1a0ed4a199f76a7bbe8b4e6f123e0eae

SHA1
b4e9e79f50ea00afa505a85b6e7678c48643b484

SHA256
3eac06e68779de8ea00abfd6979de90d48c8f77cec948f5f02be2722ec951927

SHA512
b64e0dd68b7389cf57376460be0df24a75fbdf3de288ea8091d587cad65fd09aacedcbca6a9594dd800c5c77a0120976f8cd2a9f6caaf93fc9daccb590242953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6069601e9e901afbbf595ca76caeb832

SHA1
d3fc95afa82c75595673548de0af9756f30c3654

SHA256
65c1aae54b7929915c618b7ab3b769628df89409e820eba9dd1609d304a34172

SHA512
e4585ae663951ca546ad0d27b3365624d93c18889a5ee4e54035adc32e06701f46fbe29a4037d5e4c941da876312e8bf4eb1d835c87e0c6313ca0bbceed1ba70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fbe8221a5f3354927f35849d88e8a24e

SHA1
8a8c1f2ba056dd377a414a6d73e8c5df50294771

SHA256
af6e1592e6a42fb90d1a358b44a82a7cf08e77420a9179a34633cc10687cb27c

SHA512
39d73dc51a340a38e2e46fbca56476b664ca755e4b722e457d28819c81a236f0b065059852f83b457dae95aa1a49483b3e50d0ea147831a9e4f1a52503ffee46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e078d264887adf2614d29baf09b96750

SHA1
f3019c69ab83f25329825dac32e594feb0ef0f83

SHA256
0a73bd9df78e4bb10b0d0b3d6986084fcaeda24ea52aee303f179243466dbbd8

SHA512
50cb5afaa41a8febb31fdb8641a7bc4fca27968048524f0be7356b05c18fdfcbe386cbc8bba367937068bac79c9f38d40c181d8876088093494a6b1b5676ecae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d7164f602c9510377154f4529467893

SHA1
25c4b1c5fb0517d51836320354aa183679086f9d

SHA256
64f2e6f69e6ba9001aa8c7335658fb53426dc07b6fda9ce5b08ebab6e237083f

SHA512
7ea7c76bd375c037634c453fc05e8fac81f910550f08fcf5caff830f9720ea5c194b59879540dbb51c01d51bed16d48342e097c9105e9a90be6533cc114eb3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ad5ac59ca87b95ff80da5743ee154d3c

SHA1
9f0bf09f8be48eb173e5dc32084bb513f9876c0a

SHA256
c3ba621699944c7ae8abf2af3cfbf4e939e36c882c9d89a1b7b992654223dcf2

SHA512
5fc6c43949db4beb1c01dce0f617423f65802f89ead8f07747792f43fe7d23a689a2149f76d4840e9dcd173d1a6dacf78910f1595b54fbcaded71b57e0a27066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8c367bb15f11fcc85402cf906f35d134

SHA1
5c6af654bc995c1558b325f1fa46e7111db01273

SHA256
2eec1ea027806d823d0d094dba35d0a7b003c1eb29560432472999822ba595ff

SHA512
9617927d66a424eb692615c61f9d145fe11d32facc9e803073ed2b4b824d09a833a2f1eebddb0ecac60daa7e0bc8901861869789c2596d2ca628a91fe3f385b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8d2a7d36e56cb4c2ac903e73dd5d3280

SHA1
461945bb95a31823041f7f0301062ee75ec7ee5a

SHA256
7dd00ade0a53a77b0a9368fe210bdad6b49f7f61d8837af156385e3ce116bad4

SHA512
64cfcd1da235c0cc36009a75c778927a8ed0478f5b41251daa9fbf45729bc537cd1d41029b8b1d26e493885f337f3aad4cf6ec2e5463705db294121ae49b5f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
65d4da784b11b0574564c64f5291fbb6

SHA1
f6bda9f3cfe713721e377975b564a49204a84f89

SHA256
48fffd59136b914e9e05d0a916630d3831a3acc144d00d5e335a07fee7208265

SHA512
79ccf8336947e961c5228e3c4686ec849e6e8396c0c2c4b2dc27f1a2b2a6729c81645f52873cdb05cb4d60ea032114616691c605e4df4cb5ec7968e8171cf15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b9879446ced34a548c015bd78eb6d7a

