Malware Analysis Report

2025-01-06 11:47

Sample ID 240603-er56hacb79
Target VoicemodSetup_2.6.0.7.exe
SHA256 7ff3b571ce5e9853333c9a1bda22070755c4ac579b9aa785e56db315e851e32d
Tags
discovery evasion execution persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7ff3b571ce5e9853333c9a1bda22070755c4ac579b9aa785e56db315e851e32d

Threat Level: Likely malicious

The file VoicemodSetup_2.6.0.7.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Downloads MZ/PE file

Adds Run key to start application

Modifies Windows Firewall

Checks computer location settings

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Suspicious use of SendNotifyMessage

Modifies system certificate store

Runs net.exe

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 04:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 04:11

Reported

2024-06-03 04:14

Platform

win7-20240221-en

Max time kernel

144s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"

Signatures

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1152 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp
PID 2172 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe
PID 2172 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe
PID 2172 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe
PID 2172 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe
PID 2172 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2172 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2172 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2172 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2160 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2160 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2160 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2172 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2172 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2172 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2172 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2624 wrote to memory of 2552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2624 wrote to memory of 2552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2624 wrote to memory of 2552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe

"C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp

"C:\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$80120,66753197,750080,C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe

"C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=4456596e-0528-4680-8940-5edc26c0ff50 -o C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\deviceId.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

Network

N/A

Files

memory/1152-2-0x0000000000401000-0x00000000004A9000-memory.dmp

memory/1152-0-0x0000000000400000-0x00000000004C5000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-UKT6O.tmp\VoicemodSetup_2.6.0.7.tmp

MD5 3b93628e07e9a9352cb7ea41c59ef578
SHA1 48615d4428539e9f0af70153656f3e8ae4e2589c
SHA256 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60
SHA512 fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2

memory/2172-8-0x0000000000400000-0x0000000000681000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\idp.dll

MD5 55c310c0319260d798757557ab3bf636
SHA1 0892eb7ed31d8bb20a56c6835990749011a2d8de
SHA256 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed
SHA512 e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

memory/1152-14-0x0000000000400000-0x00000000004C5000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\curl.exe

MD5 1c3645ebddbe2da6a32a5f9fb43a3c23
SHA1 086f74a35d5afed78ae50cf5586fafffb7845464
SHA256 0ba1c44d0ee5b34b45b449074cda51624150dc16b3b3c38251df6c052adba205
SHA512 ccc9534a454971db0014ba0996d837a36cda0b91db32a93d73f17097825b1ab7c973601586d06c953bc79d2863c52c7db0fb4d04e37f83581a27e1cf7284224b

memory/2172-20-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt

MD5 8f19f9973fc975c6d10a53c237afe38e
SHA1 f01fe6fbf3f47abaf72731ecf8531cae40391c39
SHA256 40b4578d36c7bc22445c10de56b358586fd1f485e309a4341ce30631ab4e6558
SHA512 06119d76003ba0cc227bf4bdf05d05143a28dc86c91a7e7f8b801c833480b6722e9688a546060b36ea332fb28b6c8f299df19bafe2997881bebec3a4e6f51166

C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt

MD5 822e9198cb2400b43cf1e7fadb504eba
SHA1 4dc1705b950beedf7f1ab7741fee2f5e7366c7fe
SHA256 380adc80e9721806a1e924cafb402d1107257c88db1cc52c361c39b103c32a43
SHA512 b10c13f8899aabbfb78da337ee83b1ddbacb319da77c78928f05c464422f614a40a6280ed6621736ad5ebc4cbc086d271f4b1b94674b733852dc55a3a404ea96

\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\botva2.dll

MD5 0177746573eed407f8dca8a9e441aa49
SHA1 6b462adf78059d26cbc56b3311e3b97fcb8d05f7
SHA256 a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008
SHA512 d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

memory/2172-33-0x0000000003370000-0x000000000337E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\bg-top.png

MD5 229152b01d238ac58d066bbdd45219bf
SHA1 b47d2070eb77d723f925f36c902c6cefd5bb1c31
SHA256 acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e
SHA512 fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30

C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\bg-inner.png

MD5 4a1378ccbcbcf4a320bfc4d63aabef36
SHA1 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5
SHA256 f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a
SHA512 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e

C:\Users\Admin\AppData\Local\Temp\is-E3K2U.tmp\buttons.png

MD5 84d27be69f0f13909dab87c1cb270a29
SHA1 cb3a480bf9d790342e12775b4d50c350475f3bb5
SHA256 ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de
SHA512 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a

memory/2172-107-0x00000000033C0000-0x0000000003500000-memory.dmp

memory/2172-92-0x00000000033C0000-0x0000000003500000-memory.dmp

memory/2172-97-0x00000000033C0000-0x0000000003500000-memory.dmp

memory/2172-87-0x00000000033C0000-0x0000000003500000-memory.dmp

memory/2172-102-0x00000000033C0000-0x0000000003500000-memory.dmp

memory/2172-110-0x0000000003370000-0x000000000337E000-memory.dmp

memory/2172-109-0x0000000000400000-0x0000000000681000-memory.dmp

memory/2172-113-0x0000000003370000-0x000000000337E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 04:11

Reported

2024-06-03 04:14

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\drmk.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\portcls.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\drivers\SETBF34.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\drmk.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\SETBF34.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\mvvad.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\portcls.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\SETDAC0.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\drivers\SETDAC0.tmp C:\Windows\system32\DrvInst.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Voicemod = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\"" C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\mvvad.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD6F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8DD.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD70.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD71.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\mvvad.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\vmdrv.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\vmdrv.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD70.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BC.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8DD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\mvvad.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD71.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{d3822adf-9d78-fd49-a8b4-c42130a18fdc}\SETD8BC.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{12a9c7c7-63e6-5043-8fc1-79a2277a70b5}\SETBD6F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.cat C:\Windows\system32\DrvInst.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Voicemod Desktop\is-KHQJK.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\NAudio.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-BIC0R.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-8LT4L.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-EH8SL.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-U67B6.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-VAGQQ.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-FTFN6.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-7IK0B.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\SimpleInjector.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-O2Q5R.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-BG17R.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-5N0A1.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Interop.WMPLib.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\hu.pak C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-OQ3TT.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-DK06V.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\System.Net.WebSockets.WebSocketProtocol.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\hr.pak C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-NP5C4.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\driver\defaultdevices.txt C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-63R9D.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\ca.pak C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-IVIJU.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-C4QRK.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\IterableAPI.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-P16QU.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-6FQPK.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-UQINU.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000\is-VF1HK.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-VU8L7.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-4MTFE.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-B5CP3.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.DependencyInjection.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Hosting.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\mParticle.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Http.Features.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-EHCUM.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Https.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\zh\AutoUpdater.NET.resources.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-4U630.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-UTE0L.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-69VV6.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-KJEOP.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-CVBNL.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-97UQE.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\System.Text.Json.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-DGBFL.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-DGAT8.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-VO4PD.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-DO8NR.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-HAVIT.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\zh-tw\AutoUpdater.NET.resources.dll C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-IGI91.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-F5PED.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-3VA06.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-69MPL.tmp C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.FileExtensions.dll C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-IANN6.tmp C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File created C:\Windows\INF\oem0.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File created C:\Windows\INF\oem2.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\inf\oem3.pnf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem1.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{343B9ADA-B501-4A24-B935-025B8A92942A} C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp
PID 2888 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp
PID 2888 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp
PID 5056 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 5056 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 456 wrote to memory of 976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 456 wrote to memory of 976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 5056 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 5056 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 1748 wrote to memory of 2272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1748 wrote to memory of 2272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 5056 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 5056 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
PID 5056 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
PID 5056 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 5056 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2700 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2700 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3068 wrote to memory of 836 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3068 wrote to memory of 836 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2700 wrote to memory of 3144 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2700 wrote to memory of 3144 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3144 wrote to memory of 2836 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3144 wrote to memory of 2836 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2700 wrote to memory of 672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2700 wrote to memory of 672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 672 wrote to memory of 2036 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 672 wrote to memory of 2036 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 2700 wrote to memory of 3312 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2700 wrote to memory of 3312 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3312 wrote to memory of 4224 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3312 wrote to memory of 4224 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2700 wrote to memory of 3256 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2700 wrote to memory of 3256 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3256 wrote to memory of 4648 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3256 wrote to memory of 4648 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2700 wrote to memory of 2164 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2700 wrote to memory of 2164 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2164 wrote to memory of 3688 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2164 wrote to memory of 3688 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2700 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 2700 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 3008 wrote to memory of 1544 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3008 wrote to memory of 1544 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3008 wrote to memory of 4688 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe

"C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$80180,66753197,750080,C:\Users\Admin\AppData\Local\Temp\VoicemodSetup_2.6.0.7.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f -o C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\deviceId.txt

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpLicense\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectDir\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"6\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectTasks\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"9\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe

"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_enum

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon install vmdrv.inf *VMDriver

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c1fbd64a-176a-d34c-bbfa-b521a1e477ec}\vmdrv.inf" "9" "499a51a03" "0000000000000150" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2020.9.25.0:*vmdriver," "499a51a03" "000000000000015C"

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --field-trial-handle=1920,9748521080142752741,5580098267502032780,131072 --no-sandbox --disable-gpu-vsync=1 --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --lang=en-US --cefsharpexitsub --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --service-request-channel-token=1651255437635605692 --mojo-platform-channel-handle=17360 /prefetch:2 --host-process-id=3080 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --field-trial-handle=1920,9748521080142752741,5580098267502032780,131072 --disable-gpu-compositing --service-pipe-token=16355260747729627155 --lang=en-US --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --enable-system-flash=1 --cefsharpexitsub --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=16355260747729627155 --renderer-client-id=3 --mojo-platform-channel-handle=15308 /prefetch:1 --host-process-id=3080 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x524 0x534

C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe

"C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe" /NOCANCEL /SILENT

C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0GM07.tmp\VoicemodUpdate_2.48.4.0.tmp" /SL5="$150062,117205037,720896,C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.48.4.0.exe" /NOCANCEL /SILENT

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f -o C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\deviceId.txt

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe

"C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe

"C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe"

C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe

"C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\avx-checker.exe"

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe

"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process 'setupDrvAdmin.bat' -Verb runAs -WindowStyle Hidden -Wait"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Program Files\Voicemod Desktop\driver\setupDrvAdmin.bat"

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_enum

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe remove *VMDriver

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_delete oem3.inf

C:\Windows\system32\DrvInst.exe

DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf" "0" "48643ea57" "0000000000000140" "WinSta0\Default"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_enum

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon install mvvad.inf *VMDriver

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\mvvad.inf" "9" "499a51a03" "0000000000000178" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2022.6.1.0:*vmdriver," "499a51a03" "0000000000000178"

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{e082289a-47dd-4eef-bfd9-16a08c1755cf}" --flow=Capture --role=Communications

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{e082289a-47dd-4eef-bfd9-16a08c1755cf}" --flow=Capture --role=Multimedia

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{e082289a-47dd-4eef-bfd9-16a08c1755cf}" --flow=Capture --role=Console

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\disableDrv.bat""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setvisibility --id="{0.0.1.00000000}.{f6ee76a1-8d4f-4ec4-97d3-f1d9b1ac368d}" --visible=false

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\"},\"mp_deviceid\": \"f4e37a60-9096-44d6-b0a2-65c6c48a2023\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.48.4.0\", \"machine_guid\": \"6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\", \"voicemod_system\": \"voicemod-v2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --no-sandbox --enable-gpu-rasterization --disable-gpu-vsync=0 --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=22608 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=15804 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=29460 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2368 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25 /prefetch:1

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=928 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25 /prefetch:1

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.48.4.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=26384 --field-trial-handle=14296,i,4534612781391837159,14269526945822215826,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2636 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fugcvoice|25;fcorevoice|25 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f&appVersion=2.48.4.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940f746f8,0x7ff940f74708,0x7ff940f74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=6833eb7b-8d4b-4cdd-9502-9bbf7fc1cf9f&appVersion=2.48.4.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940f746f8,0x7ff940f74708,0x7ff940f74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3826588095805841504,6332476001613564292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 wsw.voicemod.net udp
GB 3.11.24.48:443 wsw.voicemod.net tcp
US 8.8.8.8:53 s2s.mparticle.com udp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 8.8.8.8:53 48.24.11.3.in-addr.arpa udp
US 8.8.8.8:53 166.30.210.54.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
US 54.210.30.166:443 s2s.mparticle.com tcp
GB 3.11.24.48:443 wsw.voicemod.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 sdk.voicemod.net udp
BE 34.38.70.171:80 sdk.voicemod.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.70.38.34.in-addr.arpa udp
US 8.8.8.8:53 www.voicemod.net udp
US 104.18.35.73:443 www.voicemod.net tcp
US 8.8.8.8:53 sentry.voicemod.net udp
US 35.244.178.73:443 sentry.voicemod.net tcp
US 35.244.178.73:443 sentry.voicemod.net tcp
US 8.8.8.8:53 73.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 73.178.244.35.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 3.11.24.48:443 wsw.voicemod.net tcp
US 8.8.8.8:53 s2s.mparticle.com udp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 8.8.8.8:53 171.106.5.52.in-addr.arpa udp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 52.5.106.171:443 s2s.mparticle.com tcp
US 8.8.8.8:53 api.voicemod.net udp
BE 35.205.157.23:443 api.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 23.157.205.35.in-addr.arpa udp
BE 35.205.157.23:443 api.voicemod.net tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 redirect.voicemod.net udp
US 172.64.152.183:443 redirect.voicemod.net tcp
US 8.8.8.8:53 account.voicemod.net udp
BE 35.205.157.23:443 account.voicemod.net tcp
US 8.8.8.8:53 cdn.xsolla.net udp
GB 23.214.117.90:443 cdn.xsolla.net tcp
US 8.8.8.8:53 ts.voicemod.net udp
US 216.239.38.21:443 ts.voicemod.net tcp
US 8.8.8.8:53 secure.xsolla.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 185.30.21.21:443 secure.xsolla.com tcp
US 8.8.8.8:53 183.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.117.214.23.in-addr.arpa udp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 mp.voicemod.net udp
US 151.101.2.133:443 mp.voicemod.net tcp
US 185.30.21.21:443 secure.xsolla.com tcp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.21.30.185.in-addr.arpa udp
US 151.101.2.133:443 mp.voicemod.net tcp
US 8.8.8.8:53 sentry.voicemod.net udp
US 35.244.178.73:443 sentry.voicemod.net tcp

Files

memory/2888-2-0x0000000000401000-0x00000000004A9000-memory.dmp

memory/2888-0-0x0000000000400000-0x00000000004C5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1CQMQ.tmp\VoicemodSetup_2.6.0.7.tmp

MD5 3b93628e07e9a9352cb7ea41c59ef578
SHA1 48615d4428539e9f0af70153656f3e8ae4e2589c
SHA256 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60
SHA512 fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2

memory/5056-6-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\idp.dll

MD5 55c310c0319260d798757557ab3bf636
SHA1 0892eb7ed31d8bb20a56c6835990749011a2d8de
SHA256 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed
SHA512 e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\deviceId.txt

MD5 d4f4daf79c1ed30b0917920a971e2c45
SHA1 ee3f0f9bee220d423ce8f0da05b8d0b7bf9e5400
SHA256 11a79fe62aac1ff30494dd7ed277fc1630296a09a4e9c7160cbc0c8a33de94f9
SHA512 c96c328363760b00f1734d2b0917340ec19572dc7c42d5678750f6026df8db03ddaa842c5b56dbf760d356887a0b297f94fe8ae377aa0f9c4b2faafd3f9f5ee1

C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt

MD5 82c1868ee2ae43b6abd336a39d430a11
SHA1 2895f7f3188e29c6f45124f99cbc75801b1419b4
SHA256 fddf3ed813894c34e8fd7f66fba3b6c6dbb43987ef91d702c7058da9022050b5
SHA512 c07295f1dcfa93af2934b7b634ddb7050f4e8a4abea24400dc384f34be78f0cc029923bb3099bddc5f75fd3cd7d776c7343a753ba8ae8a7a8a5e7ca993d17da6

C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt

MD5 91228d2391a6ed8235a8b5c10cc6e9d7
SHA1 2c601cd00037a6480b25cfdd4a747f9567d40d41
SHA256 4a9bd289f43f461663f9db59a9ed59a09a717202b927f7733c1419ae5ec79ffe
SHA512 5805b951e32ce0c5c27a956de5cbaf7ebaa172596de897550dd4b95d8dd16373b4443c4da78200d2919fd87c86c465b2826e3bad21fb2cb118e8cf8c51a1f184

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\botva2.dll

MD5 0177746573eed407f8dca8a9e441aa49
SHA1 6b462adf78059d26cbc56b3311e3b97fcb8d05f7
SHA256 a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008
SHA512 d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

memory/5056-28-0x00000000035F0000-0x00000000035FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\bg-top.png

MD5 229152b01d238ac58d066bbdd45219bf
SHA1 b47d2070eb77d723f925f36c902c6cefd5bb1c31
SHA256 acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e
SHA512 fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\bg-inner.png

MD5 4a1378ccbcbcf4a320bfc4d63aabef36
SHA1 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5
SHA256 f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a
SHA512 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e

memory/5056-87-0x0000000003600000-0x0000000003740000-memory.dmp

memory/5056-102-0x0000000003600000-0x0000000003740000-memory.dmp

memory/5056-97-0x0000000003600000-0x0000000003740000-memory.dmp

memory/5056-92-0x0000000003600000-0x0000000003740000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\buttons.png

MD5 84d27be69f0f13909dab87c1cb270a29
SHA1 cb3a480bf9d790342e12775b4d50c350475f3bb5
SHA256 ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de
SHA512 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a

memory/5056-82-0x0000000003600000-0x0000000003740000-memory.dmp

memory/2888-103-0x0000000000400000-0x00000000004C5000-memory.dmp

memory/5056-105-0x00000000035F0000-0x00000000035FE000-memory.dmp

memory/5056-104-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll

MD5 948fa7c2a1fc375157bde5d8d44fe162
SHA1 9ed97ef0eb84d52bb5dd0b2343c9deac4bc2b1e9
SHA256 9908c60efe2d8dd716e6654ea09e8a19ffce21273aeaa239473c549500479ba4
SHA512 fdafba662dce2b913d29ebd1d9b80eb41c4c8a1b09444c1275052fc436079dbdb4dc6a3a8021eff0768767bd9c8efba789a865a9e814299478840d12797354c8

C:\Program Files\Voicemod Desktop\Voicemod.Websockets.Fleck.dll

MD5 aa81651105606461eb63db6d423fb2c7
SHA1 c748d7a703df483a99f2d434d1a45fb3d285b4c7
SHA256 138e544e27ee059ffef19809c54f48076a0ddb29410549b658b3aa67a18d153e
SHA512 1118a9b1090ff72fd15b269eae7f0d8085ef624fd34318f5c4499dcbae37531081c8060182cf37ca9e114c05eafdbbfb8477cf1ba2a88225106d587caf141541

C:\Program Files\Voicemod Desktop\VoicemodSDK.dll

MD5 39844565ec5c8cf05d62ef399b011754
SHA1 23ba2573016c6fa7344f4d422d86a76b5216363d
SHA256 f0dbf3861a5cae109edef2e78fa2b9f7c4353025bad314cf3afb3fa173a4f5af
SHA512 54b5a16b55491a59e6cb7f4172557efc470d6c31f503b7c8767f0ec410f128a7b98bf4191ba8176fe39f77deb6372788797f0dffbaae2041338af63eca544e0f

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

MD5 d20afc7e984fef3a2b2ed3dc0b4c0ef5
SHA1 484da3d185b8b87620d4d2d6b7ca4266a651bf21
SHA256 fb737bdab9bf40f95dc999adc48cca3855fea1290c4bf51629f0298660f92cee
SHA512 e9ab6c311f73bbbd9640be6275c66ce4bb4aa73124e46eb7a3e7a8083bc8de0c461555ea12205c6ce630aa4e783bbea6112fca700f58edb33f0c82142dad127f

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe

MD5 ce0e059d4365c22f6f8cc1ce04ff5418
SHA1 09eff27e69a3e4d3cc8bef9e93fe6ae7e20447c8
SHA256 663e5b184648639cbcf353ddaeec6688abe323dbccf8de8fc8d2683f5e1a99cb
SHA512 c8c9ff1fcb172bdbf90d598b2cf0c5f0dab31132b8633540a162ec0c299861d64f36bb805da7dca5b4a4ac96c74fc420303235cbc780f09a2c2aad5b7de724ff

memory/5056-488-0x00000000035F0000-0x00000000035FE000-memory.dmp

memory/5056-487-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\driver\setupDrv.bat

MD5 e6bdf4edaca31d8f5f5d8fab141e1bf4
SHA1 b67c41d0170c246a2b01dd2e6b280c147e98419e
SHA256 9387039a0be348be9d99989c6f60ded8760c76c5316692dc880b486859ae792d
SHA512 f3b62c78982e7c7ab0d9c04db18642f43e289cda8bacf454df5749b1371d444bb44f57f65931f39a8075c491cb88e3c96b83a3c3a271eb67a9f427c649787c8d

C:\Program Files\Voicemod Desktop\driver\uninstalldriver.bat

MD5 a6261c36b1eb262f18c98e520966c329
SHA1 be1f1a0bdcc2f26bc41599b257f2b4c95a1a87a1
SHA256 d0cdbdb5be2be15f77861b6e08aa553d9e8580c224ef0f63e55064f415fc16f0
SHA512 06da998b9778148e15065b67ea6ffadd6df7babf6b1b435368e6c7b6e91d3506d3c3498140cd8b950e207d97c78a899e567b4fbf462d07f7ad473a878ea45fec

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

MD5 afc1465481d73483af98d1e78419ff02
SHA1 7fdea1d99110007a5e560ea7b43ba0dec735f908
SHA256 98ea0aa12cf1a2b0b7337bcdb6fef41ca35f83248e29b6072fb15f3c180232b4
SHA512 6b4c9142298a91f65338ce68edd66aceb1a3e7a5ef4d87969064cf49828cfbf8bfb3e0a226fd13bddb933d49d7aca9fd0a9f6cd048505cf5ba2abd4b871b93ec

memory/5056-502-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\driver\vmdrv.inf

MD5 b9b68ddad77911e85697af02b6e311b5
SHA1 999c26f4e20fd29abb0404c9b5bfad4fb2664d2d
SHA256 f853d5b0a5dd5cbe1da2ffaae285080019f9e60cf4e4ab7d9810f5be40f362f1
SHA512 40e0307e787c8498ffc0922d190973b1634621bbefc2a89feaad1b4d68797f9e55c1cf55e5112a0a8d13ee37fa2ed18a33248c95e4298471e2f7cb3f6359c874

\??\c:\program files\voicemod desktop\driver\vmdrv.cat

MD5 46bb11132e5800c97b9d2c1df6e6fe88
SHA1 83a6cb8f90ce3a805609eaa3472ee480ac30a8b2
SHA256 6bfcc755ffedaefbd2aa94988dbfc2492a185ec1621ccb2db9194d1f83df5ccf
SHA512 fd3de31cf8025e933c8a4966938ab4b59fb9adca41b009c0ef0129bf5297bf4a64e5d4bde662f2aec62ccb3c05bc10c309196c73355cbd409ab4b1f6ba86ad08

C:\Users\Admin\AppData\Local\Temp\{c1fbd64a-176a-d34c-bbfa-b521a1e477ec}\vmdrv.sys

MD5 0e625b7a7c3f75524e307b160f8db337
SHA1 5088c71a740ef7c4156dcaa31e543052fe226e1c
SHA256 d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3
SHA512 0ad805d11413dcc9d3c549b94a3644fc9c9caa23f0a661c9aef41c1e6f8d91de784817668ff4f34b3f50d738aa8097b2a0ee38de078ed97f5c17635533e9e165

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe.config

MD5 06e40dfadc011f07b0a8bcb910ca62ee
SHA1 a4574e90d61339b3eea2cfd11ed12e557f7f477f
SHA256 ae74231a8e6bd0acff9fb074427be26a73af20885cd23cfa6a636c9df4333f59
SHA512 ae27cc72c9afdc89a5ef8bf2569284d7ca6cfbcb30a5cd4ace0da11bc79a35f47c65a5f414f84f95f8696822242d3b9718dd860413c55cfddc1cae37d8c5350a

memory/3080-582-0x0000022CAEEA0000-0x0000022CAF38A000-memory.dmp

memory/5056-584-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\NAudio.dll

MD5 047bca47d9d12191811fb2e87cded3aa
SHA1 afdc5d27fb919d1d813e6a07466f889dbc8c6677
SHA256 bc4bacc3b8b28d898f1671b79f216cca439f95eb60cd32d3e3ecafbecac42780
SHA512 99505644d42e4c60c977e4144165ea9dea8f1301e6456aa809e046ecc84a3813a190ce65169a6ffef5a36ad3541ec91002615a02933f8deb642aa3f8f3b11f2f

memory/3080-587-0x0000022CC9900000-0x0000022CC9984000-memory.dmp

memory/3080-589-0x0000022CC9A70000-0x0000022CC9B42000-memory.dmp

C:\Program Files\Voicemod Desktop\NLog.dll

MD5 b70274014c925937f0f2e79de6a17615
SHA1 f0c7f4d5f977c99a3205ee5c1c8c838ba4a81bce
SHA256 08f1f52716216fdbf4e918c88bedd87c13d06d914e4f39673f2528237638107c
SHA512 7cb67d07c136f48231da2a2fdcb7f93e8a63a391d09ceb56c12287b93a58e3fe9117313da4578f2225b178adb2bb5e0bf8d75d076c79be7823ccd42389f5dfdf

C:\Users\Admin\AppData\Local\Temp\is-J9JBD.tmp\bg-bottom.png

MD5 495e1b72f1318b9abd18396170a8b73b
SHA1 1f75098efccea494cd6bd1241eca02a9996fcf2f
SHA256 9b86e47b5b3972b1de9d55b53caed3538f7179ddfbc79fca35ce9f30c354c6aa
SHA512 eaa474168ba803b326961ec89a17dedcbec470cc8b412a1206bfd71cb02b6c031fbb3af9ca1e218e19f7780e5b39d36ecfbcc02a3dc71e13cfc8712546f99351

memory/5056-615-0x0000000000400000-0x0000000000681000-memory.dmp

memory/2888-616-0x0000000000400000-0x00000000004C5000-memory.dmp

C:\Program Files\Voicemod Desktop\Sentry.Protocol.dll

MD5 c3b6084fb4a7ad53d42b6301bd19ac43
SHA1 8b528d371629c1aa1a31d35d7a257813a90b6846
SHA256 60857310276b69557d2596356f78b53b74f8ff8a905bcc5ac57b84b2fddc064d
SHA512 63e37c164561fbc9136244b1cf7c581fc4fa277ed5b24f9b767c126970740e358e340ba2609bc7f10523b48eaf3bb873fc4ce01094d039e43110263817c4b964

memory/3080-624-0x0000022CC9E40000-0x0000022CC9EEA000-memory.dmp

memory/3080-626-0x0000022CC99B0000-0x0000022CC99C2000-memory.dmp

C:\Program Files\Voicemod Desktop\Newtonsoft.Json.dll

MD5 4df6c8781e70c3a4912b5be796e6d337
SHA1 cbc510520fcd85dbc1c82b02e82040702aca9b79
SHA256 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
SHA512 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

memory/3080-628-0x0000022CC9EF0000-0x0000022CC9F5A000-memory.dmp

C:\Program Files\Voicemod Desktop\SimpleInjector.dll

MD5 799368d49236de4022d232fbb6a4de38
SHA1 3e3181dcfc62a9067a0265385a6cd5e228626ce7
SHA256 0414c6cc3fe30f6baf019e30148a6c841358b6f3ab570b4419812eb7350b6a19
SHA512 9bb4b681cacd1c1361080fd3e768ea524a11fd284ea9795e04a5173e1ff326bda17c18debd26bd146f19eaebdd10f6c275fe0b2dfce88b601e9c9a2bb9fa91f8

C:\Program Files\Voicemod Desktop\System.Collections.Immutable.dll

MD5 d8203aedaabeac1e606cd0e2af397d01
SHA1 eef943e4369166a039dee90f2d81504613d49ca0
SHA256 2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57
SHA512 ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6

memory/3080-632-0x0000022CC9A20000-0x0000022CC9A6A000-memory.dmp

memory/3080-633-0x0000022CC99D0000-0x0000022CC99EA000-memory.dmp

memory/3080-630-0x0000022CC9990000-0x0000022CC99AC000-memory.dmp

C:\Program Files\Voicemod Desktop\Sentry.dll

MD5 a3571d57212d66885f7e19ca16c76d19
SHA1 32017244672e20e5e99d35aa05907f835f1246ae
SHA256 4890f2bed66f98c4edef6174a9500a3b13d5a5419204003507468b45e946582d
SHA512 317bb735044b78603f8b2ec750ed98e240ba3eeca8f36fefe47af06b15975f402b6f5852ba8c5b8b345475ab3bdd9dc3faef17669a17fd028f0b9b1655dd67f5

C:\Program Files\Voicemod Desktop\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

memory/3080-635-0x0000022CC99F0000-0x0000022CC99F8000-memory.dmp

C:\Program Files\Voicemod Desktop\NLog.Extensions.Logging.dll

MD5 95e7f2457da5b9e710dac09740c16463
SHA1 1e81f71d1b69951517eae13cf5e96acd28faeb99
SHA256 544aa327ea022e6a8046f2c2fbc822714415aed716f1f0ec37cc707043cd58cb
SHA512 97b14ee4d1fffa4331ae911ddeb0dd4e2b8eb5db10f3d2ddd8a7a3b562a0110c5be19a72b3365d4f12b5b2543a9ce323143dc4a349c0481c93cf1c56e19bb5fa

memory/3080-641-0x0000022CC9A10000-0x0000022CC9A20000-memory.dmp

C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll

MD5 fa43b31fac519d4537325b2d77595c3f
SHA1 dc3c0912d2275684a95816401f63e155fe2b5ed1
SHA256 ce4721eb7591c77ec23650c079c25730bc9e4f2af440ed0ce913258151434cda
SHA512 e9e050ec7bd310ce3c5c13ac7f3849dd96ee34ca68a91956b956eef6c228a23d790736d05f07562b039a888471f823107d11384e72e172f505192964680335f4

memory/3080-639-0x0000022CC9FB0000-0x0000022CC9FC2000-memory.dmp

memory/3080-645-0x0000022CC9FE0000-0x0000022CC9FF0000-memory.dmp

C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll

MD5 ec154043dd58f7834eeb093bc4d0d7d3
SHA1 052f320731f3f35dd10de4149b27f0c8437a21d2
SHA256 4442104e5a3620b5e927b50c02325d4a2f873851ce73bd063b7e17f2a344bc2f
SHA512 2cac794852cb182004fc01f7061563dc8512c60591e67249e7aa9f4fb4282dc71142ae36a371daad32fba719a119055886ec8a63c31dacf0fc8eaaf7551d0513

memory/3080-643-0x0000022CC9FD0000-0x0000022CC9FDC000-memory.dmp

C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.dll

MD5 b7f13cb30356dbe3e3bf7c01e2d8c7b1
SHA1 712900d638167a85017ab7f99119964d84e0a39f
SHA256 9cb78661a77fbbae56de368f018ac9b06e6a171dab37e49091ac4abc4a3d1126
SHA512 6df9337d590adb72df002cd64005a59f60ba064b2ae2d207559f0b43c9c8978ae75b22115556f0f4e7567b7b7862b99fe069ec92b3c98752623636bea92d1bb5

C:\Program Files\Voicemod Desktop\AutoUpdater.NET.dll

MD5 07809155502ca460862d6c3cd554200d
SHA1 a648d3dceaa0dab29bdeb3b08cfcc05b816dd28a
SHA256 4afa1ef0f2df936fe2ff026d73b9630cff0d567cb66e3e09ed94783c0d3a054e
SHA512 6314679bab44ac165e77689ee8265f3687b8e7636a0b0fc688fc1b4581ba376c612e8d117dc50e8ae447a36e161167fa4b7d3365e9b92cc7d80f56a8b57d0e08

memory/3080-649-0x0000022CCA0C0000-0x0000022CCA12C000-memory.dmp

memory/3080-650-0x0000022CCA090000-0x0000022CCA0B2000-memory.dmp

C:\Program Files\Voicemod Desktop\NAudio.Vorbis.dll

MD5 7721decf5f28e1470d40b912b2253779
SHA1 04536a984d29ad5bb1939ab83a1c5eea501f2670
SHA256 ca4cceb6a39d5b511abb897d8bd3c1de6921cf8a284da73be2f7ba79ac377b92
SHA512 2aa81e5a800f804ecbb206cbd2807d4a1987341dd211f8c493b6d5873e7d3d35f4db8c27b4d67631c592861eb3fa05037ea93d02585870e6354054df687af076

memory/3080-656-0x0000022CCA270000-0x0000022CCA27A000-memory.dmp

C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll

MD5 b8ee3de827c9828bfc4ce2d1232110a5
SHA1 0a017aab404c48f9f11b3e7e0a29e0c558e8cccc
SHA256 6b007d59cb09c077e94bc32ee74b3ff03af07422dd50b40d2cf39573140022fc
SHA512 13dda00459d9fa07d8123a5b100d9ec1b046e470d978e37a769308424c3986bfdcee5515cd32fd7b14b8eee3e9ab4ded1f0ae5939522926bf7a82daeb914123b

memory/3080-664-0x0000022CCA2C0000-0x0000022CCA2F6000-memory.dmp

C:\Program Files\Voicemod Desktop\CefSharp.dll

MD5 a8caf7f548b13fcd2d676c9c2550e352
SHA1 0274fca4d6fcf58f098053de1bb921f18c7d66be
SHA256 073028a525cdeb485a183a714289199e5650aadcde6bd90fa2726339e139515a
SHA512 c4f9ddc0ab33c1a10522670586857004d39a13c9a8cc44fba8f1f254fe8896b86e79a8ab5bb4843df3fca5bdc3abaf35d061954b429923faacea4ea99f4408ad

memory/3080-660-0x0000022CCA060000-0x0000022CCA06A000-memory.dmp

C:\Program Files\Voicemod Desktop\CefSharp.Core.dll

MD5 cf23cc10046f463ba2f929b3491be3cc
SHA1 1763511c3103f191d046ae8a25b344755d042ff5
SHA256 e1c1c19da47f763b207569eaaec7ab26203720fea2546178cf30630292de22cb
SHA512 a6c190e8b9a2fb59174abef52cbfcdbaa4618019450e860ec1b490643ee26ab33c9352ccb376edcc52ea1d659ac5b8fa8fa9560a25f616dfe098b7455118ee55

memory/3080-668-0x0000022CCA300000-0x0000022CCA4B3000-memory.dmp

C:\Program Files\Voicemod Desktop\chrome_elf.dll

MD5 44fc26ae3f77101eacf851f53aa1e64c
SHA1 f129f58aa70cf1ea7741be1c7848062e515d6773
SHA256 fb884db0b44f47dc451d9729fecaf6aa9de61e757aa4ef76381ca7006d55cbb6
SHA512 f690665b01eb4e292ce8e03169593fcbb44110253fc4a14510ff3081c41bd13a0538a9a805113f07a9fc11536b552b59c5548c25ba18c08e9738a3e7cbe0d8b8

C:\Program Files\Voicemod Desktop\icudtl.dat

MD5 65c6337820fbe9bf2498a9395e3b20f2
SHA1 5cc62646e6c73b4be276d08719bc5e257af972bb
SHA256 33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4
SHA512 4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

C:\Program Files\Voicemod Desktop\cef_200_percent.pak

MD5 065140de55434f35f9c5c10764c29ee4
SHA1 4bb734f61c04bfc68f7e15f128a2853a5f7649ea
SHA256 ef2c632ca52b27d464d6d3d8cd1b5b31b62b1102845682c680cd2bb102c5fca0
SHA512 552e5f79a41e78afd191394cb4cc5a8ab0ead3a0ec1706066e85b4aa3f2a80ff0674dc8f9232a3f123c8c60a9e63d63bc84b79f7c357ff7c7a85b6c98ebe55ee

C:\Program Files\Voicemod Desktop\cef_100_percent.pak

MD5 cc741473d2d075fdc2be804eec407a12
SHA1 22a96140286fdb004540a2051b93432aa133843d
SHA256 6107c1bfdbf2cf351d5281073422b836d7a547e81345bff502fd31335d7fcbb3
SHA512 31977768847821379aca3a49a30d6dc25a31621d96b618c4a9fc71bf7eb7f9999db87603190140fbaec8beb103cd8ff793d5144cbc68a7ec7815db64aa530437

C:\Program Files\Voicemod Desktop\cef.pak

MD5 3f25f3cb727ec8a91891f8ec21657212
SHA1 09f37afff84b2445f0afa8cbb803d53bada62080
SHA256 f8a79e0f94e8a6ef849aed1910040c7d8a4c8a61487eb67163509008c9cdb33b
SHA512 c931c465c0bf1480978df9ee192bc52be82613707bd9ed813e7857a66c55386498825fa300f028ab59d0a64a1f7b5e3936ed777e97f1aee42f9a2ef8fb68827d

C:\Program Files\Voicemod Desktop\locales\en-US.pak

MD5 424663a523ce37f8a6087681fe3b05f3
SHA1 c250b53402e3ca81a5b15b4ae9efbe374d0b40dc
SHA256 a9ad65a2bc012cc22efcea44ff42de06503043f7ce76ccab8edaa33456d339e7
SHA512 566adf1626179bdb07615b63545b12dd304b7cbe43767e924a2806fa7fa8ac3b808a862375dd4723e985f15ba83760319a70c594e97934f91022446590fb10d6

C:\Program Files\Voicemod Desktop\natives_blob.bin

MD5 e350965916554e65a47305a6ab27c2ba
SHA1 9d60e499a907811a3155e9a07f8645d6c83cb909
SHA256 1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd
SHA512 c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8

C:\Program Files\Voicemod Desktop\v8_context_snapshot.bin

MD5 9aaa9081a7199218a25c788aa3e65be4
SHA1 1834a6ff2b69121d01da29eb1cb82ed29f493ae2
SHA256 0c3eb5fed8f9ce0166a4d75f41d60d8af4d6082f77f230867511eca0036f9a26
SHA512 2bab85623e897a386cac4bd764e1db0254e80423744a077ef14fea82992de7f7edeff55cbd540a7d73bbfec78ac31e8b136410e53c60f198d4325a5457beb666

memory/3080-689-0x0000022CCE560000-0x0000022CCE57E000-memory.dmp

memory/3080-690-0x0000022CCF8E0000-0x0000022CD0C38000-memory.dmp

memory/2220-691-0x000001E06D830000-0x000001E06D94D000-memory.dmp

memory/3080-714-0x0000022CCE5A0000-0x0000022CCE5BA000-memory.dmp

memory/3080-715-0x0000022CCE6B0000-0x0000022CCE6D6000-memory.dmp

memory/3080-716-0x0000022CCE580000-0x0000022CCE588000-memory.dmp

memory/3080-717-0x0000022CCE590000-0x0000022CCE59A000-memory.dmp

memory/3080-718-0x0000022CCF650000-0x0000022CCF6AC000-memory.dmp

memory/3080-719-0x0000022CCE6E0000-0x0000022CCE6F0000-memory.dmp

memory/3080-720-0x0000022CCE710000-0x0000022CCE722000-memory.dmp

memory/3080-721-0x0000022CCF6B0000-0x0000022CCF6EA000-memory.dmp

memory/3080-722-0x0000022CCF5F0000-0x0000022CCF616000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\settings\voicemod.db

MD5 f8d011aa82422e8341c20cee82d6c63c
SHA1 590696d38d70dd22e70d72c654f023bc5045bc6e
SHA256 4574b64f6a1cde5bfd009ab24bb064442456a884fa41411ee59211fc8846f290
SHA512 c369a4beb6c540ca028b252711a22e7e847cac7aad47be2d7be70863c4dbc79d7fa2a361a2da4b4f37cfc047449cbf91115f9b266f6a6a355f4675deff0c50f8

memory/3080-773-0x0000022CCF620000-0x0000022CCF62A000-memory.dmp

memory/3080-774-0x0000022CCF630000-0x0000022CCF638000-memory.dmp

memory/3080-775-0x0000022CD4110000-0x0000022CD4638000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\vmlog.txt

MD5 8e975a848b6ba63145654897ef6cf615
SHA1 1d359af316e5cef4a55fade3937473469989c730
SHA256 76281a420461380f64b512e734fd60b8c2ccd307f1fe1dafc66a9c510f1b26ca
SHA512 69f5aabe8ee56b5a65dee6fef0581efcf63239ae24aba409430390da7a2516204d703d4690ac2f582be5a2076f4aecf1862fef35f712636664f3cf5b38737559

memory/3080-780-0x0000022CD0C40000-0x0000022CD2A7D000-memory.dmp

memory/3080-787-0x0000022CD0C40000-0x0000022CD2A7D000-memory.dmp

memory/4788-798-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/3080-805-0x0000022CD0C40000-0x0000022CD2A7D000-memory.dmp

memory/4440-822-0x0000000003700000-0x000000000370E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\bg-top.png

MD5 dc19715992c0051d1456308b41f04e98
SHA1 85abf86dd0e738638fff84ecd44e5b3cdbb4b96d
SHA256 86bfe5acda1b1fc9bc8f205a58c824ad58179925d2ceae11b2a341122604457d
SHA512 2f7b3bfa6c084b830213996f7691b6abcb9efd0ac44da4739972758b4eab0478e46761d8590fcea03d2902909c2c992f1eed1ef48e353a05ba67c06189d2117f

C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\buttons.png

MD5 87cc673665996a85a404beb1c8466aee
SHA1 df01fc67a739544244a0ddabd0f818bd960bf071
SHA256 d236f88ef90e6d0e259a586f4e613b14d4a35f3a704ff559dadda31341e99c24
SHA512 2058e3fd362c689a78fb3d0a163fd21bfe472368649c43dc8e48b24fa4bc5ed1307faf1cab2c351a4dd28f903a72d4951a72d7eb27784fee405884661a259c32

memory/4440-876-0x00000000037B0000-0x00000000038F0000-memory.dmp

memory/4440-881-0x00000000037B0000-0x00000000038F0000-memory.dmp

memory/4440-886-0x00000000037B0000-0x00000000038F0000-memory.dmp

memory/4440-896-0x00000000037B0000-0x00000000038F0000-memory.dmp

memory/4440-891-0x00000000037B0000-0x00000000038F0000-memory.dmp

memory/4788-1127-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/4440-1128-0x0000000000400000-0x000000000067A000-memory.dmp

memory/4440-1129-0x0000000003700000-0x000000000370E000-memory.dmp

C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll

MD5 a9b46f9c1f4d36c794be53d0c1e0408d
SHA1 b7f7d38c8a06d7a012b448e5cf44b6b9d45dbf84
SHA256 5c81d0e7b5a57cea2f96e1615c50f84d3874bcf619b0ad6d3f9262376f886901
SHA512 a871fae923180fe25b26a25ae4876ad17333ea509ab3b6a1768f4c8f0aa4e793b03d40d8a6a9ef7f85c20b847def2cd17a18dd4ffa60cb0eb07985ec03d57b43

C:\Program Files\Voicemod Desktop\VoicemodSDK.dll

MD5 4f8e35b09f6018652e939212dcd835e3
SHA1 5c8a6342581cb99e0c524cfa33953eea6701a48a
SHA256 8efdb1fddf2f905ba9a4c8a635c0b7a33b58f9c72749288e5a1407e25c825b90
SHA512 90bf8715c52ad67cf6a0809f7a528574e0f62c51d4bee7759400148f2bb62957213b1973452f03d82da210a5c9348d5db85e7ce5418c47f29999783ad21d0406

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zufranql.hut.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4440-1374-0x0000000000400000-0x000000000067A000-memory.dmp

memory/4440-1375-0x0000000003700000-0x000000000370E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\mvvad.cat

MD5 dca9fa98db5e1e00a86b21a42e0cfddb
SHA1 06381ce9b5c8e52a7c6fbe635cbe1ea063535a4c
SHA256 a75ae4d761054f1ef771434dc2227fc4a130820aae6f6ffb72a2ff62d130fc4f
SHA512 8d7e56e1587ef1d424c2d7765946c34851b51068236411131a3ed4e588605602e741c5d22017b95a5fdb76786809e777f59b67ad4553d69aab6a0653c1446a39

C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\SETBD41.tmp

MD5 53bdc7ca40487c4f643db4ff2c1d2fa8
SHA1 91d750b1347831365729f4ce22ba13ea8ae91dfe
SHA256 651b6a24e897b78ac164578a24f97961a3507366db7875765a7ad274d7e787a2
SHA512 8ec9c30c68d40a0fa11a43c872c14dc8d0d44b0a97ff3dd1c276b82c4a1c144ba9043a9cf0716c5f37c2fd95d43fcecc858d2ffc442dcbd4ff43f3cd86b8c958

C:\Users\Admin\AppData\Local\Temp\{bb634797-5e5e-6a4b-856e-20a56be6cbf3}\SETBD42.tmp

MD5 b695055318ef82cc15971b882d71890f
SHA1 86b5d52e404b56245130d5858784aeac25ca67d5
SHA256 1f040cbb99d627bcfa63979b539d6c93e6d5a85c1a103f501aa88b816954b400
SHA512 bae69f3021029934ab195f83ac7c654d90f40350c626972f17ccbcb848c02541b605f987515b0f1a17bb23d84cbfdf845731fdf96022ce272afe4d2a763bffee

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

MD5 a5a2bb9344dc3e40858c59bd42872a43
SHA1 64d42c9d4ed58a8323f233218c346d384a3c6562
SHA256 fececd41df59d919d7e5574bc736bb7b83864de56831fb52ab6f59aaa19a50d2
SHA512 7b5b3b5ead55196ec0a025a1f8a4187d4fb8eebb7eb969ea032b3156b2d49b99d023510b6cebefb0bc1018f6d3060bb3353efc9da44232f537abc2f351c1a33f

memory/2636-1456-0x000001C3AA490000-0x000001C3AAA10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-BB086.tmp\bg-bottom.png

MD5 a85701bbac20a65391e4e202afc96204
SHA1 a0e73596a79baaa29fbbb368bd132e3ee49d3b03
SHA256 7e3058acb23e999d1ddfdea122afd33bc487b075c2a966affeec4d38cdbb738f
SHA512 55b1015a0d6a613104ae7edb64a59d198a176ee4fc0c32d9f1af1e7ad577af606adf55ea5586ad25443fb9ea9e770dbc2267301027c1a5f3db5eff928086a27f

memory/4788-1483-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/4440-1482-0x0000000000400000-0x000000000067A000-memory.dmp

memory/2636-1484-0x000001C3C5050000-0x000001C3C5124000-memory.dmp

memory/2636-1485-0x000001C3AC6B0000-0x000001C3AC6C0000-memory.dmp

memory/2636-1495-0x000001C3C5FC0000-0x000001C3C60D4000-memory.dmp

memory/2636-1496-0x000001C3C60E0000-0x000001C3C629E000-memory.dmp

memory/2636-1497-0x000001C3C6450000-0x000001C3C6500000-memory.dmp

memory/2636-1498-0x000001C3C6500000-0x000001C3C6576000-memory.dmp

memory/2636-1499-0x000001C3C6580000-0x000001C3C65F0000-memory.dmp

memory/2636-1501-0x000001C3C5040000-0x000001C3C504A000-memory.dmp

memory/2636-1500-0x000001C3C5030000-0x000001C3C503A000-memory.dmp

memory/2636-1513-0x000001C3C6400000-0x000001C3C6412000-memory.dmp

memory/2636-1514-0x000001C3C63F0000-0x000001C3C63FE000-memory.dmp

memory/2636-1515-0x000001C3C6CA0000-0x000001C3C6CAE000-memory.dmp

memory/2636-1516-0x000001C3C6CB0000-0x000001C3C6CBA000-memory.dmp

memory/2636-1517-0x000001C3C6D20000-0x000001C3C6D34000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\cache\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

memory/764-1540-0x000001FA23490000-0x000001FA235B0000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\cache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/2636-1558-0x000001C3C97E0000-0x000001C3C97FA000-memory.dmp

memory/2636-1560-0x000001C3CA810000-0x000001C3CB52E000-memory.dmp

memory/2636-1559-0x000001C3C9BF0000-0x000001C3C9CE2000-memory.dmp

memory/2636-1588-0x000001C3C9B90000-0x000001C3C9BE0000-memory.dmp

memory/2636-1587-0x000001C3C9AF0000-0x000001C3C9AF8000-memory.dmp

memory/2636-1586-0x000001C3C9AC0000-0x000001C3C9AC8000-memory.dmp

memory/2636-1592-0x000001C3C9A50000-0x000001C3C9A5A000-memory.dmp

memory/2636-1585-0x000001C3C9AB0000-0x000001C3C9AB8000-memory.dmp

memory/2636-1584-0x000001C3C9A80000-0x000001C3C9A88000-memory.dmp

memory/2636-1583-0x000001C3C9A60000-0x000001C3C9A6C000-memory.dmp

memory/2636-1582-0x000001C3C9A90000-0x000001C3C9AB0000-memory.dmp

memory/2636-1581-0x000001C3C97D0000-0x000001C3C97DC000-memory.dmp

memory/2636-1580-0x000001C3C9B50000-0x000001C3C9B84000-memory.dmp

memory/2636-1596-0x000001C3C9B00000-0x000001C3C9B10000-memory.dmp

memory/2636-1601-0x000001C3C9B40000-0x000001C3C9B4A000-memory.dmp

memory/2636-1603-0x000001C3C9E60000-0x000001C3C9E6C000-memory.dmp

memory/2636-1602-0x000001C3C9BE0000-0x000001C3C9BEA000-memory.dmp

memory/2636-1600-0x000001C3C9B30000-0x000001C3C9B38000-memory.dmp

memory/2636-1599-0x000001C3C9E40000-0x000001C3C9E54000-memory.dmp

memory/2636-1598-0x000001C3C9E20000-0x000001C3C9E3C000-memory.dmp

memory/2636-1597-0x000001C3C9B10000-0x000001C3C9B18000-memory.dmp

memory/2636-1595-0x000001C3C9EA0000-0x000001C3C9F16000-memory.dmp

memory/2636-1594-0x000001C3C9AD0000-0x000001C3C9AD8000-memory.dmp

memory/2636-1593-0x000001C3C9DF0000-0x000001C3C9E14000-memory.dmp

memory/2636-1611-0x000001C3C9FA0000-0x000001C3C9FA8000-memory.dmp

memory/2636-1613-0x000001C3C9F40000-0x000001C3C9F4C000-memory.dmp

memory/2636-1612-0x000001C3AA490000-0x000001C3AAA10000-memory.dmp

memory/2636-1610-0x000001C3C9F50000-0x000001C3C9F5E000-memory.dmp

memory/2636-1609-0x000001C3C9F80000-0x000001C3C9F98000-memory.dmp

memory/2636-1608-0x000001C3C9F60000-0x000001C3C9F76000-memory.dmp

memory/2636-1607-0x000001C3C9F30000-0x000001C3C9F3A000-memory.dmp

memory/2636-1606-0x000001C3CA040000-0x000001C3CA05C000-memory.dmp

memory/2636-1605-0x000001C3C9E90000-0x000001C3C9E9C000-memory.dmp

memory/2636-1614-0x000001C3C9FB0000-0x000001C3C9FBE000-memory.dmp

memory/2636-1615-0x000001C3C9FC0000-0x000001C3C9FC8000-memory.dmp

memory/2636-1616-0x000001C3C9FF0000-0x000001C3CA006000-memory.dmp

memory/2636-1620-0x000001C3C9FD0000-0x000001C3C9FDE000-memory.dmp

memory/2636-1619-0x000001C3CA060000-0x000001C3CA086000-memory.dmp

memory/2636-1621-0x000001C3C9FE0000-0x000001C3C9FEC000-memory.dmp

memory/2636-1623-0x000001C3CA020000-0x000001C3CA02A000-memory.dmp

memory/2636-1622-0x000001C3CA010000-0x000001C3CA01E000-memory.dmp

memory/2636-1624-0x000001C3D4210000-0x000001C3D430E000-memory.dmp

memory/2636-1625-0x000001C3CA0A0000-0x000001C3CA0B0000-memory.dmp

memory/2636-1644-0x000001C3CB940000-0x000001C3CC940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6077bebeea188e180af786e0357e3088
SHA1 3992b841e47343c363444a6f41f1ef8b9d59bf86
SHA256 8aa5ecbd50ab500ab44a3b19891ebf3eca1b9251b5a85e704667c38672046db1
SHA512 1dbf32e1eb9650c21a7998706e726979ed2357d2b5c4a9121d0699442f763bce5bfa4336b1be4d9196d7bb8dc6600ee24baca9a85d394c739bfb84380fa4e2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 9632c104c6e191d12ac7c823cc5f4415
SHA1 545613f67eb43318b31f6e244e03ddff9630f024
SHA256 ef84e8a7397aeba680351f089b8ad827413df56c3f8e350e3df927f19a5064f5
SHA512 fb7d20a6c29ba285aef68039a64bd9f9b3cc8694347b07fc33d0057cd4a4c4ffaec709f1e6d27371cd5660c643134019136cc1e86699c40b66b06baac5b1c532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 8a1e8c9d51bcdf94ea4257b108b7a9c0
SHA1 ea5cd2a088179abc4801543621740db0e46deb84
SHA256 0e18842a8b6eea006a07a6bf4711de24be53a543a2e53bf674c248668584a39d
SHA512 a3692e5ad147049097831ee8790b5028c2030748579631312d9f9c2cd9b180d487d9870594a75ca05051a5ae3a0ee5881cbc01c1a88d20fd13c1c2e759c18140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 90bb079562f043a0951fa220f9b62727
SHA1 e17ffa0011ff5a0aa9b9da8a59a86df7d81686ee
SHA256 4d0755240b8eb75d11a31fa129025ae1a18da1b588017ba420d1ec89bedaba0c
SHA512 1155af8b57a6877c0df251e70f2490fb5878de7de549b8f6b863e99e318bfe79cea33ca92568373b266b082886e376f0daf72215ec9e8202274536337002f4e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55cb76eb9701970431a25399b350ed8a
SHA1 0c89f2e87a04d2a625c7fff452ea06ee75576781
SHA256 74f76473f33d5ac5ce4cd1b252a7930e49c5866ad57348d2ea056ce78cc203a7
SHA512 0b60bf4e7e2fd85ee87cb475ca2eef0230423974c3bc38082fa4ce465c3f36045e04837616f5fe090052a059a72a4d95782555828f1f5e1e8ebae4038c2f178c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 473489736bf35dbaf1ab8466a47c807f
SHA1 24b7411d87ab40ce8656a504770a2060f5758020
SHA256 d9bb725ce7a403644b781858766acd6e62329b697cb511d5e5efc30fbea3843d
SHA512 10d5c4a632600c950529a103e16d83960171c9f323162916188b1fa5b5278f163fadbe0d8a9af2d6ad6be71a40cd70cf0cbba00b3f7573073caa2969c801c5fe

C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index

MD5 8542e2c518a855d268f49953425992c2
SHA1 01b95fed872bbbbe50beacf781575447c4080bb6
SHA256 b331c2264dea86f38a74e9c39bdb575f78b542af56491fd07d2e5e3127266029
SHA512 5e096f1932f8dd46a0eb851631237dd946d1b80067774c2fe3843e1d0a0b2fd1e5b56e2dae71a93d1b3c386e8325140c4a16d58b9f95c00965a5f582d97f60a3

C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index

MD5 ba2f4d186040d4e81dcd5dfa44dabb87
SHA1 be06896e747f307d895f5ae18fc9485f7c4723d7
SHA256 f4b58eff13a09891a493df3ab6ff373aed00738bd02454431f51f7e5fd6cd088
SHA512 e573abf3a3bed7a022f5f4cc96f23d06ba01cd889b1c753430262938ff9f1fb1cdc6cb4a345cb7a5486368e65a9cbb440ddedac8d871afa47a24831c3cc37c11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cf5fde2bcf4f349f442a5c633701d64f
SHA1 eb2fcd0899ba0bbc2ae64536ca618ef44a614fe3
SHA256 49022e52a3957fe6015ca601e6f158a0a24adc8545d5ad19c0490ab768c3c4f8
SHA512 ab258f3d9d17b75fb02c6299a929d4814f026d528ab81cc8a77944b55926d5008fa438716979bd8a9d09725056286e4f40741a075a35bbe15bdb87535160decb