Analysis Overview
SHA256
7ff3b571ce5e9853333c9a1bda22070755c4ac579b9aa785e56db315e851e32d
Threat Level: Likely malicious
The file VoicemodSetup_2.6.0.7.exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Drops file in Drivers directory
Downloads MZ/PE file
Adds Run key to start application
Modifies Windows Firewall
Checks computer location settings
Drops file in System32 directory
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Enumerates processes with tasklist
Suspicious use of SendNotifyMessage
Modifies system certificate store
Runs net.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 04:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 04:11
Reported
2024-06-03 04:14
Platform
win7-20240221-en
Max time kernel
144s
Max time network
125s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$80120,66753197,750080,C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe
"C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=4456596e-0528-4680-8940-5edc26c0ff50 -o C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\deviceId.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
Network
Files
memory/1152-2-0x0000000000401000-0x00000000004A9000-memory.dmp
memory/1152-0-0x0000000000400000-0x00000000004C5000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
| MD5 | 3b93628e07e9a9352cb7ea41c59ef578 |
| SHA1 | 48615d4428539e9f0af70153656f3e8ae4e2589c |
| SHA256 | 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60 |
| SHA512 | fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2 |
memory/2172-8-0x0000000000400000-0x0000000000681000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\idp.dll
| MD5 | 55c310c0319260d798757557ab3bf636 |
| SHA1 | 0892eb7ed31d8bb20a56c6835990749011a2d8de |
| SHA256 | 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed |
| SHA512 | e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57 |
memory/1152-14-0x0000000000400000-0x00000000004C5000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe
| MD5 | 1c3645ebddbe2da6a32a5f9fb43a3c23 |
| SHA1 | 086f74a35d5afed78ae50cf5586fafffb7845464 |
| SHA256 | 0ba1c44d0ee5b34b45b449074cda51624150dc16b3b3c38251df6c052adba205 |
| SHA512 | ccc9534a454971db0014ba0996d837a36cda0b91db32a93d73f17097825b1ab7c973601586d06c953bc79d2863c52c7db0fb4d04e37f83581a27e1cf7284224b |
memory/2172-20-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt
| MD5 | 8f19f9973fc975c6d10a53c237afe38e |
| SHA1 | f01fe6fbf3f47abaf72731ecf8531cae40391c39 |
| SHA256 | 40b4578d36c7bc22445c10de56b358586fd1f485e309a4341ce30631ab4e6558 |
| SHA512 | 06119d76003ba0cc227bf4bdf05d05143a28dc86c91a7e7f8b801c833480b6722e9688a546060b36ea332fb28b6c8f299df19bafe2997881bebec3a4e6f51166 |
C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt
| MD5 | 822e9198cb2400b43cf1e7fadb504eba |
| SHA1 | 4dc1705b950beedf7f1ab7741fee2f5e7366c7fe |
| SHA256 | 380adc80e9721806a1e924cafb402d1107257c88db1cc52c361c39b103c32a43 |
| SHA512 | b10c13f8899aabbfb78da337ee83b1ddbacb319da77c78928f05c464422f614a40a6280ed6621736ad5ebc4cbc086d271f4b1b94674b733852dc55a3a404ea96 |
\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\botva2.dll
| MD5 | 0177746573eed407f8dca8a9e441aa49 |
| SHA1 | 6b462adf78059d26cbc56b3311e3b97fcb8d05f7 |
| SHA256 | a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008 |
| SHA512 | d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a |
memory/2172-33-0x0000000003370000-0x000000000337E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\bg-top.png
| MD5 | 229152b01d238ac58d066bbdd45219bf |
| SHA1 | b47d2070eb77d723f925f36c902c6cefd5bb1c31 |
| SHA256 | acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e |
| SHA512 | fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30 |
C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\bg-inner.png
| MD5 | 4a1378ccbcbcf4a320bfc4d63aabef36 |
| SHA1 | 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5 |
| SHA256 | f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a |
| SHA512 | 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e |
C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\buttons.png
| MD5 | 84d27be69f0f13909dab87c1cb270a29 |
| SHA1 | cb3a480bf9d790342e12775b4d50c350475f3bb5 |
| SHA256 | ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de |
| SHA512 | 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a |
memory/2172-107-0x00000000033C0000-0x0000000003500000-memory.dmp
memory/2172-92-0x00000000033C0000-0x0000000003500000-memory.dmp
memory/2172-97-0x00000000033C0000-0x0000000003500000-memory.dmp
memory/2172-87-0x00000000033C0000-0x0000000003500000-memory.dmp
memory/2172-102-0x00000000033C0000-0x0000000003500000-memory.dmp
memory/2172-110-0x0000000003370000-0x000000000337E000-memory.dmp
memory/2172-109-0x0000000000400000-0x0000000000681000-memory.dmp
memory/2172-113-0x0000000003370000-0x000000000337E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 04:11
Reported
2024-06-03 04:14
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\drmk.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\portcls.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\drivers\SETBF34.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\drmk.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\SETBF34.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\mvvad.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\portcls.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\SETDAC0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\drivers\SETDAC0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Voicemod = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\mvvad.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD6F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8DD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD70.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD71.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\mvvad.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\vmdrv.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\vmdrv.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD70.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8DD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\mvvad.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD71.