SHA1
a879a5b2588c60c1d6536fa71765cd276f125944

SHA256
be2abc5a8a237177e34eea04b061db59d051e2c0cfe897403d9d010bc40fb77d

SHA512
0be9168def9edef166b3df4a272811727bcd252e54cc31c7ceb10539503838315c3a2a1e2eea66b5021d6962a3c0fe1e97924a919fdb62e1f9a14ad82f86978f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8cf62aeccbd33c9445cab4ca09e0c463

SHA1
7f54a18c7c1721d4f950e21e1d5605595ada3d00

SHA256
ac05a528fdfe26ad5a5b9fca3bc685d818df619346d78c21f9f02e3ba4916977

SHA512
4d944de8bc2738bc1e82463b09215879e1a7cea17ab510b6054bbde6de0377d1cc9dad18840a20d73707d4c1e5986ed77d11b35cb37a0669019bfa17adbcac3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580e63.TMP

Filesize
120B

MD5
32a479a82401f29bbcd9d5c6692894c5

SHA1
c56161b695324e6ab96a232806e66918b11f20f2

SHA256
0a1df5083fafce11d0784317d8e6bdcef2afebd7bcd8f49d85187a329c5131a3

SHA512
5be91aba1599c10db150d93dda9eb7191f5e41e00906df37d6f462e872363d7429d0b7c879f49a621ef62a981c82991f7607761618e0af8b6045b0ba5289ca79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
17cfafd544f243b30e638b8ad3d7bd4d

SHA1
55d49a89f9dc68dca5ecffab9e95e3b483be50ce

SHA256
ca6fbab7062923a31391f2b42bfb0d1e05ae23c4c9353e320b145a8a8f310d31

SHA512
5deed1f120b89b9eb0abf32e4a7e0431c45844cc99aa58b8ae7945d24c9e7ea14b2518b16b1cc1a1a65a6d7e19f7879dfdca37d9602a5d8be1f49afe20bb810c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b905d14c4154f7cc1384664ac28d382c

SHA1
352dee23f5bbee4af134554f0762f1573daabb0b

SHA256
0ea69e88c87977aa57606753853f740da3019e222c2f4150039853f947b2bea9

SHA512
524cd521e7692c7567ae117d326e1dae7428155d49cb1e997564d205b7ea5e985ee1afc02ae87f9840eecc342509128b2267265e213e7ace34678e8112581eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
befbf3832120823ed68a5747dd0eab54

SHA1
87c3784bda14f40b081b4356b0ac726343fa1e35

SHA256
888efb0e5972c7d46099943d1cdd692cc5da7ae1aef84a4e4a41470fb1ce6df3

SHA512
c89d07e0548342ac21ea37aa49432c127b18389ac246e7b14d6775af09eeeb68998d99d242a0e3b55334555095337c0141fb484737d1fd7e98587455749f8779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
bf602b820c8ff6b57d11d6d009771b1a

SHA1
006db3bd45eb895cde26ecb745d46d405701019a

SHA256
97c93f1095c0ad3b569fad450160c59c3e32dad87a44f298bd31dd583eb93847

SHA512
b2ceb6f8967911b41db666c48da9eda9a2f8b8579d6cc32e62aebf53595beea094e314eeffc2cb476a2a45cdeb49418190a25453f0550d696009c152361451a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4c24f4f6f511d30968dc8c8dc1266a2b

SHA1
5826f2a00797d03e082666ea9fd375566dafbe40

SHA256
6418600d56ae4eff7f5e054e87fe0a249545480ae489b29f60ab65300a1a993e

SHA512
469e1b29f4d808891e4174980761268bd6c4dcf749ea48edc68020d010e9c65382e86a73b4d71665da7fbad0c85fd437dda673aa11f7274dbfbc7a882951f2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
373ed579115a1b4137e195cd10f760f5

SHA1
3c0b10d5fcad1c09b2497e37079dfb795ede67b1

SHA256
77edc3a2bec17c5a440b00cfd9afd02c995dc0990ef41096a60497fe34a355f7

SHA512
4539d9ae4db6974523fdb2ced14e38788a48fb46f25cdca719310abee0af1793278dcb07db23596185ed0737f2241baa213aadb7ead7a2ff6406d526bfd96d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
6caa32408cc90eeec8d088e1b67c32f5

SHA1
d2c2a874c58e8cbf89285cd4c6420d55290e2a10

SHA256
a07aec0ae7136c1bb6fa067b21f998c5397359903d06c9723410bf10b56cc79e

SHA512
5b6978aac857050f36589900ea048c7246e18750f3cd8c4563b020d62f947deb2597c5a0f31a604058d8a9317439e38496def17122edce0bd19aca470ba86a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
122KB

