description	ioc	Process
File created	C:\Windows\system32\drivers\SET3346.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\vbaudio_cable64_win7.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\SET3346.tmp	DrvInst.exe

resource	yara_rule
behavioral1/memory/3568-0-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-4-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-14-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-19-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-24-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-45-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-2283-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral1/memory/3568-3356-0x0000000000400000-0x000000000096C000-memory.dmp	upx

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\SET2F2F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\SET2F30.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\SET2F31.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_cd4c4d6a42716841\vbaudio_cable64_win7.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_cd4c4d6a42716841\vbmmecable64_win7.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\SET2F30.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\SET2F31.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\vbmmecable64_win7.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\SET2F2F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\vbaudio_cable64_win7.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{924fad87-59be-9141-b1b6-b0ccc8ff5dbe}\vbaudio_cable64_win7.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_cd4c4d6a42716841\vbaudio_cable64_win7.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_cd4c4d6a42716841\vbmmecable64_win7.PNF	devconX64.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\TaiShanBase.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\is-BKAB4.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Fusion\is-LJQF7.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\InstallerProcess\libGLESv2.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\is-0LEGR.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\is-I6A5T.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Extras\is-1SK4C.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\is-EBLEB.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick3D\Helpers\qtquick3dhelpersplugin.dll	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\Qt5Network.dll	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\HelpService\api-ms-win-crt-environment-l1-1-0.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\lang\translation1.0.1\is-HUE4V.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtGraphicalEffects\is-9S40I.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\is-V2PLQ.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\Styles\Desktop\is-Q33UB.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick3D\Effects\qtquick3deffectplugin.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\is-FP2M9.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Imagine\is-B4H7T.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\CustomJson\Thumb\is-RP7AT.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Fusion\is-0GU7Q.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\lang\translation1.0.1\is-593R3.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\Private\is-GRPVL.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Universal\is-TT22P.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\is-OR6HO.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\PublicPlugin\QmlWidgetCreatorPlugin.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\Private\is-CS065.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\temIma\AIVoice\is-B86AT.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\x86\is-JSNLJ.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\x86\is-RTT8C.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\is-I2L7L.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\is-CO4LC.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\CustomJson\Thumb\is-G4CM3.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\is-IPK2T.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Universal\is-64MNA.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\HelpService\msvcp140.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\Styles\Base\is-45TRG.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\TsTaskHost.exe	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\CustomJson\Thumb\is-CH0E5.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\lang\translation1.0.1\is-PSSFT.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Imagine\is-42EJ2.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\translations\is-S6ID7.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\api-ms-win-eventing-consumer-l1-1-0.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\CustomJson\Thumb\is-9L3US.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\is-H3U9T.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\Styles\Base\is-7VJO5.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls\Styles\Base\images\is-8F86L.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\is-I156P.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Imagine\is-RO9D2.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Material\is-OTUD4.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Material\is-DS8S7.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\temIma\is-N0FA5.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\translations\is-F1NHO.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\is-8315R.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQml\RemoteObjects\qtqmlremoteobjects.dll	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\HelpService\HelpService.exe	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\qmltooling\qmldbg_quickprofiler.dll	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\vst\api-ms-win-core-libraryloader-l1-1-1.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\temIma\is-T4FET.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\api-ms-win-core-rtlsupport-l1-1-0.dll	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\CustomJson\Thumb\is-AH97O.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\QtQuick\Controls.2\Universal\is-CA6QO.tmp	voicechanger_hitpaw_1.1.1.tmp
File created	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\temIma\is-H9PT8.tmp	voicechanger_hitpaw_1.1.1.tmp
File opened for modification	C:\Program Files (x86)\HitPaw\HitPaw Voice Changer\HelpService\api-ms-win-core-interlocked-l1-1-0.dll	voicechanger_hitpaw_1.1.1.tmp

description	ioc	Process
File created	C:\Windows\INF\c_media.PNF	devconX64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devconX64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