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD6F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.cat | C:\Windows\system32\DrvInst.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Voicemod Desktop\is-KHQJK.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\NAudio.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-BIC0R.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-8LT4L.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-EH8SL.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-U67B6.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-VAGQQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-FTFN6.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-7IK0B.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\SimpleInjector.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-O2Q5R.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-BG17R.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-5N0A1.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Interop.WMPLib.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-OQ3TT.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-DK06V.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\System.Net.WebSockets.WebSocketProtocol.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-NP5C4.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\driver\defaultdevices.txt | C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-63R9D.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\ca.pak | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-IVIJU.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-C4QRK.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\IterableAPI.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-P16QU.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-6FQPK.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-UQINU.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000\is-VF1HK.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-VU8L7.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-4MTFE.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-B5CP3.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.DependencyInjection.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Hosting.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\mParticle.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Http.Features.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-EHCUM.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Https.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\zh\AutoUpdater.NET.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-4U630.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-UTE0L.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-69VV6.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-KJEOP.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-CVBNL.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-97UQE.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\System.Text.Json.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-DGBFL.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-DGAT8.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-VO4PD.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-DO8NR.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-HAVIT.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\zh-tw\AutoUpdater.NET.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-IGI91.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-F5PED.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-3VA06.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-69MPL.tmp | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.FileExtensions.dll | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-IANN6.tmp | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\c_media.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.pnf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{343B9ADA-B501-4A24-B935-025B8A92942A} | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" | C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$80180,66753197,750080,C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f -o C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\deviceId.txt
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpLicense\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectDir\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"6\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectTasks\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"9\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon install vmdrv.inf *VMDriver
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c1fbd64a-176a-d34c-bbfa-b521a1e477ec}\vmdrv.inf" "9" "499a51a03" "0000000000000150" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2020.9.25.0:*vmdriver," "499a51a03" "000000000000015C"
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --field-trial-handle=1920,9748521080142752741,5580098267502032780,131072 --no-sandbox --disable-gpu-vsync=1 --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --lang=en-US --cefsharpexitsub --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --service-request-channel-token=1651255437635605692 --mojo-platform-channel-handle=17360 /prefetch:2 --host-process-id=3080 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --field-trial-handle=1920,9748521080142752741,5580098267502032780,131072 --disable-gpu-compositing --service-pipe-token=16355260747729627155 --lang=en-US --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --enable-system-flash=1 --cefsharpexitsub --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=16355260747729627155 --renderer-client-id=3 --mojo-platform-channel-handle=15308 /prefetch:1 --host-process-id=3080 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x534
C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe
"C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe" /NOCANCEL /SILENT
C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp" /SL5="$150062,117205037,720896,C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe" /NOCANCEL /SILENT
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f -o C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\deviceId.txt
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe
"C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe
"C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe"
C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe
"C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe"
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process 'setupDrvAdmin.bat' -Verb runAs -WindowStyle Hidden -Wait"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Program Files\Voicemod Desktop\driver\setupDrvAdmin.bat"
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe remove *VMDriver
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_delete oem3.inf
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf" "0" "48643ea57" "0000000000000140" "WinSta0\Default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon install mvvad.inf *VMDriver
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\mvvad.inf" "9" "499a51a03" "0000000000000178" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2022.6.1.0:*vmdriver," "499a51a03" "0000000000000178"
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{e082289a-47dd-4eef-bfd9-16a08c1755cf}" --flow=Capture --role=Communications
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{e082289a-47dd-4eef-bfd9-16a08c1755cf}" --flow=Capture --role=Multimedia
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{e082289a-47dd-4eef-bfd9-16a08c1755cf}" --flow=Capture --role=Console
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\disableDrv.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setvisibility --id="{0.0.1.00000000}.{f6ee76a1-8d4f-4ec4-97d3-f1d9b1ac368d}" --visible=false
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --no-sandbox --enable-gpu-rasterization --disable-gpu-vsync=0 --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=22608 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=15804 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=29460 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2368 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25 /prefetch:1
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=928 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25 /prefetch:1
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=26384 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f&appVersion=2.48.4.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940f746f8,0x7ff940f74708,0x7ff940f74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f&appVersion=2.48.4.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940f746f8,0x7ff940f74708,0x7ff940f74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wsw.voicemod.net | udp |
| GB | 3.11.24.48:443 | wsw.voicemod.net | tcp |
| US | 8.8.8.8:53 | s2s.mparticle.com | udp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 48.24.11.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.30.210.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| US | 54.210.30.166:443 | s2s.mparticle.com | tcp |
| GB | 3.11.24.48:443 | wsw.voicemod.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | sdk.voicemod.net | udp |
| BE | 34.38.70.171:80 | sdk.voicemod.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.70.38.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.voicemod.net | udp |
| US | 104.18.35.73:443 | www.voicemod.net | tcp |
| US | 8.8.8.8:53 | sentry.voicemod.net | udp |
| US | 35.244.178.73:443 | sentry.voicemod.net | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | tcp |
| US | 8.8.8.8:53 | 73.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.178.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 3.11.24.48:443 | wsw.voicemod.net | tcp |
| US | 8.8.8.8:53 | s2s.mparticle.com | udp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 171.106.5.52.in-addr.arpa | udp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 52.5.106.171:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | api.voicemod.net | udp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 23.157.205.35.in-addr.arpa | udp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirect.voicemod.net | udp |
| US | 172.64.152.183:443 | redirect.voicemod.net | tcp |
| US | 8.8.8.8:53 | account.voicemod.net | udp |
| BE | 35.205.157.23:443 | account.voicemod.net | tcp |
| US | 8.8.8.8:53 | cdn.xsolla.net | udp |
| GB | 23.214.117.90:443 | cdn.xsolla.net | tcp |
| US | 8.8.8.8:53 | ts.voicemod.net | udp |
| US | 216.239.38.21:443 | ts.voicemod.net | tcp |
| US | 8.8.8.8:53 | secure.xsolla.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 185.30.21.21:443 | secure.xsolla.com | tcp |
| US | 8.8.8.8:53 | 183.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.117.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | mp.voicemod.net | udp |
| US | 151.101.2.133:443 | mp.voicemod.net | tcp |
| US | 185.30.21.21:443 | secure.xsolla.com | tcp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.21.30.185.in-addr.arpa | udp |
| US | 151.101.2.133:443 | mp.voicemod.net | tcp |
| US | 8.8.8.8:53 | sentry.voicemod.net | udp |
| US | 35.244.178.73:443 | sentry.voicemod.net | tcp |
Files
memory/2888-2-0x0000000000401000-0x00000000004A9000-memory.dmp
memory/2888-0-0x0000000000400000-0x00000000004C5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp
| MD5 | 3b93628e07e9a9352cb7ea41c59ef578 |
| SHA1 | 48615d4428539e9f0af70153656f3e8ae4e2589c |
| SHA256 | 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60 |
| SHA512 | fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2 |
memory/5056-6-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\idp.dll
| MD5 | 55c310c0319260d798757557ab3bf636 |
| SHA1 | 0892eb7ed31d8bb20a56c6835990749011a2d8de |
| SHA256 | 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed |
| SHA512 | e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57 |
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\deviceId.txt
| MD5 | d4f4daf79c1ed30b0917920a971e2c45 |
| SHA1 | ee3f0f9bee220d423ce8f0da05b8d0b7bf9e5400 |
| SHA256 | 11a79fe62aac1ff30494dd7ed277fc1630296a09a4e9c7160cbc0c8a33de94f9 |
| SHA512 | c96c328363760b00f1734d2b0917340ec19572dc7c42d5678750f6026df8db03ddaa842c5b56dbf760d356887a0b297f94fe8ae377aa0f9c4b2faafd3f9f5ee1 |
C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt
| MD5 | 82c1868ee2ae43b6abd336a39d430a11 |
| SHA1 | 2895f7f3188e29c6f45124f99cbc75801b1419b4 |
| SHA256 | fddf3ed813894c34e8fd7f66fba3b6c6dbb43987ef91d702c7058da9022050b5 |
| SHA512 | c07295f1dcfa93af2934b7b634ddb7050f4e8a4abea24400dc384f34be78f0cc029923bb3099bddc5f75fd3cd7d776c7343a753ba8ae8a7a8a5e7ca993d17da6 |
C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt
| MD5 | 91228d2391a6ed8235a8b5c10cc6e9d7 |
| SHA1 | 2c601cd00037a6480b25cfdd4a747f9567d40d41 |
| SHA256 | 4a9bd289f43f461663f9db59a9ed59a09a717202b927f7733c1419ae5ec79ffe |
| SHA512 | 5805b951e32ce0c5c27a956de5cbaf7ebaa172596de897550dd4b95d8dd16373b4443c4da78200d2919fd87c86c465b2826e3bad21fb2cb118e8cf8c51a1f184 |
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\botva2.dll
| MD5 | 0177746573eed407f8dca8a9e441aa49 |
| SHA1 | 6b462adf78059d26cbc56b3311e3b97fcb8d05f7 |
| SHA256 | a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008 |
| SHA512 | d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a |
memory/5056-28-0x00000000035F0000-0x00000000035FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\bg-top.png
| MD5 | 229152b01d238ac58d066bbdd45219bf |
| SHA1 | b47d2070eb77d723f925f36c902c6cefd5bb1c31 |
| SHA256 | acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e |
| SHA512 | fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30 |
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\bg-inner.png
| MD5 | 4a1378ccbcbcf4a320bfc4d63aabef36 |
| SHA1 | 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5 |
| SHA256 | f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a |
| SHA512 | 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e |
memory/5056-87-0x0000000003600000-0x0000000003740000-memory.dmp
memory/5056-102-0x0000000003600000-0x0000000003740000-memory.dmp
memory/5056-97-0x0000000003600000-0x0000000003740000-memory.dmp
memory/5056-92-0x0000000003600000-0x0000000003740000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\buttons.png
| MD5 | 84d27be69f0f13909dab87c1cb270a29 |
| SHA1 | cb3a480bf9d790342e12775b4d50c350475f3bb5 |
| SHA256 | ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de |
| SHA512 | 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a |
memory/5056-82-0x0000000003600000-0x0000000003740000-memory.dmp
memory/2888-103-0x0000000000400000-0x00000000004C5000-memory.dmp
memory/5056-105-0x00000000035F0000-0x00000000035FE000-memory.dmp
memory/5056-104-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll
| MD5 | 948fa7c2a1fc375157bde5d8d44fe162 |
| SHA1 | 9ed97ef0eb84d52bb5dd0b2343c9deac4bc2b1e9 |
| SHA256 | 9908c60efe2d8dd716e6654ea09e8a19ffce21273aeaa239473c549500479ba4 |
| SHA512 | fdafba662dce2b913d29ebd1d9b80eb41c4c8a1b09444c1275052fc436079dbdb4dc6a3a8021eff0768767bd9c8efba789a865a9e814299478840d12797354c8 |
C:\Program Files\Voicemod Desktop\Voicemod.Websockets.Fleck.dll
| MD5 | aa81651105606461eb63db6d423fb2c7 |
| SHA1 | c748d7a703df483a99f2d434d1a45fb3d285b4c7 |
| SHA256 | 138e544e27ee059ffef19809c54f48076a0ddb29410549b658b3aa67a18d153e |
| SHA512 | 1118a9b1090ff72fd15b269eae7f0d8085ef624fd34318f5c4499dcbae37531081c8060182cf37ca9e114c05eafdbbfb8477cf1ba2a88225106d587caf141541 |
C:\Program Files\Voicemod Desktop\VoicemodSDK.dll
| MD5 | 39844565ec5c8cf05d62ef399b011754 |
| SHA1 | 23ba2573016c6fa7344f4d422d86a76b5216363d |
| SHA256 | f0dbf3861a5cae109edef2e78fa2b9f7c4353025bad314cf3afb3fa173a4f5af |
| SHA512 | 54b5a16b55491a59e6cb7f4172557efc470d6c31f503b7c8767f0ec410f128a7b98bf4191ba8176fe39f77deb6372788797f0dffbaae2041338af63eca544e0f |
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
| MD5 | d20afc7e984fef3a2b2ed3dc0b4c0ef5 |
| SHA1 | 484da3d185b8b87620d4d2d6b7ca4266a651bf21 |
| SHA256 | fb737bdab9bf40f95dc999adc48cca3855fea1290c4bf51629f0298660f92cee |
| SHA512 | e9ab6c311f73bbbd9640be6275c66ce4bb4aa73124e46eb7a3e7a8083bc8de0c461555ea12205c6ce630aa4e783bbea6112fca700f58edb33f0c82142dad127f |
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
| MD5 | ce0e059d4365c22f6f8cc1ce04ff5418 |
| SHA1 | 09eff27e69a3e4d3cc8bef9e93fe6ae7e20447c8 |
| SHA256 | 663e5b184648639cbcf353ddaeec6688abe323dbccf8de8fc8d2683f5e1a99cb |
| SHA512 | c8c9ff1fcb172bdbf90d598b2cf0c5f0dab31132b8633540a162ec0c299861d64f36bb805da7dca5b4a4ac96c74fc420303235cbc780f09a2c2aad5b7de724ff |
memory/5056-488-0x00000000035F0000-0x00000000035FE000-memory.dmp
memory/5056-487-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\driver\setupDrv.bat
| MD5 | e6bdf4edaca31d8f5f5d8fab141e1bf4 |
| SHA1 | b67c41d0170c246a2b01dd2e6b280c147e98419e |
| SHA256 | 9387039a0be348be9d99989c6f60ded8760c76c5316692dc880b486859ae792d |
| SHA512 | f3b62c78982e7c7ab0d9c04db18642f43e289cda8bacf454df5749b1371d444bb44f57f65931f39a8075c491cb88e3c96b83a3c3a271eb67a9f427c649787c8d |
C:\Program Files\Voicemod Desktop\driver\uninstalldriver.bat
| MD5 | a6261c36b1eb262f18c98e520966c329 |
| SHA1 | be1f1a0bdcc2f26bc41599b257f2b4c95a1a87a1 |
| SHA256 | d0cdbdb5be2be15f77861b6e08aa553d9e8580c224ef0f63e55064f415fc16f0 |
| SHA512 | 06da998b9778148e15065b67ea6ffadd6df7babf6b1b435368e6c7b6e91d3506d3c3498140cd8b950e207d97c78a899e567b4fbf462d07f7ad473a878ea45fec |
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
| MD5 | afc1465481d73483af98d1e78419ff02 |
| SHA1 | 7fdea1d99110007a5e560ea7b43ba0dec735f908 |
| SHA256 | 98ea0aa12cf1a2b0b7337bcdb6fef41ca35f83248e29b6072fb15f3c180232b4 |
| SHA512 | 6b4c9142298a91f65338ce68edd66aceb1a3e7a5ef4d87969064cf49828cfbf8bfb3e0a226fd13bddb933d49d7aca9fd0a9f6cd048505cf5ba2abd4b871b93ec |
memory/5056-502-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\driver\vmdrv.inf
| MD5 | b9b68ddad77911e85697af02b6e311b5 |
| SHA1 | 999c26f4e20fd29abb0404c9b5bfad4fb2664d2d |
| SHA256 | f853d5b0a5dd5cbe1da2ffaae285080019f9e60cf4e4ab7d9810f5be40f362f1 |
| SHA512 | 40e0307e787c8498ffc0922d190973b1634621bbefc2a89feaad1b4d68797f9e55c1cf55e5112a0a8d13ee37fa2ed18a33248c95e4298471e2f7cb3f6359c874 |
\??\c:\program files\voicemod desktop\driver\vmdrv.cat
| MD5 | 46bb11132e5800c97b9d2c1df6e6fe88 |
| SHA1 | 83a6cb8f90ce3a805609eaa3472ee480ac30a8b2 |
| SHA256 | 6bfcc755ffedaefbd2aa94988dbfc2492a185ec1621ccb2db9194d1f83df5ccf |
| SHA512 | fd3de31cf8025e933c8a4966938ab4b59fb9adca41b009c0ef0129bf5297bf4a64e5d4bde662f2aec62ccb3c05bc10c309196c73355cbd409ab4b1f6ba86ad08 |
C:\Users\Admin\AppData\Local\Temp\{c1fbd64a-176a-d34c-bbfa-b521a1e477ec}\vmdrv.sys
| MD5 | 0e625b7a7c3f75524e307b160f8db337 |
| SHA1 | 5088c71a740ef7c4156dcaa31e543052fe226e1c |
| SHA256 | d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3 |
| SHA512 | 0ad805d11413dcc9d3c549b94a3644fc9c9caa23f0a661c9aef41c1e6f8d91de784817668ff4f34b3f50d738aa8097b2a0ee38de078ed97f5c17635533e9e165 |
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe.config
| MD5 | 06e40dfadc011f07b0a8bcb910ca62ee |
| SHA1 | a4574e90d61339b3eea2cfd11ed12e557f7f477f |
| SHA256 | ae74231a8e6bd0acff9fb074427be26a73af20885cd23cfa6a636c9df4333f59 |
| SHA512 | ae27cc72c9afdc89a5ef8bf2569284d7ca6cfbcb30a5cd4ace0da11bc79a35f47c65a5f414f84f95f8696822242d3b9718dd860413c55cfddc1cae37d8c5350a |
memory/3080-582-0x0000022CAEEA0000-0x0000022CAF38A000-memory.dmp
memory/5056-584-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\NAudio.dll
| MD5 | 047bca47d9d12191811fb2e87cded3aa |
| SHA1 | afdc5d27fb919d1d813e6a07466f889dbc8c6677 |
| SHA256 | bc4bacc3b8b28d898f1671b79f216cca439f95eb60cd32d3e3ecafbecac42780 |
| SHA512 | 99505644d42e4c60c977e4144165ea9dea8f1301e6456aa809e046ecc84a3813a190ce65169a6ffef5a36ad3541ec91002615a02933f8deb642aa3f8f3b11f2f |
memory/3080-587-0x0000022CC9900000-0x0000022CC9984000-memory.dmp
memory/3080-589-0x0000022CC9A70000-0x0000022CC9B42000-memory.dmp
C:\Program Files\Voicemod Desktop\NLog.dll
| MD5 | b70274014c925937f0f2e79de6a17615 |
| SHA1 | f0c7f4d5f977c99a3205ee5c1c8c838ba4a81bce |
| SHA256 | 08f1f52716216fdbf4e918c88bedd87c13d06d914e4f39673f2528237638107c |
| SHA512 | 7cb67d07c136f48231da2a2fdcb7f93e8a63a391d09ceb56c12287b93a58e3fe9117313da4578f2225b178adb2bb5e0bf8d75d076c79be7823ccd42389f5dfdf |
C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\bg-bottom.png
| MD5 | 495e1b72f1318b9abd18396170a8b73b |
| SHA1 | 1f75098efccea494cd6bd1241eca02a9996fcf2f |
| SHA256 | 9b86e47b5b3972b1de9d55b53caed3538f7179ddfbc79fca35ce9f30c354c6aa |
| SHA512 | eaa474168ba803b326961ec89a17dedcbec470cc8b412a1206bfd71cb02b6c031fbb3af9ca1e218e19f7780e5b39d36ecfbcc02a3dc71e13cfc8712546f99351 |
memory/5056-615-0x0000000000400000-0x0000000000681000-memory.dmp
memory/2888-616-0x0000000000400000-0x00000000004C5000-memory.dmp
C:\Program Files\Voicemod Desktop\Sentry.Protocol.dll
| MD5 | c3b6084fb4a7ad53d42b6301bd19ac43 |
| SHA1 | 8b528d371629c1aa1a31d35d7a257813a90b6846 |
| SHA256 | 60857310276b69557d2596356f78b53b74f8ff8a905bcc5ac57b84b2fddc064d |
| SHA512 | 63e37c164561fbc9136244b1cf7c581fc4fa277ed5b24f9b767c126970740e358e340ba2609bc7f10523b48eaf3bb873fc4ce01094d039e43110263817c4b964 |
memory/3080-624-0x0000022CC9E40000-0x0000022CC9EEA000-memory.dmp
memory/3080-626-0x0000022CC99B0000-0x0000022CC99C2000-memory.dmp
C:\Program Files\Voicemod Desktop\Newtonsoft.Json.dll
| MD5 | 4df6c8781e70c3a4912b5be796e6d337 |
| SHA1 | cbc510520fcd85dbc1c82b02e82040702aca9b79 |
| SHA256 | 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af |
| SHA512 | 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c |
memory/3080-628-0x0000022CC9EF0000-0x0000022CC9F5A000-memory.dmp
C:\Program Files\Voicemod Desktop\SimpleInjector.dll
| MD5 | 799368d49236de4022d232fbb6a4de38 |
| SHA1 | 3e3181dcfc62a9067a0265385a6cd5e228626ce7 |
| SHA256 | 0414c6cc3fe30f6baf019e30148a6c841358b6f3ab570b4419812eb7350b6a19 |
| SHA512 | 9bb4b681cacd1c1361080fd3e768ea524a11fd284ea9795e04a5173e1ff326bda17c18debd26bd146f19eaebdd10f6c275fe0b2dfce88b601e9c9a2bb9fa91f8 |
C:\Program Files\Voicemod Desktop\System.Collections.Immutable.dll
| MD5 | d8203aedaabeac1e606cd0e2af397d01 |
| SHA1 | eef943e4369166a039dee90f2d81504613d49ca0 |
| SHA256 | 2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57 |
| SHA512 | ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6 |
memory/3080-632-0x0000022CC9A20000-0x0000022CC9A6A000-memory.dmp
memory/3080-633-0x0000022CC99D0000-0x0000022CC99EA000-memory.dmp
memory/3080-630-0x0000022CC9990000-0x0000022CC99AC000-memory.dmp
C:\Program Files\Voicemod Desktop\Sentry.dll
| MD5 | a3571d57212d66885f7e19ca16c76d19 |
| SHA1 | 32017244672e20e5e99d35aa05907f835f1246ae |
| SHA256 | 4890f2bed66f98c4edef6174a9500a3b13d5a5419204003507468b45e946582d |
| SHA512 | 317bb735044b78603f8b2ec750ed98e240ba3eeca8f36fefe47af06b15975f402b6f5852ba8c5b8b345475ab3bdd9dc3faef17669a17fd028f0b9b1655dd67f5 |
C:\Program Files\Voicemod Desktop\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
memory/3080-635-0x0000022CC99F0000-0x0000022CC99F8000-memory.dmp
C:\Program Files\Voicemod Desktop\NLog.Extensions.Logging.dll
| MD5 | 95e7f2457da5b9e710dac09740c16463 |
| SHA1 | 1e81f71d1b69951517eae13cf5e96acd28faeb99 |
| SHA256 | 544aa327ea022e6a8046f2c2fbc822714415aed716f1f0ec37cc707043cd58cb |
| SHA512 | 97b14ee4d1fffa4331ae911ddeb0dd4e2b8eb5db10f3d2ddd8a7a3b562a0110c5be19a72b3365d4f12b5b2543a9ce323143dc4a349c0481c93cf1c56e19bb5fa |
memory/3080-641-0x0000022CC9A10000-0x0000022CC9A20000-memory.dmp
C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | fa43b31fac519d4537325b2d77595c3f |
| SHA1 | dc3c0912d2275684a95816401f63e155fe2b5ed1 |
| SHA256 | ce4721eb7591c77ec23650c079c25730bc9e4f2af440ed0ce913258151434cda |
| SHA512 | e9e050ec7bd310ce3c5c13ac7f3849dd96ee34ca68a91956b956eef6c228a23d790736d05f07562b039a888471f823107d11384e72e172f505192964680335f4 |
memory/3080-639-0x0000022CC9FB0000-0x0000022CC9FC2000-memory.dmp
memory/3080-645-0x0000022CC9FE0000-0x0000022CC9FF0000-memory.dmp
C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll
| MD5 | ec154043dd58f7834eeb093bc4d0d7d3 |
| SHA1 | 052f320731f3f35dd10de4149b27f0c8437a21d2 |
| SHA256 | 4442104e5a3620b5e927b50c02325d4a2f873851ce73bd063b7e17f2a344bc2f |
| SHA512 | 2cac794852cb182004fc01f7061563dc8512c60591e67249e7aa9f4fb4282dc71142ae36a371daad32fba719a119055886ec8a63c31dacf0fc8eaaf7551d0513 |
memory/3080-643-0x0000022CC9FD0000-0x0000022CC9FDC000-memory.dmp
C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.dll
| MD5 | b7f13cb30356dbe3e3bf7c01e2d8c7b1 |
| SHA1 | 712900d638167a85017ab7f99119964d84e0a39f |
| SHA256 | 9cb78661a77fbbae56de368f018ac9b06e6a171dab37e49091ac4abc4a3d1126 |
| SHA512 | 6df9337d590adb72df002cd64005a59f60ba064b2ae2d207559f0b43c9c8978ae75b22115556f0f4e7567b7b7862b99fe069ec92b3c98752623636bea92d1bb5 |
C:\Program Files\Voicemod Desktop\AutoUpdater.NET.dll
| MD5 | 07809155502ca460862d6c3cd554200d |
| SHA1 | a648d3dceaa0dab29bdeb3b08cfcc05b816dd28a |
| SHA256 | 4afa1ef0f2df936fe2ff026d73b9630cff0d567cb66e3e09ed94783c0d3a054e |
| SHA512 | 6314679bab44ac165e77689ee8265f3687b8e7636a0b0fc688fc1b4581ba376c612e8d117dc50e8ae447a36e161167fa4b7d3365e9b92cc7d80f56a8b57d0e08 |
memory/3080-649-0x0000022CCA0C0000-0x0000022CCA12C000-memory.dmp
memory/3080-650-0x0000022CCA090000-0x0000022CCA0B2000-memory.dmp
C:\Program Files\Voicemod Desktop\NAudio.Vorbis.dll
| MD5 | 7721decf5f28e1470d40b912b2253779 |
| SHA1 | 04536a984d29ad5bb1939ab83a1c5eea501f2670 |
| SHA256 | ca4cceb6a39d5b511abb897d8bd3c1de6921cf8a284da73be2f7ba79ac377b92 |
| SHA512 | 2aa81e5a800f804ecbb206cbd2807d4a1987341dd211f8c493b6d5873e7d3d35f4db8c27b4d67631c592861eb3fa05037ea93d02585870e6354054df687af076 |
memory/3080-656-0x0000022CCA270000-0x0000022CCA27A000-memory.dmp
C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll
| MD5 | b8ee3de827c9828bfc4ce2d1232110a5 |
| SHA1 | 0a017aab404c48f9f11b3e7e0a29e0c558e8cccc |
| SHA256 | 6b007d59cb09c077e94bc32ee74b3ff03af07422dd50b40d2cf39573140022fc |
| SHA512 | 13dda00459d9fa07d8123a5b100d9ec1b046e470d978e37a769308424c3986bfdcee5515cd32fd7b14b8eee3e9ab4ded1f0ae5939522926bf7a82daeb914123b |
memory/3080-664-0x0000022CCA2C0000-0x0000022CCA2F6000-memory.dmp
C:\Program Files\Voicemod Desktop\CefSharp.dll
| MD5 | a8caf7f548b13fcd2d676c9c2550e352 |
| SHA1 | 0274fca4d6fcf58f098053de1bb921f18c7d66be |
| SHA256 | 073028a525cdeb485a183a714289199e5650aadcde6bd90fa2726339e139515a |
| SHA512 | c4f9ddc0ab33c1a10522670586857004d39a13c9a8cc44fba8f1f254fe8896b86e79a8ab5bb4843df3fca5bdc3abaf35d061954b429923faacea4ea99f4408ad |
memory/3080-660-0x0000022CCA060000-0x0000022CCA06A000-memory.dmp
C:\Program Files\Voicemod Desktop\CefSharp.Core.dll
| MD5 | cf23cc10046f463ba2f929b3491be3cc |
| SHA1 | 1763511c3103f191d046ae8a25b344755d042ff5 |
| SHA256 | e1c1c19da47f763b207569eaaec7ab26203720fea2546178cf30630292de22cb |
| SHA512 | a6c190e8b9a2fb59174abef52cbfcdbaa4618019450e860ec1b490643ee26ab33c9352ccb376edcc52ea1d659ac5b8fa8fa9560a25f616dfe098b7455118ee55 |
memory/3080-668-0x0000022CCA300000-0x0000022CCA4B3000-memory.dmp
C:\Program Files\Voicemod Desktop\chrome_elf.dll
| MD5 | 44fc26ae3f77101eacf851f53aa1e64c |
| SHA1 | f129f58aa70cf1ea7741be1c7848062e515d6773 |
| SHA256 | fb884db0b44f47dc451d9729fecaf6aa9de61e757aa4ef76381ca7006d55cbb6 |
| SHA512 | f690665b01eb4e292ce8e03169593fcbb44110253fc4a14510ff3081c41bd13a0538a9a805113f07a9fc11536b552b59c5548c25ba18c08e9738a3e7cbe0d8b8 |
C:\Program Files\Voicemod Desktop\icudtl.dat
| MD5 | 65c6337820fbe9bf2498a9395e3b20f2 |
| SHA1 | 5cc62646e6c73b4be276d08719bc5e257af972bb |
| SHA256 | 33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4 |
| SHA512 | 4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9 |
C:\Program Files\Voicemod Desktop\cef_200_percent.pak
| MD5 | 065140de55434f35f9c5c10764c29ee4 |
| SHA1 | 4bb734f61c04bfc68f7e15f128a2853a5f7649ea |
| SHA256 | ef2c632ca52b27d464d6d3d8cd1b5b31b62b1102845682c680cd2bb102c5fca0 |
| SHA512 | 552e5f79a41e78afd191394cb4cc5a8ab0ead3a0ec1706066e85b4aa3f2a80ff0674dc8f9232a3f123c8c60a9e63d63bc84b79f7c357ff7c7a85b6c98ebe55ee |
C:\Program Files\Voicemod Desktop\cef_100_percent.pak
| MD5 | cc741473d2d075fdc2be804eec407a12 |
| SHA1 | 22a96140286fdb004540a2051b93432aa133843d |
| SHA256 | 6107c1bfdbf2cf351d5281073422b836d7a547e81345bff502fd31335d7fcbb3 |
| SHA512 | 31977768847821379aca3a49a30d6dc25a31621d96b618c4a9fc71bf7eb7f9999db87603190140fbaec8beb103cd8ff793d5144cbc68a7ec7815db64aa530437 |
C:\Program Files\Voicemod Desktop\cef.pak
| MD5 | 3f25f3cb727ec8a91891f8ec21657212 |
| SHA1 | 09f37afff84b2445f0afa8cbb803d53bada62080 |
| SHA256 | f8a79e0f94e8a6ef849aed1910040c7d8a4c8a61487eb67163509008c9cdb33b |
| SHA512 | c931c465c0bf1480978df9ee192bc52be82613707bd9ed813e7857a66c55386498825fa300f028ab59d0a64a1f7b5e3936ed777e97f1aee42f9a2ef8fb68827d |
C:\Program Files\Voicemod Desktop\locales\en-US.pak
| MD5 | 424663a523ce37f8a6087681fe3b05f3 |
| SHA1 | c250b53402e3ca81a5b15b4ae9efbe374d0b40dc |
| SHA256 | a9ad65a2bc012cc22efcea44ff42de06503043f7ce76ccab8edaa33456d339e7 |
| SHA512 | 566adf1626179bdb07615b63545b12dd304b7cbe43767e924a2806fa7fa8ac3b808a862375dd4723e985f15ba83760319a70c594e97934f91022446590fb10d6 |
C:\Program Files\Voicemod Desktop\natives_blob.bin
| MD5 | e350965916554e65a47305a6ab27c2ba |
| SHA1 | 9d60e499a907811a3155e9a07f8645d6c83cb909 |
| SHA256 | 1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd |
| SHA512 | c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8 |
C:\Program Files\Voicemod Desktop\v8_context_snapshot.bin
| MD5 | 9aaa9081a7199218a25c788aa3e65be4 |
| SHA1 | 1834a6ff2b69121d01da29eb1cb82ed29f493ae2 |
| SHA256 | 0c3eb5fed8f9ce0166a4d75f41d60d8af4d6082f77f230867511eca0036f9a26 |
| SHA512 | 2bab85623e897a386cac4bd764e1db0254e80423744a077ef14fea82992de7f7edeff55cbd540a7d73bbfec78ac31e8b136410e53c60f198d4325a5457beb666 |
memory/3080-689-0x0000022CCE560000-0x0000022CCE57E000-memory.dmp
memory/3080-690-0x0000022CCF8E0000-0x0000022CD0C38000-memory.dmp
memory/2220-691-0x000001E06D830000-0x000001E06D94D000-memory.dmp
memory/3080-714-0x0000022CCE5A0000-0x0000022CCE5BA000-memory.dmp
memory/3080-715-0x0000022CCE6B0000-0x0000022CCE6D6000-memory.dmp
memory/3080-716-0x0000022CCE580000-0x0000022CCE588000-memory.dmp
memory/3080-717-0x0000022CCE590000-0x0000022CCE59A000-memory.dmp
memory/3080-718-0x0000022CCF650000-0x0000022CCF6AC000-memory.dmp
memory/3080-719-0x0000022CCE6E0000-0x0000022CCE6F0000-memory.dmp
memory/3080-720-0x0000022CCE710000-0x0000022CCE722000-memory.dmp
memory/3080-721-0x0000022CCF6B0000-0x0000022CCF6EA000-memory.dmp
memory/3080-722-0x0000022CCF5F0000-0x0000022CCF616000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\settings\voicemod.db
| MD5 | f8d011aa82422e8341c20cee82d6c63c |
| SHA1 | 590696d38d70dd22e70d72c654f023bc5045bc6e |
| SHA256 | 4574b64f6a1cde5bfd009ab24bb064442456a884fa41411ee59211fc8846f290 |
| SHA512 | c369a4beb6c540ca028b252711a22e7e847cac7aad47be2d7be70863c4dbc79d7fa2a361a2da4b4f37cfc047449cbf91115f9b266f6a6a355f4675deff0c50f8 |
memory/3080-773-0x0000022CCF620000-0x0000022CCF62A000-memory.dmp
memory/3080-774-0x0000022CCF630000-0x0000022CCF638000-memory.dmp
memory/3080-775-0x0000022CD4110000-0x0000022CD4638000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\vmlog.txt
| MD5 | 8e975a848b6ba63145654897ef6cf615 |
| SHA1 | 1d359af316e5cef4a55fade3937473469989c730 |
| SHA256 | 76281a420461380f64b512e734fd60b8c2ccd307f1fe1dafc66a9c510f1b26ca |
| SHA512 | 69f5aabe8ee56b5a65dee6fef0581efcf63239ae24aba409430390da7a2516204d703d4690ac2f582be5a2076f4aecf1862fef35f712636664f3cf5b38737559 |
memory/3080-780-0x0000022CD0C40000-0x0000022CD2A7D000-memory.dmp
memory/3080-787-0x0000022CD0C40000-0x0000022CD2A7D000-memory.dmp
memory/4788-798-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/3080-805-0x0000022CD0C40000-0x0000022CD2A7D000-memory.dmp
memory/4440-822-0x0000000003700000-0x000000000370E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\bg-top.png
| MD5 | dc19715992c0051d1456308b41f04e98 |
| SHA1 | 85abf86dd0e738638fff84ecd44e5b3cdbb4b96d |
| SHA256 | 86bfe5acda1b1fc9bc8f205a58c824ad58179925d2ceae11b2a341122604457d |
| SHA512 | 2f7b3bfa6c084b830213996f7691b6abcb9efd0ac44da4739972758b4eab0478e46761d8590fcea03d2902909c2c992f1eed1ef48e353a05ba67c06189d2117f |
C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\buttons.png
| MD5 | 87cc673665996a85a404beb1c8466aee |
| SHA1 | df01fc67a739544244a0ddabd0f818bd960bf071 |
| SHA256 | d236f88ef90e6d0e259a586f4e613b14d4a35f3a704ff559dadda31341e99c24 |
| SHA512 | 2058e3fd362c689a78fb3d0a163fd21bfe472368649c43dc8e48b24fa4bc5ed1307faf1cab2c351a4dd28f903a72d4951a72d7eb27784fee405884661a259c32 |
memory/4440-876-0x00000000037B0000-0x00000000038F0000-memory.dmp
memory/4440-881-0x00000000037B0000-0x00000000038F0000-memory.dmp
memory/4440-886-0x00000000037B0000-0x00000000038F0000-memory.dmp
memory/4440-896-0x00000000037B0000-0x00000000038F0000-memory.dmp
memory/4440-891-0x00000000037B0000-0x00000000038F0000-memory.dmp
memory/4788-1127-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/4440-1128-0x0000000000400000-0x000000000067A000-memory.dmp
memory/4440-1129-0x0000000003700000-0x000000000370E000-memory.dmp
C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll
| MD5 | a9b46f9c1f4d36c794be53d0c1e0408d |
| SHA1 | b7f7d38c8a06d7a012b448e5cf44b6b9d45dbf84 |
| SHA256 | 5c81d0e7b5a57cea2f96e1615c50f84d3874bcf619b0ad6d3f9262376f886901 |
| SHA512 | a871fae923180fe25b26a25ae4876ad17333ea509ab3b6a1768f4c8f0aa4e793b03d40d8a6a9ef7f85c20b847def2cd17a18dd4ffa60cb0eb07985ec03d57b43 |
C:\Program Files\Voicemod Desktop\VoicemodSDK.dll
| MD5 | 4f8e35b09f6018652e939212dcd835e3 |
| SHA1 | 5c8a6342581cb99e0c524cfa33953eea6701a48a |
| SHA256 | 8efdb1fddf2f905ba9a4c8a635c0b7a33b58f9c72749288e5a1407e25c825b90 |
| SHA512 | 90bf8715c52ad67cf6a0809f7a528574e0f62c51d4bee7759400148f2bb62957213b1973452f03d82da210a5c9348d5db85e7ce5418c47f29999783ad21d0406 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zufranql.hut.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4440-1374-0x0000000000400000-0x000000000067A000-memory.dmp
memory/4440-1375-0x0000000003700000-0x000000000370E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\mvvad.cat
| MD5 | dca9fa98db5e1e00a86b21a42e0cfddb |
| SHA1 | 06381ce9b5c8e52a7c6fbe635cbe1ea063535a4c |
| SHA256 | a75ae4d761054f1ef771434dc2227fc4a130820aae6f6ffb72a2ff62d130fc4f |
| SHA512 | 8d7e56e1587ef1d424c2d7765946c34851b51068236411131a3ed4e588605602e741c5d22017b95a5fdb76786809e777f59b67ad4553d69aab6a0653c1446a39 |
C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\SETBD41.tmp
| MD5 | 53bdc7ca40487c4f643db4ff2c1d2fa8 |
| SHA1 | 91d750b1347831365729f4ce22ba13ea8ae91dfe |
| SHA256 | 651b6a24e897b78ac164578a24f97961a3507366db7875765a7ad274d7e787a2 |
| SHA512 | 8ec9c30c68d40a0fa11a43c872c14dc8d0d44b0a97ff3dd1c276b82c4a1c144ba9043a9cf0716c5f37c2fd95d43fcecc858d2ffc442dcbd4ff43f3cd86b8c958 |
C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\SETBD42.tmp
| MD5 | b695055318ef82cc15971b882d71890f |
| SHA1 | 86b5d52e404b56245130d5858784aeac25ca67d5 |
| SHA256 | 1f040cbb99d627bcfa63979b539d6c93e6d5a85c1a103f501aa88b816954b400 |
| SHA512 | bae69f3021029934ab195f83ac7c654d90f40350c626972f17ccbcb848c02541b605f987515b0f1a17bb23d84cbfdf845731fdf96022ce272afe4d2a763bffee |
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
| MD5 | a5a2bb9344dc3e40858c59bd42872a43 |
| SHA1 | 64d42c9d4ed58a8323f233218c346d384a3c6562 |
| SHA256 | fececd41df59d919d7e5574bc736bb7b83864de56831fb52ab6f59aaa19a50d2 |
| SHA512 | 7b5b3b5ead55196ec0a025a1f8a4187d4fb8eebb7eb969ea032b3156b2d49b99d023510b6cebefb0bc1018f6d3060bb3353efc9da44232f537abc2f351c1a33f |
memory/2636-1456-0x000001C3AA490000-0x000001C3AAA10000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\bg-bottom.png
| MD5 | a85701bbac20a65391e4e202afc96204 |
| SHA1 | a0e73596a79baaa29fbbb368bd132e3ee49d3b03 |
| SHA256 | 7e3058acb23e999d1ddfdea122afd33bc487b075c2a966affeec4d38cdbb738f |
| SHA512 | 55b1015a0d6a613104ae7edb64a59d198a176ee4fc0c32d9f1af1e7ad577af606adf55ea5586ad25443fb9ea9e770dbc2267301027c1a5f3db5eff928086a27f |
memory/4788-1483-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/4440-1482-0x0000000000400000-0x000000000067A000-memory.dmp
memory/2636-1484-0x000001C3C5050000-0x000001C3C5124000-memory.dmp
memory/2636-1485-0x000001C3AC6B0000-0x000001C3AC6C0000-memory.dmp
memory/2636-1495-0x000001C3C5FC0000-0x000001C3C60D4000-memory.dmp
memory/2636-1496-0x000001C3C60E0000-0x000001C3C629E000-memory.dmp
memory/2636-1497-0x000001C3C6450000-0x000001C3C6500000-memory.dmp
memory/2636-1498-0x000001C3C6500000-0x000001C3C6576000-memory.dmp
memory/2636-1499-0x000001C3C6580000-0x000001C3C65F0000-memory.dmp
memory/2636-1501-0x000001C3C5040000-0x000001C3C504A000-memory.dmp
memory/2636-1500-0x000001C3C5030000-0x000001C3C503A000-memory.dmp
memory/2636-1513-0x000001C3C6400000-0x000001C3C6412000-memory.dmp
memory/2636-1514-0x000001C3C63F0000-0x000001C3C63FE000-memory.dmp
memory/2636-1515-0x000001C3C6CA0000-0x000001C3C6CAE000-memory.dmp
memory/2636-1516-0x000001C3C6CB0000-0x000001C3C6CBA000-memory.dmp
memory/2636-1517-0x000001C3C6D20000-0x000001C3C6D34000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\cache\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/764-1540-0x000001FA23490000-0x000001FA235B0000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\cache\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/2636-1558-0x000001C3C97E0000-0x000001C3C97FA000-memory.dmp
memory/2636-1560-0x000001C3CA810000-0x000001C3CB52E000-memory.dmp
memory/2636-1559-0x000001C3C9BF0000-0x000001C3C9CE2000-memory.dmp
memory/2636-1588-0x000001C3C9B90000-0x000001C3C9BE0000-memory.dmp
memory/2636-1587-0x000001C3C9AF0000-0x000001C3C9AF8000-memory.dmp
memory/2636-1586-0x000001C3C9AC0000-0x000001C3C9AC8000-memory.dmp
memory/2636-1592-0x000001C3C9A50000-0x000001C3C9A5A000-memory.dmp
memory/2636-1585-0x000001C3C9AB0000-0x000001C3C9AB8000-memory.dmp
memory/2636-1584-0x000001C3C9A80000-0x000001C3C9A88000-memory.dmp
memory/2636-1583-0x000001C3C9A60000-0x000001C3C9A6C000-memory.dmp
memory/2636-1582-0x000001C3C9A90000-0x000001C3C9AB0000-memory.dmp
memory/2636-1581-0x000001C3C97D0000-0x000001C3C97DC000-memory.dmp
memory/2636-1580-0x000001C3C9B50000-0x000001C3C9B84000-memory.dmp
memory/2636-1596-0x000001C3C9B00000-0x000001C3C9B10000-memory.dmp
memory/2636-1601-0x000001C3C9B40000-0x000001C3C9B4A000-memory.dmp
memory/2636-1603-0x000001C3C9E60000-0x000001C3C9E6C000-memory.dmp
memory/2636-1602-0x000001C3C9BE0000-0x000001C3C9BEA000-memory.dmp
memory/2636-1600-0x000001C3C9B30000-0x000001C3C9B38000-memory.dmp
memory/2636-1599-0x000001C3C9E40000-0x000001C3C9E54000-memory.dmp
memory/2636-1598-0x000001C3C9E20000-0x000001C3C9E3C000-memory.dmp
memory/2636-1597-0x000001C3C9B10000-0x000001C3C9B18000-memory.dmp
memory/2636-1595-0x000001C3C9EA0000-0x000001C3C9F16000-memory.dmp
memory/2636-1594-0x000001C3C9AD0000-0x000001C3C9AD8000-memory.dmp
memory/2636-1593-0x000001C3C9DF0000-0x000001C3C9E14000-memory.dmp
memory/2636-1611-0x000001C3C9FA0000-0x000001C3C9FA8000-memory.dmp
memory/2636-1613-0x000001C3C9F40000-0x000001C3C9F4C000-memory.dmp
memory/2636-1612-0x000001C3AA490000-0x000001C3AAA10000-memory.dmp
memory/2636-1610-0x000001C3C9F50000-0x000001C3C9F5E000-memory.dmp
memory/2636-1609-0x000001C3C9F80000-0x000001C3C9F98000-memory.dmp
memory/2636-1608-0x000001C3C9F60000-0x000001C3C9F76000-memory.dmp
memory/2636-1607-0x000001C3C9F30000-0x000001C3C9F3A000-memory.dmp
memory/2636-1606-0x000001C3CA040000-0x000001C3CA05C000-memory.dmp
memory/2636-1605-0x000001C3C9E90000-0x000001C3C9E9C000-memory.dmp
memory/2636-1614-0x000001C3C9FB0000-0x000001C3C9FBE000-memory.dmp
memory/2636-1615-0x000001C3C9FC0000-0x000001C3C9FC8000-memory.dmp
memory/2636-1616-0x000001C3C9FF0000-0x000001C3CA006000-memory.dmp
memory/2636-1620-0x000001C3C9FD0000-0x000001C3C9FDE000-memory.dmp
memory/2636-1619-0x000001C3CA060000-0x000001C3CA086000-memory.dmp
memory/2636-1621-0x000001C3C9FE0000-0x000001C3C9FEC000-memory.dmp
memory/2636-1623-0x000001C3CA020000-0x000001C3CA02A000-memory.dmp
memory/2636-1622-0x000001C3CA010000-0x000001C3CA01E000-memory.dmp
memory/2636-1624-0x000001C3D4210000-0x000001C3D430E000-memory.dmp
memory/2636-1625-0x000001C3CA0A0000-0x000001C3CA0B0000-memory.dmp
memory/2636-1644-0x000001C3CB940000-0x000001C3CC940000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6077bebeea188e180af786e0357e3088 |
| SHA1 | 3992b841e47343c363444a6f41f1ef8b9d59bf86 |
| SHA256 | 8aa5ecbd50ab500ab44a3b19891ebf3eca1b9251b5a85e704667c38672046db1 |
| SHA512 | 1dbf32e1eb9650c21a7998706e726979ed2357d2b5c4a9121d0699442f763bce5bfa4336b1be4d9196d7bb8dc6600ee24baca9a85d394c739bfb84380fa4e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 9632c104c6e191d12ac7c823cc5f4415 |
| SHA1 | 545613f67eb43318b31f6e244e03ddff9630f024 |
| SHA256 | ef84e8a7397aeba680351f089b8ad827413df56c3f8e350e3df927f19a5064f5 |
| SHA512 | fb7d20a6c29ba285aef68039a64bd9f9b3cc8694347b07fc33d0057cd4a4c4ffaec709f1e6d27371cd5660c643134019136cc1e86699c40b66b06baac5b1c532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 8a1e8c9d51bcdf94ea4257b108b7a9c0 |
| SHA1 | ea5cd2a088179abc4801543621740db0e46deb84 |
| SHA256 | 0e18842a8b6eea006a07a6bf4711de24be53a543a2e53bf674c248668584a39d |
| SHA512 | a3692e5ad147049097831ee8790b5028c2030748579631312d9f9c2cd9b180d487d9870594a75ca05051a5ae3a0ee5881cbc01c1a88d20fd13c1c2e759c18140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 90bb079562f043a0951fa220f9b62727 |
| SHA1 | e17ffa0011ff5a0aa9b9da8a59a86df7d81686ee |
| SHA256 | 4d0755240b8eb75d11a31fa129025ae1a18da1b588017ba420d1ec89bedaba0c |
| SHA512 | 1155af8b57a6877c0df251e70f2490fb5878de7de549b8f6b863e99e318bfe79cea33ca92568373b266b082886e376f0daf72215ec9e8202274536337002f4e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55cb76eb9701970431a25399b350ed8a |
| SHA1 | 0c89f2e87a04d2a625c7fff452ea06ee75576781 |
| SHA256 | 74f76473f33d5ac5ce4cd1b252a7930e49c5866ad57348d2ea056ce78cc203a7 |
| SHA512 | 0b60bf4e7e2fd85ee87cb475ca2eef0230423974c3bc38082fa4ce465c3f36045e04837616f5fe090052a059a72a4d95782555828f1f5e1e8ebae4038c2f178c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 473489736bf35dbaf1ab8466a47c807f |
| SHA1 | 24b7411d87ab40ce8656a504770a2060f5758020 |
| SHA256 | d9bb725ce7a403644b781858766acd6e62329b697cb511d5e5efc30fbea3843d |
| SHA512 | 10d5c4a632600c950529a103e16d83960171c9f323162916188b1fa5b5278f163fadbe0d8a9af2d6ad6be71a40cd70cf0cbba00b3f7573073caa2969c801c5fe |
C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index
| MD5 | 8542e2c518a855d268f49953425992c2 |
| SHA1 | 01b95fed872bbbbe50beacf781575447c4080bb6 |
| SHA256 | b331c2264dea86f38a74e9c39bdb575f78b542af56491fd07d2e5e3127266029 |
| SHA512 | 5e096f1932f8dd46a0eb851631237dd946d1b80067774c2fe3843e1d0a0b2fd1e5b56e2dae71a93d1b3c386e8325140c4a16d58b9f95c00965a5f582d97f60a3 |
C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index
| MD5 | ba2f4d186040d4e81dcd5dfa44dabb87 |
| SHA1 | be06896e747f307d895f5ae18fc9485f7c4723d7 |
| SHA256 | f4b58eff13a09891a493df3ab6ff373aed00738bd02454431f51f7e5fd6cd088 |
| SHA512 | e573abf3a3bed7a022f5f4cc96f23d06ba01cd889b1c753430262938ff9f1fb1cdc6cb4a345cb7a5486368e65a9cbb440ddedac8d871afa47a24831c3cc37c11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf5fde2bcf4f349f442a5c633701d64f |
| SHA1 | eb2fcd0899ba0bbc2ae64536ca618ef44a614fe3 |
| SHA256 | 49022e52a3957fe6015ca601e6f158a0a24adc8545d5ad19c0490ab768c3c4f8 |
| SHA512 | ab258f3d9d17b75fb02c6299a929d4814f026d528ab81cc8a77944b55926d5008fa438716979bd8a9d09725056286e4f40741a075a35bbe15bdb87535160decb |