MD5
d9e3e96f05a5cb74a604a90ea7cdd148

SHA1
9d06e3dcc327e310a0cf8a6de8759feaed009a4e

SHA256
8f5e33ccc28146cb907a99f9a27c9d13ee74abce0347772dfa22747159c43505

SHA512
1b73023b7d3c732db00503d3ff4d83c9ddc1a31a5f688cd9177925fc1a43d9108a39084ecd1d7afe86e2e5012e79bc2112e80f8c0f90aafd9fd66f024e3afc26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
49a9f0dae5b470672b58146a35bf5b35

SHA1
c70e7207919f0786c55ee3dd49975833cc690380

SHA256
a7c1f131534bfd62c56886d950f5ed683466a1569d307e3bd1c268faf22e7362

SHA512
d18585665cafd4f493feb75c8ae187f7d1abbe296121474f73303e36d6bd0acb0b64286354c0e066e99004fba790c773d89b1b8b6c52bb669ed8e03ac924be15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
5601df0b625148aa52213bf215872212

SHA1
37e23dc54c2b92bc544c60d14195a387582d72ad

SHA256
22b9dab02505d30caff45ec3d22ab15befc0cf067f03342e34f8678de175e9a3

SHA512
e12d015817143d39cce3ddac185ed46275166dc06ef79581934ba2859e75d5e95e13da039e11b6bba763dd3b10d766733633ff6e03248c533f1747b11952b157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
121KB

MD5
983b2dc77976ffe2e6f7a903c1037799

SHA1
7a27a11e93b14ceebb5ef6a60d7b8f3f0825379c

SHA256
abc1524288361cda5ff5eef6df2bd518d766b07e5ff5250ae797bcd26a9415e9

SHA512
c75759801d2612a7e26170c2f6248626c1f50cbf795eeaf9d97953bc919e1efce507770991ef08aa6549f30dde6597079dd966519ffaa34076e8ae9a271f30f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584541.TMP

Filesize
101KB

MD5
0b820874e66b3c5e3cc0d04ee90a1f5c

SHA1
6e9fa00a03ddda0c91d299bb35543d587247a610

SHA256
4bca1669b9113d2f16242024f3c009dced796e04ec20d39778082e2ea1787fb3

SHA512
9a00123ed55d7f9657f1bba64752b0b2e12caf24ffee32da67ec3cf5c519b42b4d9a00e4effe43462f44c0bda5ca1d615d022140e7efe515c8cdd59d7d99dbf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\J9OABNLC\microsoft.windows[1].xml

Filesize
97B

MD5
54cad9840e798ef7844e4c78d3fed195

SHA1
adf97c182735b5657366615ed62d86d269e09630

SHA256
f940ca20452b05c3cff647feec78aa624509a9ab3d5eb1beb2d814bc367d36ac

SHA512
c495efe72289ede85d243e592084fa4d627c689d7fa835a958bca55fda6be6d9a53cc84e4e78e3e72e68af4e7bf9482ec27c1feb1f93b14520a984c8a87482dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe

Filesize
36KB

MD5
406347732c383e23c3b1af590a47bccd

SHA1
fae764f62a396f2503dd81eefd3c7f06a5fb8e5f

SHA256
e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e

SHA512
18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{786d2620-7644-4b33-a4ac-b2cf7b3e50c8}\0.1.filtertrie.intermediate.txt

Filesize
5B

MD5
34bd1dfb9f72cf4f86e6df6da0a9e49a

SHA1
5f96d66f33c81c0b10df2128d3860e3cb7e89563

SHA256
8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

SHA512
e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{786d2620-7644-4b33-a4ac-b2cf7b3e50c8}\0.2.filtertrie.intermediate.txt

Filesize
5B

MD5
c204e9faaf8565ad333828beff2d786e

SHA1
7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

SHA256
d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

SHA512
e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{786d2620-7644-4b33-a4ac-b2cf7b3e50c8}\Apps.index

Filesize
1.0MB

MD5
a16bb6a774277bf808386c865760f527

SHA1
6156d68eb2dc5a476cd335456bd655195188542d

SHA256
39010ecd6f8c4146fcffe48108dc6e27f60eddcb0e5fea1f29976fa9a9feae2b

SHA512
4e75052ca171e6004971a0919e0193f03c6408d2fa8646c8b02943c817120e39482fe7029f98868fcdf5a5615ee41a500bb9be59c0c850001ef8c363b3154991

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133374336194944125.txt

Filesize
77KB

MD5
81329ba1fb111ee1367178cc718c15b0

SHA1
e1f8b3ae0ca4977b8c123424516dfefd1fe27536

SHA256
75c8accd781249ceddde1139b6d4befb6c8c1ad3798e029c3da28d5a7abab2e6

SHA512
939b39f9d5c607f29b9e65485ac956289b138d7c44a9eca5cc3750782a7445cf5b08c264e3bec12d9232af5c5aa3d9ce31bbac697a28d3b56ac9f04dc5860a98

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\J9OABNLC\microsoft.windows[1].xml

Filesize
97B

MD5
54cad9840e798ef7844e4c78d3fed195

SHA1
adf97c182735b5657366615ed62d86d269e09630

SHA256
f940ca20452b05c3cff647feec78aa624509a9ab3d5eb1beb2d814bc367d36ac

SHA512
c495efe72289ede85d243e592084fa4d627c689d7fa835a958bca55fda6be6d9a53cc84e4e78e3e72e68af4e7bf9482ec27c1feb1f93b14520a984c8a87482dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6082.tmp\KillProcDLL.dll

Filesize
14KB

MD5
586270250a1acce8126a0877fd5bb981

SHA1
9f5645b37b3af04004697639855da5c99a41aca1

SHA256
0fe15b023e21b7054fabb3d47b6084d60f8e474d8f9ca3a0a25dcb2097d6f0b8

SHA512
a1994b91337385ab153860a013912f9cacdf9c233395868bf8eedfbe6dd13841619a8048c1d8407ee4b77c466fd8f31fc5cac2c779a2ef58c3a2a02caeded055

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6082.tmp\LockedList.dll

Filesize
28KB

MD5
2ee096682cc84f5fd44fb5291c00596c

SHA1
8dccebf054abe13e5b324dfdfbe6605553971396

SHA256
671570118024c9132f12999e198cebc87b3bf1846695553bf478c5a42efec226

SHA512
1ffdc3a5256b8eb62aff82c6429dcdf582009a908d43ab30d3fad84770b012be59c972323b6ae2b8d7ea2ae29d8ab3a99913205a0b33582e95dc813c31507d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6082.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6082.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6082.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\nsProcess.dll

Filesize
4KB

MD5
05450face243b3a7472407b999b03a72

SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseB18F.tmp\nsProcess.dll

Filesize
4KB

MD5
05450face243b3a7472407b999b03a72

SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk135D.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk135D.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk135D.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk135D.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk135D.tmp\nsDialogs.dll

Filesize
9KB

MD5
f5b0c649b0cfc103fb113d013d48cacb

SHA1
f89286966000cb053b7e94100c76ec6d1129af07

SHA256
a87bd092fa5bc00661525455b9f866b68c14c29224520c4e38f56f47234cfc1e

SHA512
e184101a03ee1c8896efb0029a02a23e46d422bc0f250ef15349c8214d44156afe2b5f739d8a2339bc2d1c05984fc55651c36c71897cd4b14f41dd37a25cfb01

Download Submit
C:\Users\Admin\AppData\Local\Voice.ai\Cache\Cache\Cache_Data\f_000002

Filesize
357KB

MD5
09ac2725e29fed16c5535a6c1651db36

SHA1
c363396bb09b1c327d9cb748fb409567330dd908

SHA256
34b31c554cada543f7c2a9d248518ab83864bce864eb73acf8ae1abdf6a598e6

SHA512
af16670f73918b75eee6289385ac1766ffa42f9ea2fb9a738821009a174a48e746c8bc12dc137f27653e6a0119db102db9512fdccf05767312fb8c4d3fde360f

Download Submit
C:\Users\Admin\AppData\Local\Voice.ai\Cache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 458913.crdownload

Filesize
476KB

MD5
55ce9a9a56208d47a508f277af4a1f84

SHA1
353b99a87e7ba8e0c9866e9bf5bc7a56628a3cba

SHA256
bd599fe01019469d0f408733761a9785c65281d5a870eec8088472e81fa0f65b

SHA512
dd93b798c29a5b502980256f5619c97b56c43003d8ca19dfc0c916bdfaf4c09f5f0941f9be2e4ace6a71f639bf47303d08d54aa8888bb8a7b125e08cd9f8da13

Download Submit
C:\Users\Admin\Downloads\Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe

Filesize
476KB

MD5
55ce9a9a56208d47a508f277af4a1f84

SHA1
353b99a87e7ba8e0c9866e9bf5bc7a56628a3cba

SHA256
bd599fe01019469d0f408733761a9785c65281d5a870eec8088472e81fa0f65b

SHA512
dd93b798c29a5b502980256f5619c97b56c43003d8ca19dfc0c916bdfaf4c09f5f0941f9be2e4ace6a71f639bf47303d08d54aa8888bb8a7b125e08cd9f8da13

Download Submit
C:\Users\Admin\Downloads\Voice.ai-Downloader-alphaver-99f9497c81374b98ac42bf36f81a7a01.exe

Filesize
476KB

MD5
55ce9a9a56208d47a508f277af4a1f84

SHA1
353b99a87e7ba8e0c9866e9bf5bc7a56628a3cba

SHA256
bd599fe01019469d0f408733761a9785c65281d5a870eec8088472e81fa0f65b

SHA512
dd93b798c29a5b502980256f5619c97b56c43003d8ca19dfc0c916bdfaf4c09f5f0941f9be2e4ace6a71f639bf47303d08d54aa8888bb8a7b125e08cd9f8da13

Download Submit
C:\Users\Admin\Downloads\VoiceChanger64f(1.80).exe

Filesize
1.3MB

MD5
ae3109b3af57f51dd095d190f219682a

SHA1
1aba3d5dcb8084c5f6e70855cdb5975ed1d15d6f

SHA256
9573713822c9dfe73a1135737ce0bf6c31b7973e120fec8be107c0da9b862ef4

SHA512
bba55cc36b76047b13791dd766c529e31c594c4cf9f593622d7db0b9a00a3aeececd29ce0319f6491851f4310d4d41d289780453ad1768344d124caee6108604

Download Submit
C:\Users\Admin\Downloads\VoiceChanger64f(1.80).exe

Filesize
1.3MB

MD5
ae3109b3af57f51dd095d190f219682a

SHA1
1aba3d5dcb8084c5f6e70855cdb5975ed1d15d6f

SHA256
9573713822c9dfe73a1135737ce0bf6c31b7973e120fec8be107c0da9b862ef4

SHA512
bba55cc36b76047b13791dd766c529e31c594c4cf9f593622d7db0b9a00a3aeececd29ce0319f6491851f4310d4d41d289780453ad1768344d124caee6108604

Download Submit
C:\Users\Admin\Downloads\VoiceChanger64f(1.80).exe

Filesize
1.3MB

MD5
ae3109b3af57f51dd095d190f219682a

SHA1
1aba3d5dcb8084c5f6e70855cdb5975ed1d15d6f

SHA256
9573713822c9dfe73a1135737ce0bf6c31b7973e120fec8be107c0da9b862ef4

SHA512
bba55cc36b76047b13791dd766c529e31c594c4cf9f593622d7db0b9a00a3aeececd29ce0319f6491851f4310d4d41d289780453ad1768344d124caee6108604

Download Submit
C:\Windows\Installer\e5e4bee.msi

Filesize
180KB

MD5
143a2b9f1c0ebc3421b52e9adcb4db2e

SHA1
06e01b8cc855fd9a31f99b430f8c8745e706c677

SHA256
5d0416e45819d555ad27e5efc1aeeb465cbb8e2937b3221852bea0f7d9c3a954

SHA512
7e17309cdaa856bd1bf17535e0f65db585226262a1c9ffcaadb19eb0822a578ad9036487870b97fc86b7167848f69d495aa51c380ba9890a71f8f9a94061fa05

Download Submit
C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7A9C.tmp

Filesize
12KB

MD5
26f1832c761580eab272ae065f644005

SHA1
bdd7eb53423659de315d88ad5bb557ffdf5593a5

SHA256
bae9e5bbff837d0ebb43ca1ff1a275474d8e50832a590a957afc8d3ee1e5f560

SHA512
a0c5c4fa7dcc9d4347a521863b9ba4fd2f5eda4d49f70498c4e89c54b59b7773835796e0cc83470c191e1231c69885d22efe823a3a96b2b971ccd1473e2630eb

Download Submit
C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7ABD.tmp

Filesize
14KB

MD5
fa4ddfa2231dc2c50e26794ae7356e0b

SHA1
463f4c2ac4f7505f2361c7853505b19fbe08f257

SHA256
a3554efa382a84130393a4d8656b31f06b20b9387e27fcba978162213fb7be90

SHA512
be11de31cdea93320a03892b572b17985a66d8b8483d1568afcba9d6cd73cfc8f86c628736d9c8649cb9af0acba17dc26c14fef55b2951520236f650b5a55946

Download Submit
C:\Windows\System32\DriverStore\Temp\{09bab20c-969b-a244-ae9b-f02bf26d391d}\SET7ABE.tmp

Filesize
71KB

MD5
90e4c7c347839c09c8f7f45de3f4fda1

SHA1
18c5a6fae8c9292702d62e9ad2da1e24336f72c6

SHA256
74c4c2f122d48548019314fe15a331b81bfc10408b0d6f471dee94e37fe3c1bc

SHA512
2cf37738f112026eeb68636423e619be5e34cae7734ab1cab5d8cc799af7509d2ffca09b566cbe46bb47f54981042099e857660acc2ab24558715408c011bd58

Download Submit
C:\Windows\Temp\{0D63FF5E-4C40-4B06-939C-90AEDFE48201}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{0D63FF5E-4C40-4B06-939C-90AEDFE48201}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
9bd591625766a7330708b2c6380dc1d7

SHA1
18018a3d12278187a8dc26eae538a799511bbdfc

SHA256
21503f265452414f3960b33ba000ab2cbe0a335901e3a585b0935ac4806fdd79

SHA512
58c90b7889d92f31e76d0559258023cb4693982288721c3c7fcd820e40f6c1ee972d9ffd3c95016c2126314a260da5faabdeb1a8528eb23d469a7ecbe391c1a5

Download Submit
C:\Windows\Temp\{6037DFF0-5A3B-4BE5-ABFB-BFCB57355AC8}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/228-2603-0x0000014D6A280000-0x0000014D6A2A0000-memory.dmp

Filesize
128KB

Download
memory/228-2597-0x0000014D69C20000-0x0000014D69C40000-memory.dmp

Filesize
128KB

Download
memory/228-2600-0x0000014D699D0000-0x0000014D699F0000-memory.dmp

Filesize
128KB

Download
memory/1108-2862-0x000001A4A2120000-0x000001A4A2140000-memory.dmp

Filesize
128KB

Download
memory/1108-2859-0x000001A4A19D0000-0x000001A4A19F0000-memory.dmp

Filesize
128KB

Download
memory/1108-2855-0x000001A4A1D20000-0x000001A4A1D40000-memory.dmp

Filesize
128KB

Download
memory/1316-1921-0x000002AE47B30000-0x000002AE47EE4000-memory.dmp

Filesize
3.7MB

Download
memory/1316-1922-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1316-1923-0x000002AE62500000-0x000002AE62510000-memory.dmp

Filesize
64KB

Download
memory/1316-1995-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1316-1924-0x000002AE49A40000-0x000002AE49A41000-memory.dmp

Filesize
4KB

Download
memory/1400-2361-0x000001CA1C630000-0x000001CA1C650000-memory.dmp

Filesize
128KB

Download
memory/1400-2358-0x000001C21AF80000-0x000001C21AFA0000-memory.dmp

Filesize
128KB

Download
memory/1400-2356-0x000001C21AFC0000-0x000001C21AFE0000-memory.dmp

Filesize
128KB

Download
memory/1576-2212-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1576-2317-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1576-2278-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1576-2231-0x0000022959060000-0x0000022959061000-memory.dmp

Filesize
4KB

Download
memory/1704-2234-0x0000020F2E980000-0x0000020F2E990000-memory.dmp

Filesize
64KB

Download
memory/1704-2235-0x0000020F14730000-0x0000020F14731000-memory.dmp

Filesize
4KB

Download
memory/1704-2318-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1704-2286-0x0000020F2E980000-0x0000020F2E990000-memory.dmp

Filesize
64KB

Download
memory/1704-2282-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/1704-2211-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/2080-2287-0x000001E177040000-0x000001E177050000-memory.dmp

Filesize
64KB

Download
memory/2080-2190-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/2080-2277-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/2080-2236-0x000001E177040000-0x000001E177050000-memory.dmp

Filesize
64KB

Download
memory/2080-2237-0x000001E176600000-0x000001E176601000-memory.dmp

Filesize
4KB

Download
memory/2080-2313-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/2144-1685-0x00000210EC280000-0x00000210EC2A0000-memory.dmp

Filesize
128KB

Download
memory/2144-1687-0x00000210EC8E0000-0x00000210EC900000-memory.dmp

Filesize
128KB

Download
memory/2144-1683-0x00000210EC2C0000-0x00000210EC2E0000-memory.dmp

Filesize
128KB

Download
memory/2448-2660-0x000001D433840000-0x000001D433860000-memory.dmp

Filesize
128KB

Download
memory/2448-2654-0x000001D433470000-0x000001D433490000-memory.dmp

Filesize
128KB

Download
memory/2448-2656-0x000001D433430000-0x000001D433450000-memory.dmp

Filesize
128KB

Download
memory/2696-2634-0x000001FDFF890000-0x000001FDFF8B0000-memory.dmp

Filesize
128KB

Download
memory/2696-2637-0x000001FDFF850000-0x000001FDFF870000-memory.dmp

Filesize
128KB

Download
memory/2696-2640-0x000001FDFFE60000-0x000001FDFFE80000-memory.dmp

Filesize
128KB

Download
memory/3340-1643-0x0000022AE8DC0000-0x0000022AE8DE0000-memory.dmp

Filesize
128KB

Download
memory/3340-1646-0x0000022AE8D80000-0x0000022AE8DA0000-memory.dmp

Filesize
128KB

Download
memory/3340-1648-0x0000022AE9390000-0x0000022AE93B0000-memory.dmp

Filesize
128KB

Download
memory/3388-1564-0x00000240238B0000-0x00000240238D0000-memory.dmp

Filesize
128KB

Download
memory/3388-1562-0x0000024023860000-0x0000024023880000-memory.dmp

Filesize
128KB

Download
memory/3388-1560-0x0000024023560000-0x0000024023580000-memory.dmp

Filesize
128KB

Download
memory/3724-2319-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/3724-2221-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/3724-2283-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/3724-2299-0x0000020C71850000-0x0000020C71860000-memory.dmp

Filesize
64KB

Download
memory/3724-2240-0x0000020C576F0000-0x0000020C576F1000-memory.dmp

Filesize
4KB

Download
memory/3732-2267-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/3732-2177-0x0000026479EA0000-0x0000026479EA1000-memory.dmp

Filesize
4KB

Download
memory/3732-2173-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/3732-2321-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/3732-2176-0x000002647A180000-0x000002647A190000-memory.dmp

Filesize
64KB

Download
memory/3732-2276-0x000002647A180000-0x000002647A190000-memory.dmp

Filesize
64KB

Download
memory/3748-2898-0x00000224F11C0000-0x00000224F11E0000-memory.dmp

Filesize
128KB

Download
memory/3748-2900-0x00000224F18D0000-0x00000224F18F0000-memory.dmp

Filesize
128KB

Download
memory/3748-2895-0x00000224F1500000-0x00000224F1520000-memory.dmp

Filesize
128KB

Download
memory/3932-2819-0x000001FE32090000-0x000001FE320B0000-memory.dmp

Filesize
128KB

Download
memory/3932-2815-0x000001FE31C80000-0x000001FE31CA0000-memory.dmp

Filesize
128KB

Download
memory/3932-2817-0x000001FE31C40000-0x000001FE31C60000-memory.dmp

Filesize
128KB

Download
memory/4176-2280-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2159-0x000001F213450000-0x000001F213462000-memory.dmp

Filesize
72KB

Download
memory/4176-2304-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4176-2175-0x000001F22DB60000-0x000001F22DC60000-memory.dmp

Filesize
1024KB

Download
memory/4176-2279-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2293-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2153-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4176-2174-0x000001F22D5D0000-0x000001F22D5E0000-memory.dmp

Filesize
64KB

Download
memory/4176-2294-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2295-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2275-0x000001F22DB60000-0x000001F22DC60000-memory.dmp

Filesize
1024KB

Download
memory/4176-2270-0x000001F22D5D0000-0x000001F22D5E0000-memory.dmp

Filesize
64KB

Download
memory/4176-2243-0x000001F22D5D0000-0x000001F22D5E0000-memory.dmp

Filesize
64KB

Download
memory/4176-2296-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2297-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2298-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2160-0x000001F213420000-0x000001F213430000-memory.dmp

Filesize
64KB

Download
memory/4176-2281-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2292-0x000001F22CF20000-0x000001F22CF21000-memory.dmp

Filesize
4KB

Download
memory/4176-2154-0x000001F22D5D0000-0x000001F22D5E0000-memory.dmp

Filesize
64KB

Download
memory/4176-2155-0x000001F213380000-0x000001F213381000-memory.dmp

Filesize
4KB

Download
memory/4176-2189-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4176-2156-0x000001F22D6F0000-0x000001F22D7F4000-memory.dmp

Filesize
1.0MB

Download
memory/4176-2157-0x000001F213440000-0x000001F21344A000-memory.dmp

Filesize
40KB

Download
memory/4176-2158-0x000001F22D800000-0x000001F22D884000-memory.dmp

Filesize
528KB

Download
memory/4240-1663-0x000002B954FD0000-0x000002B954FF0000-memory.dmp

Filesize
128KB

Download
memory/4240-1665-0x000002B954F90000-0x000002B954FB0000-memory.dmp

Filesize
128KB

Download
memory/4240-1667-0x000002B9555A0000-0x000002B9555C0000-memory.dmp

Filesize
128KB

Download
memory/4432-1461-0x0000020FA7480000-0x0000020FA74A0000-memory.dmp

Filesize
128KB

Download
memory/4432-1451-0x0000020F97000000-0x0000020F97020000-memory.dmp

Filesize
128KB

Download
memory/4432-1449-0x0000020F96C90000-0x0000020F96CB0000-memory.dmp

Filesize
128KB

Download
memory/4432-1447-0x0000020F96C70000-0x0000020F96C90000-memory.dmp

Filesize
128KB

Download
memory/4432-1446-0x0000020F96CB0000-0x0000020F96CD0000-memory.dmp

Filesize
128KB

Download
memory/4540-2242-0x000001ED2A8B0000-0x000001ED2A8B1000-memory.dmp

Filesize
4KB

Download
memory/4540-2316-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4540-2288-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4540-2300-0x000001ED43330000-0x000001ED43340000-memory.dmp

Filesize
64KB

Download
memory/4540-2241-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4560-2617-0x0000021A35220000-0x0000021A35240000-memory.dmp

Filesize
128KB

Download
memory/4560-2621-0x0000021233FD0000-0x0000021233FF0000-memory.dmp

Filesize
128KB

Download
memory/4560-2623-0x0000021A355E0000-0x0000021A35600000-memory.dmp

Filesize
128KB

Download
memory/4780-2562-0x0000028342F50000-0x0000028342F70000-memory.dmp

Filesize
128KB

Download
memory/4780-2564-0x0000028343560000-0x0000028343580000-memory.dmp

Filesize
128KB

Download
memory/4780-2560-0x0000028342F90000-0x0000028342FB0000-memory.dmp

Filesize
128KB

Download
memory/4808-2232-0x000002724C200000-0x000002724C210000-memory.dmp

Filesize
64KB

Download
memory/4808-2230-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4808-2233-0x0000027232010000-0x0000027232011000-memory.dmp

Filesize
4KB

Download
memory/4808-2284-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4808-2322-0x00007FF9421A0000-0x00007FF942C61000-memory.dmp

Filesize
10.8MB

Download
memory/4808-2285-0x000002724C200000-0x000002724C210000-memory.dmp

Filesize
64KB

Download
memory/4888-2580-0x000002625A440000-0x000002625A460000-memory.dmp

Filesize
128KB

Download
memory/4888-2585-0x000002625A810000-0x000002625A830000-memory.dmp

Filesize
128KB

Download
memory/4888-2582-0x000002625A400000-0x000002625A420000-memory.dmp

Filesize
128KB

Download
memory/4912-2878-0x000001D25A500000-0x000001D25A520000-memory.dmp

Filesize
128KB

Download
memory/4912-2885-0x000001D25A900000-0x000001D25A920000-memory.dmp

Filesize
128KB

Download
memory/4912-2888-0x000001D25A7E0000-0x000001D25A800000-memory.dmp

Filesize
128KB

Download
memory/4912-2881-0x000001D25A1B0000-0x000001D25A1D0000-memory.dmp

Filesize
128KB

Download
memory/4940-2842-0x0000025A64F90000-0x0000025A64FB0000-memory.dmp

Filesize
128KB

Download
memory/4940-2838-0x0000025A64B80000-0x0000025A64BA0000-memory.dmp

Filesize
128KB

Download
memory/4940-2835-0x0000025A64BC0000-0x0000025A64BE0000-memory.dmp

Filesize
128KB

Download