pid	Process
3996	voicechanger_hitpaw_1.1.1.exe
1276	voicechanger_hitpaw_1.1.1.tmp
2100	InstallVirtualAudio.exe
864	devconX64.exe
4448	devconX64.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	devconX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	devconX64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	devconX64.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B8C1AFE032FC79546AD9DA8B40A7491982F22D55	devconX64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B8C1AFE032FC79546AD9DA8B40A7491982F22D55\Blob = 0f00000001000000200000004086ae8aae2c5352a86aef59e84f75cfad9ca4ae44e0f770345e113d6133a692030000000100000014000000b8c1afe032fc79546ad9da8b40a7491982f22d5520000000010000005a070000308207563082053ea003020102021002f038125ded80348702599076a42677300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3233303332323030303030305a170d3236303332343233353935395a305e310b300906035504061302484b311330110603550407130a536865756e672057616e311c301a060355040a131348495450415720434f2e2c204c494d49544544311c301a0603550403131348495450415720434f2e2c204c494d4954454430820222300d06092a864886f70d01010105000382020f003082020a0282020100ad4af735b19e70fe30c0ff5223e25103a016143c0fb27e0c6f58da82c991cabcaac3365e5d0fe8de09300b79616e1699c780e0a50f7e89373746eeb7ea7ddf72bf8790c36ef1985f01805ed0233401856afe567b755e296ccbdce80a174e7129c2bf3d252e47238c5016d456d2ef2f0f3cc8db76c6dd5c1bcc2c9bc2a25376c561a76e336aa2555d0f6686c3a65c8266dec5363cfb0594b71ebd8dade0d25d10f040daa5d24cbe1c992516d4c0d89e2e90252befec4162ca50133dbcbd01aa0e65a783463750f419de4b0179acba198ae8774f194b44ba82f552990b4a4653892e06544fd37e6d01d06e299d7fb87b04580c74ed866a997adea84424ac2a6e139a5c569cc4c17d7125ad7f71a7b5be84691a08fa53191efb42c343b71aba15b066548d05d2035e32fd2c48546567f1caadc2fbb74a4420141ae6faf1d7a917008782a230a26eff7277d8ff3c9addb53f4a3cc1fde941c65c947e7dd9448ac40408f9db21c098b71df3ef87d07a23f1835d61192f3aadba2c360fd8b8a9c7f5c9a6166889560461257cabd2034f4130f0734ddcde1c4725c1728e5184cc8534cef8a3930e6d811b35522dff0c9ceaa8bcbd631f64255ded0cf8449f7600d041c34e0696c2f56ecfb052bb1122756735aaa6041d9ad2030b81ae5b3d0fc314dab6174d37f94667450bc410e098f8f36a84569492882a1e5809ca6314dd4a3904d50203010001a3820203308201ff301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e041604145f9ae1c2b3969001fe7294c40811965abd8f4fd5300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63727430090603551d1304023000300d06092a864886f70d01010b050003820201008ea4c3bacbbc761034285e12a832c600148257034d511a821aae227d2245e49ea4ea21673490ee6a90be7f883dafc269c8ff9eb68f516f5c2e021c41e7bab74f6054167bac3198f69d1c530bea49673fcf29415153fff71cbfff9f76863d79edd2a8cf87d55e38b9fbafdc048fa33ec8a0174db9c8dc8d781959eba11d5eab60afd4799f44cbfd0f6cd1e096a783add80641a97a8ef93de488b89f6a67e60aa55f6abf2e29698812869e2c5a70fc5bac9f66abb6e3befb8fb74fbed32d9b833e8c043dbbff7d118dab5008fb900832c0dbc1efe1ffdb9d7ee31ee88e06461adf13e7055be7e0cf41993ba29055dbbe552711c40a86e232bd331287b24d27b42c76f8570b1712df5a44f23da80902482981f4d3292b04a9999b30c7dd75d8fe042231860d53676fcf2d62a76ea0bbf05adfc658bfe5ed3d00859fb0ebd369618c46350b71eea79bc250c2aab9265deae0e30c9500eef076d7105c1396a3cecbcd08a4083a44c9a6e9cd2abf97b35eea9a937ea123a82803576f4d0cef222d35c6a71b4a44b0417bfc81a17cb65019e4fb8300c5bd803274f8b9b5724d262f1d2482f970d66ff2538d6cb4310ab88450df4adb582ef54b7ea2983c3f67080594ae4de5ee240e630e5bf6eb1784a3016df08b98ea44d9cb267374ab0046c07d3d5d49b7f92ae6665bff657b41904cf3aea2fc0ca409ff0026c1fe672f9fc9f83ff8	devconX64.exe

pid	Process
3568	hitpaw-voice-changer.exe
3568	hitpaw-voice-changer.exe
3568	hitpaw-voice-changer.exe
3568	hitpaw-voice-changer.exe
1276	voicechanger_hitpaw_1.1.1.tmp
1276	voicechanger_hitpaw_1.1.1.tmp
1740	chrome.exe
1740	chrome.exe
3352	chrome.exe
3352	chrome.exe

description	pid	Process
Token: SeDebugPrivilege	3576	tasklist.exe
Token: SeAuditPrivilege	2260	svchost.exe
Token: SeSecurityPrivilege	2260	svchost.exe
Token: SeLoadDriverPrivilege	4448	devconX64.exe
Token: SeRestorePrivilege	1824	DrvInst.exe
Token: SeBackupPrivilege	1824	DrvInst.exe
Token: SeRestorePrivilege	1824	DrvInst.exe
Token: SeBackupPrivilege	1824	DrvInst.exe
Token: SeRestorePrivilege	1824	DrvInst.exe
Token: SeBackupPrivilege	1824	DrvInst.exe
Token: SeLoadDriverPrivilege	1824	DrvInst.exe
Token: SeLoadDriverPrivilege	1824	DrvInst.exe
Token: SeLoadDriverPrivilege	1824	DrvInst.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe

description	pid	Process	procid_target
PID 3568 wrote to memory of 3996	3568	hitpaw-voice-changer.exe	82
PID 3568 wrote to memory of 3996	3568	hitpaw-voice-changer.exe	82
PID 3568 wrote to memory of 3996	3568	hitpaw-voice-changer.exe	82
PID 3996 wrote to memory of 1276	3996	voicechanger_hitpaw_1.1.1.exe	83
PID 3996 wrote to memory of 1276	3996	voicechanger_hitpaw_1.1.1.exe	83
PID 3996 wrote to memory of 1276	3996	voicechanger_hitpaw_1.1.1.exe	83
PID 1276 wrote to memory of 2076	1276	voicechanger_hitpaw_1.1.1.tmp	84
PID 1276 wrote to memory of 2076	1276	voicechanger_hitpaw_1.1.1.tmp	84
PID 1276 wrote to memory of 2076	1276	voicechanger_hitpaw_1.1.1.tmp	84
PID 2076 wrote to memory of 3576	2076	cmd.exe	86
PID 2076 wrote to memory of 3576	2076	cmd.exe	86
PID 2076 wrote to memory of 3576	2076	cmd.exe	86
PID 2076 wrote to memory of 1968	2076	cmd.exe	87
PID 2076 wrote to memory of 1968	2076	cmd.exe	87
PID 2076 wrote to memory of 1968	2076	cmd.exe	87
PID 1276 wrote to memory of 2100	1276	voicechanger_hitpaw_1.1.1.tmp	90
PID 1276 wrote to memory of 2100	1276	voicechanger_hitpaw_1.1.1.tmp	90
PID 2100 wrote to memory of 4136	2100	InstallVirtualAudio.exe	91
PID 2100 wrote to memory of 4136	2100	InstallVirtualAudio.exe	91
PID 4136 wrote to memory of 4932	4136	cmd.exe	93
PID 4136 wrote to memory of 4932	4136	cmd.exe	93
PID 2100 wrote to memory of 864	2100	InstallVirtualAudio.exe	94
PID 2100 wrote to memory of 864	2100	InstallVirtualAudio.exe	94
PID 2100 wrote to memory of 4448	2100	InstallVirtualAudio.exe	95
PID 2100 wrote to memory of 4448	2100	InstallVirtualAudio.exe	95
PID 2260 wrote to memory of 4780	2260	svchost.exe	99
PID 2260 wrote to memory of 4780	2260	svchost.exe	99
PID 2260 wrote to memory of 1824	2260	svchost.exe	100
PID 2260 wrote to memory of 1824	2260	svchost.exe	100
PID 1740 wrote to memory of 3956	1740	chrome.exe	104
PID 1740 wrote to memory of 3956	1740	chrome.exe	104
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106
PID 1740 wrote to memory of 4476	1740	chrome.exe	106

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads