Malware Analysis Report

2024-10-19 11:40

Sample ID 240702-b1fqes1gra
Target Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar
SHA256 d50ad141854cca0a356de2c38f533ae4e87bb9379d96f656f12fb75c94024cc8
Tags
microsoft discovery evasion execution persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d50ad141854cca0a356de2c38f533ae4e87bb9379d96f656f12fb75c94024cc8

Threat Level: Likely malicious

The file Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar was found to be: Likely malicious.

Malicious Activity Summary

microsoft discovery evasion execution persistence phishing privilege_escalation

Drops file in Drivers directory

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Modifies Windows Firewall

Adds Run key to start application

Drops file in System32 directory

Detected potential entity reuse from brand microsoft.

Loads dropped DLL

Drops file in Windows directory

Executes dropped EXE

Drops file in Program Files directory

Checks installed software on the system

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Runs net.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-02 01:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1592s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win11-20240611-en

Max time kernel

1484s

Max time network

1503s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win11-20240508-en

Max time kernel

1799s

Max time network

1716s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643578972060089" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1776 wrote to memory of 3324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 3324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd12f5ab58,0x7ffd12f5ab68,0x7ffd12f5ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1524 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4892 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4092 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2424 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3272 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2028 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3284 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4092 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3832 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3328 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8a7ac94930d209501b0db1d175b833a0
SHA1 78c30f85d70459464e0a0918b62b556008b65642
SHA256 068a00a89cb7edf68c2864a3f94ef2cbdda9337f83569eed1aa9e1d2c05b4fee
SHA512 d7409fd49bab60df6a88133fe072fc3b77feda45656058456a4fd746e6237a278d98f9877ae731b89bbe441015101af6d96803ca57ebf91fe7e430ddb075b70c

\??\pipe\crashpad_1776_HISLBGTUJOGBBAIM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1edb2f2d-9e28-47f5-a67b-4c435ecc3cb6.tmp

MD5 d4593c547774c4f3a0bec229405367f3
SHA1 b6636fc1e90171dd468c763bd088904e9976cea1
SHA256 23a51aeb69a5e24872e504ff2d977e265f05233a2597da392b92aa933c6e13fe
SHA512 00d2e2abda098688a1ee792ac5e6eae052b6274a8c8242599bdcf75930250200936f1c938e89725b6b39226fcce2200907c308f7aa410c4feac441f0608c52f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18cef4b0e064f7a4941ef611864200b3
SHA1 80be32d87fe54d4f1d5e0bd429d7efb8ee0a5adb
SHA256 0469b9e83bb389605fe9307493e403b2fccb24b68a322e7af4eff8ea2adf7194
SHA512 556f7f6f2d70adc3be05f40653448daa0fc5b227dbc161e99f74ff5fcba8339871d53efefd0e35a98c37b66cbf1a3ffa1e0cb99c83c8f0caec4dab78013e53c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 05f74a00effe0b3211ac3f53a92e72ac
SHA1 8d494feb310d54c42e25856b81a1750d430e5da5
SHA256 e94d67353c61ccc8b3b0b29b16ec4b4ea573c5e2ddcd8322aaaedb88cd10e8f1
SHA512 f6d4f3db2bb9240bdc51412ecdef69364cc5a71cb936ca77d202b9237682efbd24f3f1f0044614dcacbdae4e43164941fa570976a664f6b41410d55744bc65b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586f20.TMP

MD5 3bba1399dc975b046d7ed68b5ed2048a
SHA1 38539354fadefb083b4296ce188f25a9ac63f0d3
SHA256 d3d6fce51fcdd7ab8ced46202eb709d21f39adefa2c847ca514d2a25f695bcb8
SHA512 5481d59b578109d59ea55c8e6441ead754b37cf07b88f6b9932e314910652ec5fbd67fcf204efc02363db2617ca03c217ab0a9773adb57ef67be197026a21742

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1b5825ddb76016e731ce4b1f350874f
SHA1 d641294c929dfed6f17bc741ca5b2229d181639b
SHA256 ff66869426b0b13287fd5f5f1f28edd322244eb3b568a0ac1579a9e94997a5c8
SHA512 4e7992dd18720167c891ae54410e24c3384591ac461101f3ac2dc5fa67ac2a2659232d5569ef495ce1cbc984738c6e04f598df49e1b17cd9f5da18759ff1ddfb

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1600s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 f.f.f.f.9.d.a.0.2.d.e.b.0.9.0.8.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

memory/3336-0-0x00007FF9E08B3000-0x00007FF9E08B4000-memory.dmp

memory/3336-1-0x0000019C6CB10000-0x0000019C6D05E000-memory.dmp

memory/3336-2-0x00007FF9E08B0000-0x00007FF9E129C000-memory.dmp

memory/3336-3-0x00007FF9E08B0000-0x00007FF9E129C000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win10-20240404-en

Max time kernel

494s

Max time network

1598s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt"

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win10-20240404-en

Max time kernel

1792s

Max time network

1588s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"

Signatures

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4400 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp
PID 4400 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp
PID 4400 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp
PID 200 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
PID 200 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
PID 200 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
PID 200 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
PID 200 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 200 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 3836 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 3836 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 200 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 200 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 1096 wrote to memory of 3564 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1096 wrote to memory of 3564 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 200 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
PID 200 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp

"C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$501FE,66753197,750080,C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe

"C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=9251837d-e9a5-4229-9a78-b1085d98b1bb -o C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\deviceId.txt

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe

"C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"9251837d-e9a5-4229-9a78-b1085d98b1bb\", \"country\": \"United States\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe

"C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"9251837d-e9a5-4229-9a78-b1085d98b1bb\", \"country\": \"United States\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wsw.voicemod.net udp
GB 13.43.198.129:443 wsw.voicemod.net tcp
US 8.8.8.8:53 129.198.43.13.in-addr.arpa udp
US 8.8.8.8:53 s2s.mparticle.com udp
US 52.1.237.99:443 s2s.mparticle.com tcp
US 8.8.8.8:53 99.237.1.52.in-addr.arpa udp
US 8.8.8.8:53 22.249.124.192.in-addr.arpa udp
US 52.1.237.99:443 s2s.mparticle.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp

Files

memory/4400-0-0x0000000000400000-0x00000000004C5000-memory.dmp

memory/4400-2-0x0000000000401000-0x00000000004A9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp

MD5 3b93628e07e9a9352cb7ea41c59ef578
SHA1 48615d4428539e9f0af70153656f3e8ae4e2589c
SHA256 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60
SHA512 fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2

memory/200-6-0x0000000000400000-0x0000000000681000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\idp.dll

MD5 55c310c0319260d798757557ab3bf636
SHA1 0892eb7ed31d8bb20a56c6835990749011a2d8de
SHA256 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed
SHA512 e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

memory/4400-12-0x0000000000400000-0x00000000004C5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe

MD5 1c3645ebddbe2da6a32a5f9fb43a3c23
SHA1 086f74a35d5afed78ae50cf5586fafffb7845464
SHA256 0ba1c44d0ee5b34b45b449074cda51624150dc16b3b3c38251df6c052adba205
SHA512 ccc9534a454971db0014ba0996d837a36cda0b91db32a93d73f17097825b1ab7c973601586d06c953bc79d2863c52c7db0fb4d04e37f83581a27e1cf7284224b

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\deviceId.txt

MD5 becefc83c0f3a0ee7dfecc5fcb232fe9
SHA1 e1b8cd17c04d6a18e6bd9cc324bb305984659289
SHA256 4a3531076c76b91698360148958a81f04e2b5fc3b446728250fe91daeb1ba166
SHA512 9f011d4a08e81d61f04bd7b4340eaae27fc295897e5b3c1a38d63a9e66e5b1fe1dbe9465689f2a3f6ad66308053ab8ab1a0bd538e5c6a78cde5f069056c3e1a4

C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt

MD5 62fbe89e25a8c4578a2c23f9b2d9c5b7
SHA1 16fac837514602a185ba45e9b5182b43c08f7f4d
SHA256 728009382433be470dca2c84155692ecd809e7d1d001b1ff23eb3a6f326cb277
SHA512 7993fa6c8d0f7473c2a7a2a68280a29e7b181b24e911ce94b33e5240936d08f6dbc46ae0a7a760c84bd8ca50701087606f1ebe173eceaa0f7827a3490c53213d

C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt

MD5 7954abe298935814bbb47fb91bb3f34d
SHA1 5a1f4b8d7a59b064c5c08f270e3bdec3635ca140
SHA256 92e68dd079e9b45a3fdaaab54292e9f42a1415ee6be48bd855210e85b2b1c94f
SHA512 03573303ea3b32596da10c2e5a9165eb49377f615419bc65b45947638c1936f9e24e41574395048e3551cf189d31045ae9629b1ff7fc83f90774ec88cec9e9a7

memory/200-34-0x0000000003460000-0x000000000346E000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\botva2.dll

MD5 0177746573eed407f8dca8a9e441aa49
SHA1 6b462adf78059d26cbc56b3311e3b97fcb8d05f7
SHA256 a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008
SHA512 d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\bg-top.png

MD5 229152b01d238ac58d066bbdd45219bf
SHA1 b47d2070eb77d723f925f36c902c6cefd5bb1c31
SHA256 acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e
SHA512 fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\bg-inner.png

MD5 4a1378ccbcbcf4a320bfc4d63aabef36
SHA1 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5
SHA256 f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a
SHA512 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e

C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\buttons.png

MD5 84d27be69f0f13909dab87c1cb270a29
SHA1 cb3a480bf9d790342e12775b4d50c350475f3bb5
SHA256 ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de
SHA512 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a

memory/200-88-0x0000000003640000-0x0000000003780000-memory.dmp

memory/200-98-0x0000000003640000-0x0000000003780000-memory.dmp

memory/200-108-0x0000000003640000-0x0000000003780000-memory.dmp

memory/200-103-0x0000000003640000-0x0000000003780000-memory.dmp

memory/200-93-0x0000000003640000-0x0000000003780000-memory.dmp

memory/200-111-0x0000000003460000-0x000000000346E000-memory.dmp

memory/200-110-0x0000000000400000-0x0000000000681000-memory.dmp

memory/200-117-0x0000000003460000-0x000000000346E000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1599s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win11-20240611-en

Max time kernel

1484s

Max time network

1500s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4544-0-0x00007FFF60233000-0x00007FFF60235000-memory.dmp

memory/4544-1-0x0000023B63F80000-0x0000023B644CE000-memory.dmp

memory/4544-2-0x00007FFF60230000-0x00007FFF60CF2000-memory.dmp

memory/4544-3-0x00007FFF60230000-0x00007FFF60CF2000-memory.dmp

memory/4544-4-0x00007FFF60230000-0x00007FFF60CF2000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win11-20240508-en

Max time kernel

1736s

Max time network

1748s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3240 wrote to memory of 1540 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3240 wrote to memory of 1540 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-02 01:36

Reported

2024-07-02 02:07

Platform

win11-20240508-en

Max time kernel

1799s

Max time network

1173s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\mvvad.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\SETFF99.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\drmk.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\SETB4A0.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\drivers\SETB4A0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\drmk.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\portcls.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\drivers\SETFF99.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\portcls.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Voicemod = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\"" C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3B6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE02.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3B6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE13.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE02.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE13.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C7.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE14.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE14.tmp C:\Windows\system32\DrvInst.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Http.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-RQMM0.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-13I0J.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-KU4P7.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-CC9H9.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-63L28.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\System.Data.SQLite.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-OA0BS.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-C2BR8.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Routing.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\cef.pak C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\System.Memory.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-S3RHU.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-LTT5A.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-22GR2.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-0P2E8.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-C21LP.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-TOV9I.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-C61VV.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\CefSharp.Core.Runtime.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\zh\AutoUpdater.NET.resources.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.IdentityModel.JsonWebTokens.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\CefSharp.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\icudtl.dat C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Hosting.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.IdentityModel.JsonWebTokens.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\fr.pak C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-I08TN.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-SE51G.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-1BULT.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-9POP4.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-JSM0L.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-AME0F.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-76P5B.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-SA2EM.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Localization.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\da.pak C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-CM5JL.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-6KAFJ.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-L5PDO.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-6IRB4.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Https.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-5IQUK.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\NLog.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\kn.pak C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-EV0PN.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-SH9OB.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.EnvironmentVariables.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-T9GJK.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-676HD.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Hosting.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-K663C.tmp C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\de.pak C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\locales\is-RGU0Q.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\locales\am.pak C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\driver\is-KGHTU.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File created C:\Program Files\Voicemod Desktop\is-QDR95.tmp C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
File opened for modification C:\Program Files\Voicemod Desktop\driver\defaultdevices.txt C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe N/A
File opened for modification C:\Program Files\Voicemod Desktop\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem0.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem1.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.pnf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem2.PNF C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{4D59E0E2-5AF5-41BD-84D0-D7C85F8F62B0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{2EF04503-52A5-48DE-868F-07A2116C00A3} C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1960 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1960 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
PID 1960 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
PID 2200 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2200 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 4636 wrote to memory of 3756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4636 wrote to memory of 3756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2200 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2200 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 3924 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 3924 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2200 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\curl.exe
PID 2200 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
PID 2200 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
PID 2200 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 2200 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp C:\Windows\system32\cmd.exe
PID 4552 wrote to memory of 3624 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4552 wrote to memory of 3624 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3624 wrote to memory of 764 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3624 wrote to memory of 764 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4552 wrote to memory of 4748 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4552 wrote to memory of 4748 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4748 wrote to memory of 2924 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4748 wrote to memory of 2924 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4552 wrote to memory of 1116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4552 wrote to memory of 1116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1116 wrote to memory of 1980 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 1116 wrote to memory of 1980 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 4552 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4552 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1984 wrote to memory of 3972 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1984 wrote to memory of 3972 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4552 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4552 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2992 wrote to memory of 4716 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2992 wrote to memory of 4716 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4552 wrote to memory of 3464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4552 wrote to memory of 3464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3464 wrote to memory of 3796 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3464 wrote to memory of 3796 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4552 wrote to memory of 3716 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 4552 wrote to memory of 3716 N/A C:\Windows\system32\cmd.exe C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
PID 1456 wrote to memory of 3180 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1456 wrote to memory of 3180 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1456 wrote to memory of 2732 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe

"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$6020A,66753197,750080,C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=15439030-dbba-449d-b460-326ebc585651 -o C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\deviceId.txt

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpLicense\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectDir\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"6\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectTasks\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"9\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe

"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_enum

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon install vmdrv.inf *VMDriver

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a7bd73e8-490c-a545-a4d0-b2f18a550b44}\vmdrv.inf" "9" "499a51a03" "0000000000000140" "WinSta0\Default" "0000000000000160" "208" "c:\program files\voicemod desktop\driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2020.9.25.0:*vmdriver," "499a51a03" "0000000000000140" "3349"

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --field-trial-handle=76368,9746115217409457502,988163329435870738,131072 --no-sandbox --disable-gpu-vsync=1 --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --lang=en-US --cefsharpexitsub --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --service-request-channel-token=8974918378777404042 --mojo-platform-channel-handle=67704 /prefetch:2 --host-process-id=2464 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --field-trial-handle=76368,9746115217409457502,988163329435870738,131072 --disable-gpu-compositing --service-pipe-token=13316085170771774197 --lang=en-US --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --enable-system-flash=1 --cefsharpexitsub --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=13316085170771774197 --renderer-client-id=3 --mojo-platform-channel-handle=115844 /prefetch:1 --host-process-id=2464 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x0000000000000518 0x0000000000000534

C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe

"C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe" /NOCANCEL /SILENT

C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp" /SL5="$50250,115887019,720896,C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe" /NOCANCEL /SILENT

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=15439030-dbba-449d-b460-326ebc585651 -o C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\deviceId.txt

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe

"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process 'setupDrvAdmin.bat' -Verb runAs -WindowStyle Hidden -Wait"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Program Files\Voicemod Desktop\driver\setupDrvAdmin.bat"

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_enum

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe remove *VMDriver

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_delete oem3.inf

C:\Windows\system32\DrvInst.exe

DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf" "0" "48643ea57" "00000000000000F0" "WinSta0\Default"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon.exe dp_enum

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID

C:\Windows\system32\net.exe

net stop audiosrv /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop audiosrv /y

C:\Windows\system32\net.exe

net stop AudioEndpointBuilder /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop AudioEndpointBuilder /y

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

voicemodcon install mvvad.inf *VMDriver

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\mvvad.inf" "9" "499a51a03" "00000000000000F4" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2022.6.1.0:*vmdriver," "499a51a03" "00000000000000F4" "3349"

C:\Windows\system32\net.exe

net start audiosrv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 start audiosrv

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Communications

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Multimedia

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Console

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\disableDrv.bat""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID

C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe

AudioEndPointTool.exe setvisibility --id="{0.0.1.00000000}.{cceb0de6-8e2a-4aca-b0f7-bc5fe11d3608}" --visible=false

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

C:\Windows\system32\curl.exe

"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --no-sandbox --enable-gpu-rasterization --disable-gpu-vsync=0 --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=10480 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=175424 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=115844 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=227108 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=87996 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=113496 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=15439030-dbba-449d-b460-326ebc585651&appVersion=2.43.2.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffca8a23cb8,0x7ffca8a23cc8,0x7ffca8a23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=227016 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7196 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3008 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 wsw.voicemod.net udp
GB 13.43.198.129:443 wsw.voicemod.net tcp
N/A 127.0.0.1:49738 tcp
N/A 127.0.0.1:49745 tcp
US 52.1.237.99:443 s2s.mparticle.com tcp
US 8.8.8.8:53 129.198.43.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 99.237.1.52.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 52.1.237.99:443 s2s.mparticle.com tcp
N/A 127.0.0.1:49838 tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
N/A 127.0.0.1:49873 tcp
N/A 127.0.0.1:49876 tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
N/A 127.0.0.1:49879 tcp
N/A 127.0.0.1:49883 tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
N/A 127.0.0.1:49886 tcp
N/A 127.0.0.1:49900 tcp
N/A 127.0.0.1:49917 tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
N/A 127.0.0.1:50370 tcp
N/A 127.0.0.1:50373 tcp
US 18.211.125.192:443 s2s.mparticle.com tcp
GB 3.11.187.130:443 wsw.voicemod.net tcp
N/A 127.0.0.1:50431 tcp
N/A 224.0.0.251:5353 udp
BE 34.38.70.171:80 sdk.voicemod.net tcp
US 172.64.152.183:443 redirect.voicemod.net tcp
US 35.244.178.73:443 sentry.voicemod.net tcp
US 35.244.178.73:443 sentry.voicemod.net tcp
N/A 127.0.0.1:50620 tcp
GB 3.11.187.130:443 wsw.voicemod.net tcp
N/A 127.0.0.1:50624 tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
N/A 127.0.0.1:50753 tcp
N/A 127.0.0.1:50757 tcp
N/A 127.0.0.1:50759 tcp
N/A 127.0.0.1:50761 tcp
N/A 127.0.0.1:50763 tcp
N/A 127.0.0.1:51280 tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
N/A 127.0.0.1:51284 tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
US 3.213.147.222:443 s2s.mparticle.com tcp
N/A 127.0.0.1:51319 tcp
BE 35.205.157.23:443 api.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 172.64.152.183:443 redirect.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
NL 23.218.64.21:443 cdn.xsolla.net tcp
US 216.239.34.21:443 ts.voicemod.net tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
RU 185.30.21.21:443 secure.xsolla.com tcp
US 151.101.2.133:443 mp.voicemod.net tcp
GB 13.43.198.129:443 wsw.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
US 151.101.2.133:443 mp.voicemod.net tcp
US 35.244.178.73:443 sentry.voicemod.net tcp
BE 2.17.107.105:443 www.bing.com tcp
GB 52.97.146.178:80 www.outlook.com tcp
GB 52.97.146.178:80 www.outlook.com tcp
GB 52.97.146.178:443 www.outlook.com tcp
GB 40.100.174.210:443 outlook.live.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 151.101.65.181:443 play.vidyard.com tcp
BE 88.221.83.235:443 cdn-dynmedia-1.microsoft.com tcp
BE 88.221.83.235:443 cdn-dynmedia-1.microsoft.com tcp
BE 88.221.83.235:443 cdn-dynmedia-1.microsoft.com tcp
BE 88.221.83.235:443 cdn-dynmedia-1.microsoft.com tcp
BE 88.221.83.235:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 137.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 52.167.30.171:443 fpt2.microsoft.com tcp
NL 184.30.249.69:443 assets.adobedtm.com tcp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 8.8.8.8:53 69.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
GB 40.100.174.210:443 outlook.live.com udp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 13.107.42.22:443 signup.live.com tcp
US 13.107.42.22:443 signup.live.com tcp
NL 2.16.27.199:443 client.hsprotect.net tcp
NL 2.16.27.199:443 client.hsprotect.net tcp
US 35.190.10.96:443 collector-pxzc5j78di.hsprotect.net tcp
US 35.190.10.96:443 collector-pxzc5j78di.hsprotect.net udp
US 8.8.4.4:443 dns.google udp
GB 216.58.204.67:443 tcp
US 54.157.126.25:443 s2s.mparticle.com tcp
GB 216.58.204.67:443 udp
FR 18.244.28.117:443 iframe.arkoselabs.com tcp
FR 18.155.129.16:443 client-api.arkoselabs.com tcp
GB 52.98.207.178:443 outlook.live.com tcp
NL 23.73.0.183:443 res.cdn.office.net tcp
BE 2.17.107.176:443 exo.nel.measure.office.net tcp
US 20.189.173.10:443 browser.pipe.aria.microsoft.com tcp
NL 23.73.0.183:443 res.cdn.office.net tcp
GB 52.98.207.178:443 outlook.live.com tcp
US 52.113.194.132:443 ecs.office.com tcp
IE 13.74.129.1:443 c.live.com tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
IE 13.104.208.162:443 storage.live.com tcp
US 204.79.197.237:443 c.bing.com tcp
FR 40.79.150.120:443 eu-office.events.data.microsoft.com tcp
BE 2.17.107.105:443 th.bing.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 185.89.210.153:443 m.adnxs.com tcp
FR 40.79.150.120:443 eu-office.events.data.microsoft.com tcp
NL 184.30.249.10:443 cdn.adnxs.com tcp
NL 184.30.249.10:443 cdn.adnxs.com tcp
GB 20.77.247.185:443 consent.config.office.com tcp
NL 184.30.249.10:443 cdn.adnxs.com tcp
NL 184.30.249.215:443 widgets.outbrain.com tcp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 10.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 185.247.77.20.in-addr.arpa udp
US 8.8.8.8:53 215.249.30.184.in-addr.arpa udp
US 13.107.6.156:443 admin.microsoft.com tcp
NL 184.30.158.108:443 images.outbrainimg.com tcp
GB 151.101.190.132:443 mv.outbrain.com tcp
US 64.74.236.63:443 log.outbrainimg.com tcp
US 64.74.236.63:443 log.outbrainimg.com tcp
US 64.74.236.63:443 log.outbrainimg.com tcp
NL 184.30.158.108:443 images.outbrainimg.com tcp
NL 184.30.158.108:443 images.outbrainimg.com tcp
NL 184.30.158.108:443 images.outbrainimg.com tcp
US 13.89.179.9:443 browser.events.data.microsoft.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
GB 40.99.201.226:443 outlook.live.com tcp
US 64.74.236.63:443 log.outbrainimg.com tcp
GB 40.99.201.226:443 outlook.live.com udp
US 35.244.178.73:443 sentry.voicemod.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 104.18.24.109:443 apply-creditcard.oceanfinance.co.uk tcp
US 172.64.155.119:443 privacyportal-uk.onetrust.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 3.165.111.23:443 www.datadoghq-browser-agent.com tcp
US 172.64.155.119:443 privacyportal-uk.onetrust.com tcp
US 34.149.135.19:443 logs.browser-intake-datadoghq.eu tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
GB 52.97.211.178:443 attachment.outlook.live.net tcp
GB 52.97.211.178:443 attachment.outlook.live.net tcp
GB 52.97.211.178:443 attachment.outlook.live.net tcp
GB 52.97.211.178:443 attachment.outlook.live.net tcp
GB 52.97.211.178:443 attachment.outlook.live.net tcp
GB 52.97.211.178:443 attachment.outlook.live.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 52.97.211.178:443 attachment.outlook.live.net udp
NL 2.16.27.215:443 res-1.cdn.office.net tcp
GB 52.111.242.2:443 loki.delve.office.com tcp
NL 2.16.27.215:443 res-1.cdn.office.net tcp
NL 2.16.27.215:443 res-1.cdn.office.net tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
IE 20.50.80.214:443 eu-mobile.events.data.microsoft.com tcp
IE 20.50.80.214:443 eu-mobile.events.data.microsoft.com tcp
BE 35.205.157.23:443 api.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
US 35.244.178.73:443 sentry.voicemod.net udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 151.101.66.137:443 code.jquery.com tcp
US 104.18.40.148:443 privacyportal.cookiepro.com tcp
US 104.18.40.148:443 privacyportal.cookiepro.com tcp
US 104.18.40.148:443 privacyportal.cookiepro.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
GB 3.11.187.130:443 wsw.voicemod.net tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
FR 18.245.175.16:443 static.hotjar.com tcp
FR 18.164.52.40:443 script.hotjar.com tcp
BE 2.17.107.105:443 r.bing.com tcp
BE 2.17.107.105:443 r.bing.com tcp
BE 2.17.107.105:443 r.bing.com tcp
BE 2.17.107.105:443 r.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 3.11.187.130:443 wsw.voicemod.net tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
BE 35.205.157.23:443 api.voicemod.net tcp
RU 185.30.21.21:443 secure.xsolla.com tcp
US 35.244.178.73:443 sentry.voicemod.net udp
NL 185.89.210.90:443 ams3-ib.adnxs.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
GB 52.98.236.114:443 attachment.outlook.live.net udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
BE 35.205.157.23:443 api.voicemod.net tcp
BE 35.205.157.23:443 api.voicemod.net tcp
N/A 127.0.0.1:9229 tcp
US 35.244.178.73:443 sentry.voicemod.net udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
GB 52.97.146.130:443 outlook.live.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
NL 20.50.201.200:443 eu-office.events.data.microsoft.com tcp
N/A 127.0.0.1:9229 tcp
NL 185.89.210.90:443 ams3-ib.adnxs.com tcp
US 52.113.194.132:443 ecs.office.com tcp
IE 13.74.129.1:443 c.live.com tcp
IE 40.90.136.179:443 storage.live.com tcp
US 151.101.65.44:443 cdn.taboola.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
FR 185.235.86.189:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.151:443 gem.gbc.criteo.com tcp
NL 23.73.0.190:443 res.cdn.office.net tcp
US 20.42.73.30:443 browser.events.data.microsoft.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 50.31.142.95:443 log.outbrainimg.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 50.31.142.95:443 log.outbrainimg.com tcp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
US 35.244.178.73:443 sentry.voicemod.net udp
US 52.45.241.131:443 s2s.mparticle.com tcp

Files

memory/1960-0-0x0000000000400000-0x00000000004C5000-memory.dmp

memory/1960-2-0x0000000000401000-0x00000000004A9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp

MD5 3b93628e07e9a9352cb7ea41c59ef578
SHA1 48615d4428539e9f0af70153656f3e8ae4e2589c
SHA256 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60
SHA512 fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2

memory/2200-6-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\idp.dll

MD5 55c310c0319260d798757557ab3bf636
SHA1 0892eb7ed31d8bb20a56c6835990749011a2d8de
SHA256 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed
SHA512 e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\deviceId.txt

MD5 becefc83c0f3a0ee7dfecc5fcb232fe9
SHA1 e1b8cd17c04d6a18e6bd9cc324bb305984659289
SHA256 4a3531076c76b91698360148958a81f04e2b5fc3b446728250fe91daeb1ba166
SHA512 9f011d4a08e81d61f04bd7b4340eaae27fc295897e5b3c1a38d63a9e66e5b1fe1dbe9465689f2a3f6ad66308053ab8ab1a0bd538e5c6a78cde5f069056c3e1a4

C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt

MD5 5cbbf0804c28f521c892b0645990e29a
SHA1 f7a1fcdcdb6e6c1e6a6ae55ecfd58b2c29342ee5
SHA256 29ef1b8560a113820f7563bfc2ccc2a13f5d748984e5ef295680d66e395af094
SHA512 722f2a3a1ba0844711835faf0c30ef8f0f6a71948e06454d2caa28153023ffcdc4f00c2c4ec5b7f488851f992a67f009345fc54ad756f4e2f1f3002e648bb2f6

C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt

MD5 f2a0d78c70d50c47a1c24e0278078c27
SHA1 60f500ebaae326f8709b59fb2eb64b55fdc7013c
SHA256 2d0f0b0a5724404924bbd2457329dfb55425da8794580499841d89046cbd30c4
SHA512 02cef64c22549255a537abc6cf905837dc4dbe4a24335cae967dc08ed6a2a54a79397723ef93a7c85af79706d6b33d68b42485340c1503a751f14986645321e2

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\botva2.dll

MD5 0177746573eed407f8dca8a9e441aa49
SHA1 6b462adf78059d26cbc56b3311e3b97fcb8d05f7
SHA256 a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008
SHA512 d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

memory/2200-28-0x0000000002F00000-0x0000000002F0E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-top.png

MD5 229152b01d238ac58d066bbdd45219bf
SHA1 b47d2070eb77d723f925f36c902c6cefd5bb1c31
SHA256 acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e
SHA512 fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-inner.png

MD5 4a1378ccbcbcf4a320bfc4d63aabef36
SHA1 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5
SHA256 f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a
SHA512 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\buttons.png

MD5 84d27be69f0f13909dab87c1cb270a29
SHA1 cb3a480bf9d790342e12775b4d50c350475f3bb5
SHA256 ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de
SHA512 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a

memory/2200-97-0x0000000002F20000-0x0000000003060000-memory.dmp

memory/2200-92-0x0000000002F20000-0x0000000003060000-memory.dmp

memory/2200-102-0x0000000002F20000-0x0000000003060000-memory.dmp

memory/2200-87-0x0000000002F20000-0x0000000003060000-memory.dmp

memory/2200-82-0x0000000002F20000-0x0000000003060000-memory.dmp

memory/1960-103-0x0000000000400000-0x00000000004C5000-memory.dmp

memory/2200-105-0x0000000002F00000-0x0000000002F0E000-memory.dmp

memory/2200-104-0x0000000000400000-0x0000000000681000-memory.dmp

memory/2200-111-0x0000000002F00000-0x0000000002F0E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 df46eb1fe5d54a0521d9965203a4a9da
SHA1 e977aae1bb82f3d57267ead3b91df3d82d6d50c6
SHA256 6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d
SHA512 5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

memory/2200-194-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll

MD5 948fa7c2a1fc375157bde5d8d44fe162
SHA1 9ed97ef0eb84d52bb5dd0b2343c9deac4bc2b1e9
SHA256 9908c60efe2d8dd716e6654ea09e8a19ffce21273aeaa239473c549500479ba4
SHA512 fdafba662dce2b913d29ebd1d9b80eb41c4c8a1b09444c1275052fc436079dbdb4dc6a3a8021eff0768767bd9c8efba789a865a9e814299478840d12797354c8

C:\Program Files\Voicemod Desktop\Voicemod.Websockets.Fleck.dll

MD5 aa81651105606461eb63db6d423fb2c7
SHA1 c748d7a703df483a99f2d434d1a45fb3d285b4c7
SHA256 138e544e27ee059ffef19809c54f48076a0ddb29410549b658b3aa67a18d153e
SHA512 1118a9b1090ff72fd15b269eae7f0d8085ef624fd34318f5c4499dcbae37531081c8060182cf37ca9e114c05eafdbbfb8477cf1ba2a88225106d587caf141541

C:\Program Files\Voicemod Desktop\VoicemodSDK.dll

MD5 39844565ec5c8cf05d62ef399b011754
SHA1 23ba2573016c6fa7344f4d422d86a76b5216363d
SHA256 f0dbf3861a5cae109edef2e78fa2b9f7c4353025bad314cf3afb3fa173a4f5af
SHA512 54b5a16b55491a59e6cb7f4172557efc470d6c31f503b7c8767f0ec410f128a7b98bf4191ba8176fe39f77deb6372788797f0dffbaae2041338af63eca544e0f

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

MD5 d20afc7e984fef3a2b2ed3dc0b4c0ef5
SHA1 484da3d185b8b87620d4d2d6b7ca4266a651bf21
SHA256 fb737bdab9bf40f95dc999adc48cca3855fea1290c4bf51629f0298660f92cee
SHA512 e9ab6c311f73bbbd9640be6275c66ce4bb4aa73124e46eb7a3e7a8083bc8de0c461555ea12205c6ce630aa4e783bbea6112fca700f58edb33f0c82142dad127f

C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe

MD5 ce0e059d4365c22f6f8cc1ce04ff5418
SHA1 09eff27e69a3e4d3cc8bef9e93fe6ae7e20447c8
SHA256 663e5b184648639cbcf353ddaeec6688abe323dbccf8de8fc8d2683f5e1a99cb
SHA512 c8c9ff1fcb172bdbf90d598b2cf0c5f0dab31132b8633540a162ec0c299861d64f36bb805da7dca5b4a4ac96c74fc420303235cbc780f09a2c2aad5b7de724ff

C:\Program Files\Voicemod Desktop\driver\setupDrv.bat

MD5 e6bdf4edaca31d8f5f5d8fab141e1bf4
SHA1 b67c41d0170c246a2b01dd2e6b280c147e98419e
SHA256 9387039a0be348be9d99989c6f60ded8760c76c5316692dc880b486859ae792d
SHA512 f3b62c78982e7c7ab0d9c04db18642f43e289cda8bacf454df5749b1371d444bb44f57f65931f39a8075c491cb88e3c96b83a3c3a271eb67a9f427c649787c8d

C:\Program Files\Voicemod Desktop\driver\uninstalldriver.bat

MD5 a6261c36b1eb262f18c98e520966c329
SHA1 be1f1a0bdcc2f26bc41599b257f2b4c95a1a87a1
SHA256 d0cdbdb5be2be15f77861b6e08aa553d9e8580c224ef0f63e55064f415fc16f0
SHA512 06da998b9778148e15065b67ea6ffadd6df7babf6b1b435368e6c7b6e91d3506d3c3498140cd8b950e207d97c78a899e567b4fbf462d07f7ad473a878ea45fec

C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe

MD5 afc1465481d73483af98d1e78419ff02
SHA1 7fdea1d99110007a5e560ea7b43ba0dec735f908
SHA256 98ea0aa12cf1a2b0b7337bcdb6fef41ca35f83248e29b6072fb15f3c180232b4
SHA512 6b4c9142298a91f65338ce68edd66aceb1a3e7a5ef4d87969064cf49828cfbf8bfb3e0a226fd13bddb933d49d7aca9fd0a9f6cd048505cf5ba2abd4b871b93ec

memory/2200-530-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\driver\vmdrv.inf

MD5 b9b68ddad77911e85697af02b6e311b5
SHA1 999c26f4e20fd29abb0404c9b5bfad4fb2664d2d
SHA256 f853d5b0a5dd5cbe1da2ffaae285080019f9e60cf4e4ab7d9810f5be40f362f1
SHA512 40e0307e787c8498ffc0922d190973b1634621bbefc2a89feaad1b4d68797f9e55c1cf55e5112a0a8d13ee37fa2ed18a33248c95e4298471e2f7cb3f6359c874

\??\c:\program files\voicemod desktop\driver\vmdrv.cat

MD5 46bb11132e5800c97b9d2c1df6e6fe88
SHA1 83a6cb8f90ce3a805609eaa3472ee480ac30a8b2
SHA256 6bfcc755ffedaefbd2aa94988dbfc2492a185ec1621ccb2db9194d1f83df5ccf
SHA512 fd3de31cf8025e933c8a4966938ab4b59fb9adca41b009c0ef0129bf5297bf4a64e5d4bde662f2aec62ccb3c05bc10c309196c73355cbd409ab4b1f6ba86ad08

C:\Users\Admin\AppData\Local\Temp\{a7bd73e8-490c-a545-a4d0-b2f18a550b44}\vmdrv.sys

MD5 0e625b7a7c3f75524e307b160f8db337
SHA1 5088c71a740ef7c4156dcaa31e543052fe226e1c
SHA256 d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3
SHA512 0ad805d11413dcc9d3c549b94a3644fc9c9caa23f0a661c9aef41c1e6f8d91de784817668ff4f34b3f50d738aa8097b2a0ee38de078ed97f5c17635533e9e165

memory/2200-608-0x0000000000400000-0x0000000000681000-memory.dmp

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe.config

MD5 06e40dfadc011f07b0a8bcb910ca62ee
SHA1 a4574e90d61339b3eea2cfd11ed12e557f7f477f
SHA256 ae74231a8e6bd0acff9fb074427be26a73af20885cd23cfa6a636c9df4333f59
SHA512 ae27cc72c9afdc89a5ef8bf2569284d7ca6cfbcb30a5cd4ace0da11bc79a35f47c65a5f414f84f95f8696822242d3b9718dd860413c55cfddc1cae37d8c5350a

memory/2464-614-0x0000019166240000-0x000001916672A000-memory.dmp

C:\Program Files\Voicemod Desktop\NAudio.dll

MD5 047bca47d9d12191811fb2e87cded3aa
SHA1 afdc5d27fb919d1d813e6a07466f889dbc8c6677
SHA256 bc4bacc3b8b28d898f1671b79f216cca439f95eb60cd32d3e3ecafbecac42780
SHA512 99505644d42e4c60c977e4144165ea9dea8f1301e6456aa809e046ecc84a3813a190ce65169a6ffef5a36ad3541ec91002615a02933f8deb642aa3f8f3b11f2f

memory/2464-616-0x00000191683E0000-0x0000019168464000-memory.dmp

C:\Program Files\Voicemod Desktop\NLog.dll

MD5 b70274014c925937f0f2e79de6a17615
SHA1 f0c7f4d5f977c99a3205ee5c1c8c838ba4a81bce
SHA256 08f1f52716216fdbf4e918c88bedd87c13d06d914e4f39673f2528237638107c
SHA512 7cb67d07c136f48231da2a2fdcb7f93e8a63a391d09ceb56c12287b93a58e3fe9117313da4578f2225b178adb2bb5e0bf8d75d076c79be7823ccd42389f5dfdf

memory/2464-618-0x0000019169090000-0x0000019169162000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-bottom.png

MD5 495e1b72f1318b9abd18396170a8b73b
SHA1 1f75098efccea494cd6bd1241eca02a9996fcf2f
SHA256 9b86e47b5b3972b1de9d55b53caed3538f7179ddfbc79fca35ce9f30c354c6aa
SHA512 eaa474168ba803b326961ec89a17dedcbec470cc8b412a1206bfd71cb02b6c031fbb3af9ca1e218e19f7780e5b39d36ecfbcc02a3dc71e13cfc8712546f99351

C:\Program Files\Voicemod Desktop\Sentry.Protocol.dll

MD5 c3b6084fb4a7ad53d42b6301bd19ac43
SHA1 8b528d371629c1aa1a31d35d7a257813a90b6846
SHA256 60857310276b69557d2596356f78b53b74f8ff8a905bcc5ac57b84b2fddc064d
SHA512 63e37c164561fbc9136244b1cf7c581fc4fa277ed5b24f9b767c126970740e358e340ba2609bc7f10523b48eaf3bb873fc4ce01094d039e43110263817c4b964

memory/2464-653-0x0000019168FB0000-0x0000019168FC2000-memory.dmp

memory/2464-655-0x0000019169380000-0x00000191693EA000-memory.dmp

C:\Program Files\Voicemod Desktop\SimpleInjector.dll

MD5 799368d49236de4022d232fbb6a4de38
SHA1 3e3181dcfc62a9067a0265385a6cd5e228626ce7
SHA256 0414c6cc3fe30f6baf019e30148a6c841358b6f3ab570b4419812eb7350b6a19
SHA512 9bb4b681cacd1c1361080fd3e768ea524a11fd284ea9795e04a5173e1ff326bda17c18debd26bd146f19eaebdd10f6c275fe0b2dfce88b601e9c9a2bb9fa91f8

memory/2464-642-0x00000191692D0000-0x000001916937A000-memory.dmp

C:\Program Files\Voicemod Desktop\Newtonsoft.Json.dll

MD5 4df6c8781e70c3a4912b5be796e6d337
SHA1 cbc510520fcd85dbc1c82b02e82040702aca9b79
SHA256 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
SHA512 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

memory/2200-661-0x0000000000400000-0x0000000000681000-memory.dmp

memory/2464-662-0x0000019168FD0000-0x0000019168FEA000-memory.dmp

memory/1960-663-0x0000000000400000-0x00000000004C5000-memory.dmp

C:\Program Files\Voicemod Desktop\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

memory/2464-665-0x0000019168FF0000-0x0000019168FF8000-memory.dmp

memory/2464-660-0x0000019169020000-0x000001916906A000-memory.dmp

C:\Program Files\Voicemod Desktop\System.Collections.Immutable.dll

MD5 d8203aedaabeac1e606cd0e2af397d01
SHA1 eef943e4369166a039dee90f2d81504613d49ca0
SHA256 2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57
SHA512 ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6

memory/2464-658-0x0000019168490000-0x00000191684AC000-memory.dmp

C:\Program Files\Voicemod Desktop\Sentry.dll

MD5 a3571d57212d66885f7e19ca16c76d19
SHA1 32017244672e20e5e99d35aa05907f835f1246ae
SHA256 4890f2bed66f98c4edef6174a9500a3b13d5a5419204003507468b45e946582d
SHA512 317bb735044b78603f8b2ec750ed98e240ba3eeca8f36fefe47af06b15975f402b6f5852ba8c5b8b345475ab3bdd9dc3faef17669a17fd028f0b9b1655dd67f5

C:\Program Files\Voicemod Desktop\NLog.Extensions.Logging.dll

MD5 95e7f2457da5b9e710dac09740c16463
SHA1 1e81f71d1b69951517eae13cf5e96acd28faeb99
SHA256 544aa327ea022e6a8046f2c2fbc822714415aed716f1f0ec37cc707043cd58cb
SHA512 97b14ee4d1fffa4331ae911ddeb0dd4e2b8eb5db10f3d2ddd8a7a3b562a0110c5be19a72b3365d4f12b5b2543a9ce323143dc4a349c0481c93cf1c56e19bb5fa

memory/2464-671-0x0000019169000000-0x0000019169010000-memory.dmp

C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll

MD5 fa43b31fac519d4537325b2d77595c3f
SHA1 dc3c0912d2275684a95816401f63e155fe2b5ed1
SHA256 ce4721eb7591c77ec23650c079c25730bc9e4f2af440ed0ce913258151434cda
SHA512 e9e050ec7bd310ce3c5c13ac7f3849dd96ee34ca68a91956b956eef6c228a23d790736d05f07562b039a888471f823107d11384e72e172f505192964680335f4

memory/2464-669-0x0000019169070000-0x0000019169082000-memory.dmp

memory/2464-675-0x00000191692B0000-0x00000191692C0000-memory.dmp

C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll

MD5 ec154043dd58f7834eeb093bc4d0d7d3
SHA1 052f320731f3f35dd10de4149b27f0c8437a21d2
SHA256 4442104e5a3620b5e927b50c02325d4a2f873851ce73bd063b7e17f2a344bc2f
SHA512 2cac794852cb182004fc01f7061563dc8512c60591e67249e7aa9f4fb4282dc71142ae36a371daad32fba719a119055886ec8a63c31dacf0fc8eaaf7551d0513

memory/2464-673-0x0000019169010000-0x000001916901C000-memory.dmp

C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.dll

MD5 b7f13cb30356dbe3e3bf7c01e2d8c7b1
SHA1 712900d638167a85017ab7f99119964d84e0a39f
SHA256 9cb78661a77fbbae56de368f018ac9b06e6a171dab37e49091ac4abc4a3d1126
SHA512 6df9337d590adb72df002cd64005a59f60ba064b2ae2d207559f0b43c9c8978ae75b22115556f0f4e7567b7b7862b99fe069ec92b3c98752623636bea92d1bb5

memory/2464-679-0x00000191694C0000-0x000001916952C000-memory.dmp

C:\Program Files\Voicemod Desktop\AutoUpdater.NET.dll

MD5 07809155502ca460862d6c3cd554200d
SHA1 a648d3dceaa0dab29bdeb3b08cfcc05b816dd28a
SHA256 4afa1ef0f2df936fe2ff026d73b9630cff0d567cb66e3e09ed94783c0d3a054e
SHA512 6314679bab44ac165e77689ee8265f3687b8e7636a0b0fc688fc1b4581ba376c612e8d117dc50e8ae447a36e161167fa4b7d3365e9b92cc7d80f56a8b57d0e08

memory/2464-680-0x0000019169490000-0x00000191694B2000-memory.dmp

memory/2464-686-0x0000019169A80000-0x0000019169A8A000-memory.dmp

C:\Program Files\Voicemod Desktop\NAudio.Vorbis.dll

MD5 7721decf5f28e1470d40b912b2253779
SHA1 04536a984d29ad5bb1939ab83a1c5eea501f2670
SHA256 ca4cceb6a39d5b511abb897d8bd3c1de6921cf8a284da73be2f7ba79ac377b92
SHA512 2aa81e5a800f804ecbb206cbd2807d4a1987341dd211f8c493b6d5873e7d3d35f4db8c27b4d67631c592861eb3fa05037ea93d02585870e6354054df687af076

C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll

MD5 b8ee3de827c9828bfc4ce2d1232110a5
SHA1 0a017aab404c48f9f11b3e7e0a29e0c558e8cccc
SHA256 6b007d59cb09c077e94bc32ee74b3ff03af07422dd50b40d2cf39573140022fc
SHA512 13dda00459d9fa07d8123a5b100d9ec1b046e470d978e37a769308424c3986bfdcee5515cd32fd7b14b8eee3e9ab4ded1f0ae5939522926bf7a82daeb914123b

memory/2464-690-0x0000019169460000-0x000001916946A000-memory.dmp

memory/2464-694-0x0000019169AD0000-0x0000019169B06000-memory.dmp

C:\Program Files\Voicemod Desktop\CefSharp.dll

MD5 a8caf7f548b13fcd2d676c9c2550e352
SHA1 0274fca4d6fcf58f098053de1bb921f18c7d66be
SHA256 073028a525cdeb485a183a714289199e5650aadcde6bd90fa2726339e139515a
SHA512 c4f9ddc0ab33c1a10522670586857004d39a13c9a8cc44fba8f1f254fe8896b86e79a8ab5bb4843df3fca5bdc3abaf35d061954b429923faacea4ea99f4408ad

C:\Program Files\Voicemod Desktop\CefSharp.Core.dll

MD5 cf23cc10046f463ba2f929b3491be3cc
SHA1 1763511c3103f191d046ae8a25b344755d042ff5
SHA256 e1c1c19da47f763b207569eaaec7ab26203720fea2546178cf30630292de22cb
SHA512 a6c190e8b9a2fb59174abef52cbfcdbaa4618019450e860ec1b490643ee26ab33c9352ccb376edcc52ea1d659ac5b8fa8fa9560a25f616dfe098b7455118ee55

C:\Program Files\Voicemod Desktop\chrome_elf.dll

MD5 44fc26ae3f77101eacf851f53aa1e64c
SHA1 f129f58aa70cf1ea7741be1c7848062e515d6773
SHA256 fb884db0b44f47dc451d9729fecaf6aa9de61e757aa4ef76381ca7006d55cbb6
SHA512 f690665b01eb4e292ce8e03169593fcbb44110253fc4a14510ff3081c41bd13a0538a9a805113f07a9fc11536b552b59c5548c25ba18c08e9738a3e7cbe0d8b8

memory/2464-698-0x0000019169B10000-0x0000019169CC3000-memory.dmp

C:\Program Files\Voicemod Desktop\icudtl.dat

MD5 65c6337820fbe9bf2498a9395e3b20f2
SHA1 5cc62646e6c73b4be276d08719bc5e257af972bb
SHA256 33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4
SHA512 4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

C:\Program Files\Voicemod Desktop\cef_200_percent.pak

MD5 065140de55434f35f9c5c10764c29ee4
SHA1 4bb734f61c04bfc68f7e15f128a2853a5f7649ea
SHA256 ef2c632ca52b27d464d6d3d8cd1b5b31b62b1102845682c680cd2bb102c5fca0
SHA512 552e5f79a41e78afd191394cb4cc5a8ab0ead3a0ec1706066e85b4aa3f2a80ff0674dc8f9232a3f123c8c60a9e63d63bc84b79f7c357ff7c7a85b6c98ebe55ee

C:\Program Files\Voicemod Desktop\cef_100_percent.pak

MD5 cc741473d2d075fdc2be804eec407a12
SHA1 22a96140286fdb004540a2051b93432aa133843d
SHA256 6107c1bfdbf2cf351d5281073422b836d7a547e81345bff502fd31335d7fcbb3
SHA512 31977768847821379aca3a49a30d6dc25a31621d96b618c4a9fc71bf7eb7f9999db87603190140fbaec8beb103cd8ff793d5144cbc68a7ec7815db64aa530437

C:\Program Files\Voicemod Desktop\cef.pak

MD5 3f25f3cb727ec8a91891f8ec21657212
SHA1 09f37afff84b2445f0afa8cbb803d53bada62080
SHA256 f8a79e0f94e8a6ef849aed1910040c7d8a4c8a61487eb67163509008c9cdb33b
SHA512 c931c465c0bf1480978df9ee192bc52be82613707bd9ed813e7857a66c55386498825fa300f028ab59d0a64a1f7b5e3936ed777e97f1aee42f9a2ef8fb68827d

C:\Program Files\Voicemod Desktop\locales\en-US.pak

MD5 424663a523ce37f8a6087681fe3b05f3
SHA1 c250b53402e3ca81a5b15b4ae9efbe374d0b40dc
SHA256 a9ad65a2bc012cc22efcea44ff42de06503043f7ce76ccab8edaa33456d339e7
SHA512 566adf1626179bdb07615b63545b12dd304b7cbe43767e924a2806fa7fa8ac3b808a862375dd4723e985f15ba83760319a70c594e97934f91022446590fb10d6

C:\Program Files\Voicemod Desktop\natives_blob.bin

MD5 e350965916554e65a47305a6ab27c2ba
SHA1 9d60e499a907811a3155e9a07f8645d6c83cb909
SHA256 1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd
SHA512 c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8

C:\Program Files\Voicemod Desktop\v8_context_snapshot.bin

MD5 9aaa9081a7199218a25c788aa3e65be4
SHA1 1834a6ff2b69121d01da29eb1cb82ed29f493ae2
SHA256 0c3eb5fed8f9ce0166a4d75f41d60d8af4d6082f77f230867511eca0036f9a26
SHA512 2bab85623e897a386cac4bd764e1db0254e80423744a077ef14fea82992de7f7edeff55cbd540a7d73bbfec78ac31e8b136410e53c60f198d4325a5457beb666

memory/2464-719-0x000001916D0C0000-0x000001916D0DE000-memory.dmp

memory/2464-720-0x000001916E6A0000-0x000001916F9F8000-memory.dmp

memory/2900-721-0x000001CCAC9F0000-0x000001CCACB0D000-memory.dmp

memory/2464-744-0x000001916D3A0000-0x000001916D3BA000-memory.dmp

memory/2464-746-0x000001916D3C0000-0x000001916D3C8000-memory.dmp

memory/2464-745-0x000001916D4C0000-0x000001916D4E6000-memory.dmp

memory/2464-747-0x000001916D3D0000-0x000001916D3DA000-memory.dmp

memory/2464-748-0x000001916E430000-0x000001916E48C000-memory.dmp

memory/2464-750-0x000001916D4F0000-0x000001916D502000-memory.dmp

memory/2464-749-0x000001916D490000-0x000001916D4A0000-memory.dmp

memory/2464-751-0x000001916E4D0000-0x000001916E50A000-memory.dmp

memory/2464-752-0x000001916E490000-0x000001916E4B6000-memory.dmp

memory/2464-796-0x000001916D110000-0x000001916D11A000-memory.dmp

memory/2464-797-0x000001916D390000-0x000001916D398000-memory.dmp

memory/2464-798-0x00000191710B0000-0x00000191715D8000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\settings\voicemod.db

MD5 cb12ed580481b56678d2469784cc6931
SHA1 a3799528c449b723015a2d9201be56756384ae4a
SHA256 a2e76797e52b5ec21801e2e5b85fc434776b26ecede90110e3a18865831680e8
SHA512 be192ee6f57d26927a39a3566f7bea999a05c7a42152ab924fcdfa4e268d599b58efc1120671e935929ec4b31862bec370857056e3ac3b556159a4730bfc0c4e

C:\Users\Admin\AppData\Local\Voicemod\vmlog.txt

MD5 588c132cb9d9b72f029de3aef842a7b8
SHA1 419c989af1ab3a0191e5f5de11f77c114eefd6fe
SHA256 add018d9319a41ce9145639991a517e8305229657e0cfbff426ff405394ba8e6
SHA512 2d6ea3c609aeac5793b17c08033d61f67a701bd9de900545710ce901161467b05e5724eed02eacaf3fd2d0400e5a5ac3404cab5a73018f0b961ef76fe130ffdb

memory/2464-816-0x000001916C590000-0x000001916C743000-memory.dmp

memory/588-829-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/2464-834-0x000001916C590000-0x000001916C743000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\bg-top.png

MD5 dc19715992c0051d1456308b41f04e98
SHA1 85abf86dd0e738638fff84ecd44e5b3cdbb4b96d
SHA256 86bfe5acda1b1fc9bc8f205a58c824ad58179925d2ceae11b2a341122604457d
SHA512 2f7b3bfa6c084b830213996f7691b6abcb9efd0ac44da4739972758b4eab0478e46761d8590fcea03d2902909c2c992f1eed1ef48e353a05ba67c06189d2117f

memory/5064-919-0x00000000022F0000-0x0000000002430000-memory.dmp

memory/5064-904-0x00000000022F0000-0x0000000002430000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\buttons.png

MD5 87cc673665996a85a404beb1c8466aee
SHA1 df01fc67a739544244a0ddabd0f818bd960bf071
SHA256 d236f88ef90e6d0e259a586f4e613b14d4a35f3a704ff559dadda31341e99c24
SHA512 2058e3fd362c689a78fb3d0a163fd21bfe472368649c43dc8e48b24fa4bc5ed1307faf1cab2c351a4dd28f903a72d4951a72d7eb27784fee405884661a259c32

memory/5064-924-0x0000000002F10000-0x0000000003050000-memory.dmp

memory/5064-914-0x00000000022F0000-0x0000000002430000-memory.dmp

memory/5064-909-0x00000000022F0000-0x0000000002430000-memory.dmp

C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll

MD5 a8e7088990c747bc8fd07c1c93e8beb5
SHA1 3c028409a4979829f4b2019cb9d30a04194cd5a0
SHA256 af5edaf2769d35bb0fcacafb5fb0491a665d4293c77b462d6ee5739398f0a34b
SHA512 19aba1c87b6ec35778bbf5f8da21773a103d91cb34408529de90a767998df575dcd5ca31fb5be91c68296dcc0d9a2e250addee2cfdbda1002529cca5b890610a

C:\Program Files\Voicemod Desktop\VoicemodSDK.dll

MD5 2bf54840de051a2d293e421cd49d0eba
SHA1 b4dd90e42eda8e0401885f4d5637fa79892750fe
SHA256 225a00a907fc3c88ef4607bb3b2e3876499bd0679908ab48b1df0b08e2c6600a
SHA512 9eacfa6be037b5e00d62d317fa9c7919ddbd6d8014f4d85052eeee39a929c9b6ae353c41e114827f4ccaed0112ccd8cdaea3064db7d81a0ec1c599c9539d8dfd

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_frngub3h.spu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/588-1390-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/5064-1392-0x0000000002F00000-0x0000000002F0E000-memory.dmp

memory/5064-1391-0x0000000000400000-0x000000000067A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\SETB3A7.tmp

MD5 53bdc7ca40487c4f643db4ff2c1d2fa8
SHA1 91d750b1347831365729f4ce22ba13ea8ae91dfe
SHA256 651b6a24e897b78ac164578a24f97961a3507366db7875765a7ad274d7e787a2
SHA512 8ec9c30c68d40a0fa11a43c872c14dc8d0d44b0a97ff3dd1c276b82c4a1c144ba9043a9cf0716c5f37c2fd95d43fcecc858d2ffc442dcbd4ff43f3cd86b8c958

C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\mvvad.cat

MD5 dca9fa98db5e1e00a86b21a42e0cfddb
SHA1 06381ce9b5c8e52a7c6fbe635cbe1ea063535a4c
SHA256 a75ae4d761054f1ef771434dc2227fc4a130820aae6f6ffb72a2ff62d130fc4f
SHA512 8d7e56e1587ef1d424c2d7765946c34851b51068236411131a3ed4e588605602e741c5d22017b95a5fdb76786809e777f59b67ad4553d69aab6a0653c1446a39

C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\SETB3A8.tmp

MD5 b695055318ef82cc15971b882d71890f
SHA1 86b5d52e404b56245130d5858784aeac25ca67d5
SHA256 1f040cbb99d627bcfa63979b539d6c93e6d5a85c1a103f501aa88b816954b400
SHA512 bae69f3021029934ab195f83ac7c654d90f40350c626972f17ccbcb848c02541b605f987515b0f1a17bb23d84cbfdf845731fdf96022ce272afe4d2a763bffee

C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe

MD5 40797c8e92d0ce07d0eead04513c7bb3
SHA1 32927f08995b54c3d5417626d2c212fa03812d90
SHA256 cd53d7e811e6ed5f2dd8963590b3dc3a7e76dbe426c9f47f62eb3dc5d296e264
SHA512 65f671b0992077cf80a4daa3eaa5edb97e063de670ded6e50b9190d0dac0542d10d42201492b667a2772fd8c6f5b123726a0c3c58199a4f58b8e46b11a4cdbb5

memory/2660-1479-0x0000019707660000-0x0000019707D72000-memory.dmp

memory/5064-1481-0x0000000000400000-0x000000000067A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\bg-bottom.png

MD5 a85701bbac20a65391e4e202afc96204
SHA1 a0e73596a79baaa29fbbb368bd132e3ee49d3b03
SHA256 7e3058acb23e999d1ddfdea122afd33bc487b075c2a966affeec4d38cdbb738f
SHA512 55b1015a0d6a613104ae7edb64a59d198a176ee4fc0c32d9f1af1e7ad577af606adf55ea5586ad25443fb9ea9e770dbc2267301027c1a5f3db5eff928086a27f

memory/2660-1499-0x0000019722610000-0x00000197226E4000-memory.dmp

memory/2660-1510-0x0000019709950000-0x0000019709960000-memory.dmp

memory/5064-1509-0x0000000000400000-0x000000000067A000-memory.dmp

memory/588-1511-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/2660-1521-0x0000019723320000-0x0000019723434000-memory.dmp

memory/2660-1522-0x0000019723440000-0x00000197235FE000-memory.dmp

memory/2660-1524-0x0000019723860000-0x00000197238D6000-memory.dmp

memory/2660-1523-0x00000197237B0000-0x0000019723860000-memory.dmp

memory/2660-1525-0x00000197238E0000-0x0000019723950000-memory.dmp

memory/2660-1526-0x0000019723300000-0x000001972330A000-memory.dmp

memory/2660-1527-0x00000197232F0000-0x00000197232FA000-memory.dmp

memory/2660-1540-0x0000019723E60000-0x0000019723E6E000-memory.dmp

memory/2660-1542-0x00000197240A0000-0x00000197240AA000-memory.dmp

memory/2660-1541-0x0000019723E70000-0x0000019723E7E000-memory.dmp

memory/2660-1539-0x0000019724080000-0x0000019724092000-memory.dmp

memory/2660-1543-0x00000197241A0000-0x00000197241B4000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\cache\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

memory/2660-1578-0x00000197267C0000-0x00000197267DA000-memory.dmp

memory/2660-1579-0x00000197268E0000-0x00000197269D2000-memory.dmp

memory/2660-1586-0x0000019726820000-0x0000019726854000-memory.dmp

memory/2660-1608-0x0000019726AF0000-0x0000019726AFC000-memory.dmp

memory/2660-1625-0x0000019726CB0000-0x0000019726CBA000-memory.dmp

memory/2660-1624-0x0000019726CA0000-0x0000019726CAE000-memory.dmp

memory/2660-1623-0x0000019726C70000-0x0000019726C7C000-memory.dmp

C:\Users\Admin\AppData\Local\Voicemod\cache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/2660-1622-0x0000019726C60000-0x0000019726C6E000-memory.dmp

memory/2660-1621-0x0000019726CD0000-0x0000019726CF6000-memory.dmp

memory/2660-1620-0x0000019726C80000-0x0000019726C96000-memory.dmp

memory/2660-1619-0x0000019726C50000-0x0000019726C58000-memory.dmp

memory/2660-1618-0x0000019726C40000-0x0000019726C4E000-memory.dmp

memory/2660-1617-0x0000019726BB0000-0x0000019726BBC000-memory.dmp

memory/2660-1615-0x0000019726C30000-0x0000019726C38000-memory.dmp

memory/2660-1614-0x0000019726BC0000-0x0000019726BCE000-memory.dmp

memory/2660-1613-0x0000019726C10000-0x0000019726C28000-memory.dmp

memory/2660-1612-0x0000019726BF0000-0x0000019726C06000-memory.dmp

memory/2660-1611-0x0000019726B20000-0x0000019726B2A000-memory.dmp

memory/2660-1610-0x0000019726BD0000-0x0000019726BEC000-memory.dmp

memory/2660-1609-0x0000019726B00000-0x0000019726B0C000-memory.dmp

memory/2660-1607-0x0000019726A20000-0x0000019726A2A000-memory.dmp

memory/2660-1632-0x0000019730420000-0x0000019730F74000-memory.dmp

memory/2660-1631-0x000001972F7C0000-0x000001972F8BE000-memory.dmp

memory/2660-1606-0x0000019726A10000-0x0000019726A1A000-memory.dmp

memory/2660-1605-0x0000019726A00000-0x0000019726A08000-memory.dmp

memory/2660-1604-0x0000019726AD0000-0x0000019726AE4000-memory.dmp

memory/2660-1603-0x0000019726AB0000-0x0000019726ACC000-memory.dmp

memory/2660-1602-0x00000197269E0000-0x00000197269E8000-memory.dmp

memory/2660-1601-0x00000197268D0000-0x00000197268E0000-memory.dmp

memory/2660-1600-0x0000019726B30000-0x0000019726BA6000-memory.dmp

memory/2660-1599-0x00000197268C0000-0x00000197268C8000-memory.dmp

memory/2660-1598-0x0000019726A80000-0x0000019726AA4000-memory.dmp

memory/2660-1597-0x00000197268B0000-0x00000197268BA000-memory.dmp

memory/1984-1595-0x00000188F4970000-0x00000188F4A90000-memory.dmp

memory/2660-1594-0x0000019726A30000-0x0000019726A80000-memory.dmp

memory/2660-1593-0x00000197268A0000-0x00000197268A8000-memory.dmp

memory/2660-1592-0x0000019726890000-0x0000019726898000-memory.dmp

memory/2660-1591-0x0000019726880000-0x0000019726888000-memory.dmp

memory/2660-1590-0x0000019726870000-0x0000019726878000-memory.dmp

memory/2660-1589-0x00000197267E0000-0x00000197267EC000-memory.dmp

memory/2660-1588-0x0000019726800000-0x0000019726820000-memory.dmp

memory/2660-1587-0x00000197267A0000-0x00000197267AC000-memory.dmp

memory/2660-1616-0x0000019707660000-0x0000019707D72000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23da8c216a7633c78c347cc80603cd99
SHA1 a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA256 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512 d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e4bf11ed97b6b312e938ca216cf30e
SHA1 ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512 ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6bd64392d8f69c7930c4e3dab1adb0fe
SHA1 dceca2ffa8acf05e01c6b4f56e4d186c8d532b60
SHA256 cbe6cc0e7e5adcfbc92aac987262997a9a6ce0ff5d02533fc88ad289f28b90a3
SHA512 b22a1c9bbe58514ed4c3fd78a4cddf17807b1815bd2f70659386b16a2dfd3a5455f3b6068d998acbfa9058c4340a9fd8e9b03dd199eb47631cfd271dd5c05ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e47f5a00846928c24f0d6508d8c6b8d
SHA1 98c9b4b382540efed50217356fc11920b22e99e4
SHA256 b175ca302ab95d7c005184dd3e45e1e24274323d3108c01c011309033300088a
SHA512 09d5754f08470a21b3f9e5909b2745db11c3edfff98239f71511800565477772fa652e6df77b834b50cbe317d7d138f1899e114f4e4341e653c873eac8fef5db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71ed3e84-1c11-4e46-bb69-0ff97bb88310.tmp

MD5 cdeb9a89f531d8d6fef9413452f6894d
SHA1 0c3696bfa46587b94feadc6a4addd18813708ae1
SHA256 26a3784633d9fe1d5d5eefa90c312f8101799072b6a2b65d1d7417373c51ea85
SHA512 ee64446190e9058ec43724596f5c27b9ed3bda1640ed99fd7ac572f52bef14a5acffafd9dbcd928db5c038922ed7db41cf792c6e03221013247ec36f7e1d3db6

C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index

MD5 d05ac9e060e347dcb475d4622b86faaf
SHA1 b7f41235352deb86da46b6bc777cfc7714a1eac4
SHA256 d0e1bf0803bd431b0fac0b303d795fa5d658130ed6279dfffa0eb676871f5dcf
SHA512 51512802919d5b8e1b514bad1a6fd6eb1f8b340c7a10ffbfbd5cfe9b6bd8a977dfdcfa4fbcf2caee519e96af208d59d8aab4bb071c3fbc48f560021aa1034120

C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index

MD5 7ac7a0f134a68d00d76a3addad2a7a58
SHA1 35cdf655a158fb8524d72456f882e460d8c72e0d
SHA256 e0592ab514746169755e71b309e89ba50101839e7c119433a0f00541fbc9d9b1
SHA512 80e084b13f733adbe599854ddda70c9e464fb16ef1ccd0edcad75e987fecf050ac27fad9759f985fb5f604a280850ccc0dd22156e149b103f2ea4b96016ddc81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d69b27d194229740be87b99993ba2df4
SHA1 aabf72ebfe691943df1c01f9954b960d1c2ebcce
SHA256 048495612e50de68364d1010e01707fb9c8c24ca12ad4e9cdad62622efe5759d
SHA512 31e8744a1b15736461a4951a524ce8389e076e40a1cdf2a5fd9e75ec2f7144f3a02d70feac9ac418e176e95ebf2a8d58838c261900acb44169c11228056e35ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a738b.TMP

MD5 0152e94a277b9e1fa4e6d6e4702c89a1
SHA1 a41b0ed168da2069d09054ffb3822b86ae71b812
SHA256 16377ac60a7d7432888d08d138436e61a720998fe86e25639d85859c6329f296
SHA512 a1b6184a98ec6adea3c2b6f54c0a907a51a6e26340b0418c5db683f490189a8844fb2f82f91a8e5265a52e26745f3cca16743065ef840456f91e031bb4281035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e4cfaeebba97b5201c612ac585a9d12d
SHA1 9ad802d30e60a8c7d268decf267bb7e70f6793d5
SHA256 05bf61b18643506a6071f696e9eb47df0607b5969bc6567e1b8aeae3496fc765
SHA512 c5d457d0dd7506ffa09c8ef135c39764ea82fc36f839142f00d80c68b6b2f0217787ab5d6a0244a9c384ac372e43a54f447bca17c332718a2e85ee540dfcbc0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d82fd7a8966f2eacce424d1ec85c59c2
SHA1 6d39714d044d567313880654925a52a3e167c3f3
SHA256 4350b2ffe6138a1d0d18d0e4342bfcb3b849d3a1092b2d9d98fbbdac0bfa8711
SHA512 8f46f58650d67583555b195019e4afd544b8c8550e4adb284b9cab5ac2d4fa7eb642c2b56e3688af744dbb7fee3b8f732161f1bcc01da09c44edd237a13c9acf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f52c5eb37390c6f98ad54ee1e3dcfe6
SHA1 96830013be9b80cc68104e9763e182e10343b02a
SHA256 8084fdb3979220cdbd8d08dca9d5cd5194cae7c16231eb1ac10c4dd4f7feaba0
SHA512 97d44f1ca55ee37d12b5a86ac4f8f644ad6c7bf3c3260f22e6439be17fad6ce3e78154b61e24b6897b614a810a5bc55f049702010f28b93872fbe94009dfae61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e15604fdbdd4545a769ba1a506302c7
SHA1 950dce7c95de00dbcccaf51c50252673a50049e8
SHA256 029afe53b096f496e42be2a32e6658b0aad208d35622e81d87f78b320f9b4111
SHA512 40beea6bce3ccbf2feb3c2ef7fa1cd08d4957bb01818233dac99b17ea2b12e746a5a18698e4c4d50f7916625ec4325aa79471a9e73902426d20a6f79ec9eaa23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 690055b6758601f27085580d23aa32df
SHA1 e387ef546a09d6306c01b4540d2454ced9f4501e
SHA256 dba12796cfbc919dbef12e098a9300d90facd7fc2ab24bba6829514ed62528c1
SHA512 6b170ccf8a231ea46bd275620fbed559bab8ab82e54e48ba36884affc5d44bbae181bae28eef5423150a857b07cd93c84f371dcc110b4e73aac47375fdd9df64

C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json

MD5 7bc47d7417680515b6ac325042233fc1
SHA1 a275dcad75b69d6c40031ef30f4fbad0d2a28efc
SHA256 43d68897e3934e4e5efed0bf6c33cc5921eca10c05c8345e756aa0639fb7a8e3
SHA512 ec740c01f2a7f2d84f49d2c322b9074ca056bab0644d70d555968758070d6db773829aecb667c09981c3522a1ed05d50ed95e1bbe4e86e88821295c7e9dc0775

C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json~RFe5ae8db.TMP

MD5 bdaedb6ce6d10b48b99180b292310786
SHA1 49f3a91054c56e812df810a225a6240b01a6ffb2
SHA256 832e0dc0df7e3e9b2830a11ab4a170788ec03e6a69d9291fb2bfac152f113270
SHA512 afbd531f54f0966dc75e4d929e97a645373956cae84ffe073cc2adbaef223860d3d75737af430924a0a9328057b4a5ea066b5c265cb668dc835eecd28aa4a3de

C:\Users\Admin\AppData\Local\Voicemod\cache\Network\Network Persistent State

MD5 cb6d6b6874a7fa5a66ffc64008ac6092
SHA1 2580c521b97f7762619cb7a6f191bde7486f52c9
SHA256 44334963ca1212858c02cfae449bdc5379b03e15974294571543766702548f94
SHA512 aab765b9d34f4ea05dbeceb53c4e022b755980d83ecfe91d9008b24c2c003ba5f99a94e673eadd649d933851ccbdd1a4d64461e37dc56727c58c4944ad0d0129

C:\Users\Admin\AppData\Local\Voicemod\cache\Network\Network Persistent State~RFe5af57d.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab2eda650b1b1482cff7a5c594ef81c3
SHA1 42c2c663ea2cffc27c3ed3b8a66c83f077eadbe3
SHA256 ef27d70701a636d5749a5820038132e830effb7f34dbcf206b3e46ce78edd979
SHA512 ced4f8f3b2d1947f18a1254ab9c273415391766c4e821efa332d44b575fe57434da3f27065f6361b137c988643dd286fc5f5a381fb23fe8bc5dddfba8c011b82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6e884fb7b8ffd1defae831e74c5ce1d
SHA1 bfe862aa7fd92ce97bb2827a16f60709da60c91e
SHA256 f745c8ff6f57cd3037641cb7a3ca953f15920768b4bc324672245a61ec0cad27
SHA512 9960d9c86b9ccb4bf3bdd34969a5897cbe4546a666c8b86dc167f1d2807b8774ffff8005a1059e59cc30afc1ceb6e693c8b24ed33466a29e1cf441eb3be59729

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad148b392409d0616b8fd9cd92b93e2f
SHA1 44981194e7cac2af778226edda5b91d9180d1d11
SHA256 9b8e877e0ea069e430ec05931111ddaa224c011343ae278c884e5faf5bab1741
SHA512 56d9f25aa3556be71aaf3199002666d1ddd2ff04f290893cc1766e7c41950727adf90ca96d88a3f189855e74378b3d4d343bfff8039603efdea47a01e56122d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 928e25eef66092603ada3084421ffd0c
SHA1 ecf173dae9e8ce342d925d33f331350a77569495
SHA256 60d25ca98defb15fba847bdbc61ee1c3a8325e4a2cb0d5a6c5e00328571873b7
SHA512 d9e0fdabf91b65ef2a60963f5b41be1dfdd552344f445bad98b30adcaeaeff38e8d12a46d496c257861e386819cd5b188d0552655b2415b67702e79f4dc95e30

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2660_2116094413\manifest.json

MD5 2648d437c53db54b3ebd00e64852687e
SHA1 66cfe157f4c8e17bfda15325abfef40ec6d49608
SHA256 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA512 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2660_2116094413\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b524948d2cb4df6a1b6b3e18e54bf94c
SHA1 121fc4754bc73c9a573a1a963e55e6c66be150ec
SHA256 6a94b0214f41998d3582aa65dcf5770ad44ab45de181649105564009cfc1d158
SHA512 7e62991fd9e27d26dc6a454563abfd91c13c19d6cf4ae0f35c6f62cf629749675e5172ab7497c1798548030b880bc32ce9c0a85dff32d56a32cc83c1c95a7819

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a927e0f1bd6924dfc0e630676a7bf9f
SHA1 add0cb4956388462042d05a3a08f275eb69a1c49
SHA256 bb72f086baee3c15b7e5ff94515f5f741e656d73d8acde3b3ecf15fea1ff940c
SHA512 830dd27802bfcc9637d83d796a553232c4ed518f3732d93aa9c1dc752f8bbb82a5681aaacbc0bb599f076d8e9c5ff754950be027a3ba3bac8cff9b87bcc61404

C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json

MD5 656df3700d969d2959b8f814f468a48c
SHA1 979f5e5c17c486f74e75492baf017bc753b46c95
SHA256 fa52f80b1046b4eadc5dba9e6fc22058283bc78da9c88c6c34d1a405363e882f
SHA512 d9da7c76b95fb812b5d7d4aea82e63faa1c60cf4efa43e4fd09d76c628587dfc40fd9c4878bb64cce7eb93536532ccbb50ce9af6732c859054e8239a7c73015d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38b6769e904cba17403d44b14195f9f3
SHA1 4cb41cea95a7c0da859b64ffe40afb25f6302079
SHA256 8012e70124c99d937bce5ba5b41ef98305d7bd493cc39f46d42f2ea17e0ea8dd
SHA512 2738162ce57c67413f0e55cb8183b9828fb1b62ca970c3c25bcd08a36d91b9f79d16520ab6b27477cc77619c873e8d6c07524ca10e08321c81bd72f0a53c929d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0cddcf3a20b688662454eaf81c4ea60c
SHA1 90427c40ff4d49f0082dbed705e8158587a56ada
SHA256 1ed91b818997edb3a071d62b217196cf87eefee78738032c77f908f88b461fae
SHA512 d2f93548f73b2da256d8f5a8d11fcc33be29513b041c2511baef78f05cf110efe74d7972ece7fdcf76b23d5c81a1933c16426d385be0cd712209270791877f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52840c61a9d4ced0763b30d24010bba9
SHA1 a742966eec5fa6e8183a958fc1753a628788f2a0
SHA256 3a4ac60a501ead45bea0037d2dc17d10702b7bec3a6b3476148292305bb65d2e
SHA512 f27f847e7c501a83354350a4aad32f03f8502e8fd51428dd590489fb382ffea988eea2a0e8031137c92fbb59d53c95878e4d1e20b7034e651e98d1874677c100

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 141263a0f116f5eeca6710cb295baf09
SHA1 d47fd4c252bf2f2d71fba869c82b2ee81c8ca082
SHA256 923c90f9b888c8c3f93c90f6882ebbcc55873eec6a10faf901586a15a02ed5b4
SHA512 c5bd6889cfb687e61a4d168e2fe75e5d773d5a408bd930382b161d89ff0c36d690feb4849d2a04c5aefa31157696fb52cebedbc1e089cbcdab223901b3d417f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f51c517a43072c4cf1f239fbd9f74c6d
SHA1 fc6cb083cea6aa67a77840a189917bb88448af46
SHA256 bab838401accb2a76530f5e4c5e39168112309228923eb926319c16e68675b37
SHA512 1352d60efbe4195354802962dde2742d50158f334d0a7084a13e3fb672b38e0ea3791b250272166fe85117830999fbb74c64f7fb6c4c3dc02d56e344bf9b5df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b904436e5a91efd8d0fc5a31da4ad489
SHA1 68375be935c9f9e0736f04f33492d9428059b038
SHA256 cf386af1b2d26061d53a220e33eedb5e7a1a6b9fcb306ccb0905ed09d6358cce
SHA512 b0d40ba4a23eece19bc83780ac761b272ab5df80f1ea581692fd422bcdf29f961e5fa92cce13450b4b390c119ee15568d7e639c837700568bdf2d4d9584edbca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0678d5c67d34bcb35e209d940310f169
SHA1 301f32dc2bd88fca5d4cdffaa4b2d57aaab690cc
SHA256 a1c3ef67eb1ae5d277c28af0922a1c4dea903b4b60be51ef4355ae677eeb72b0
SHA512 1f41c42adf99d654cd9fa897b37810209f5df2ae7d04cf01374dfe7bd398984efe33bb2b6c8d0b49daa79adbbd3a5d05586e73e1363fd1bb95c4f2ea39d1705e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8fe29b39c5aa42e5e80d448ad6bca096
SHA1 b6e24069979cd27bea231e9c535ff31a51918c03
SHA256 ce6cdc9422e3cb422815a9dd47db5d633696daa44a6bdd1a52984ab7e049da4f
SHA512 6dc2f54883bce0b9c4dbd544bb3b998db3c500a07c413df1dff0e16da36b89e9624a6ed5ee859b0b9ad259ec29c2db652c813f5b41f86f164b9d75eff9875453

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c84013b7496d01b8c36bbe12318dc463
SHA1 369222ea152a18a7b2bba2164f0f7eb0d4177a42
SHA256 b8608b1d88e8c1106444e660761e4d4bb167df95ed100095c5f6fe21b15fd26a
SHA512 0476aabfd7b23c069662b8203a7481a333abfd53c2e75f6c9d7930da6b590fab22832fb2eab68eb828c863e266e3c376e0b0608396175283e61a1a08367e6259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 171db2a33a280a288ce489997f999ee4
SHA1 408ff35a0109f716198d6842cefb64c652983ee4
SHA256 9b41cbd9402153f9c2c026e29f7a1086347797d52c90e1512583e8917661421b
SHA512 5222d99e162c92230940d0c1160e98b363b8fb79262cc0dad24fee2a1a8cf82047ef215a1f28e79591add37f91f216e31dc351463084619f9c0b9b0d237ed675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\17940795-9251-4922-aa4a-c346530551a3\index-dir\the-real-index

MD5 a0c335396e8e8e53a25485c2a54e92a5
SHA1 dbb537c3b1e81d446cc19bc475dcd244fa9d5256
SHA256 fc01cc0734f063a4ebef1d098b142e29888daf066214cd94a3a545fe41be5684
SHA512 6513e9fe5e3fc8dc0bf25b15b45d8d3f26eace5b4a6951179bb29fb3c70dc0feed0652b5c4b8d1bb085f0dd1d67e2d641de57a41b395c869de398619870543d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\17940795-9251-4922-aa4a-c346530551a3\index-dir\the-real-index~RFe5d6ef9.TMP

MD5 c9ea22fee2372825187618b60417a1c2
SHA1 efa6aa64ba2f1cb6e3b369ab9a640fa45c791dc5
SHA256 b0b4a00234f6cfe2c77944f6f435093385ef45dfa8537cdfeee2746af266a626
SHA512 18f57fee5e7d8e7731f9884c3ab87c19fad34528ad0892ac67ec10a4fb7a962bc6f1c1bbe0dc7fd3421f84da8755f36b033b854f43a6ee97fc1bdc7a0484415b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

MD5 4efb9aa5385421fc5899f9e7abf7e8cb
SHA1 2572cbd83a21ce01f315c126505f20f5e52da704
SHA256 1f9c006e426f89d13e2ad5550f1eb29e85fa4595b31086be29cd9adb3cbdc960
SHA512 e4ac6b0b72ffaab0dac276a764e6bfd7c78cb07024adfedaf0542a88515ca57bbcaa6c679dcf0f221f2da4840f25aedc08cb0a68146e181cf776b959b5463d07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a237a48244eef094d31ad803e1727a5f
SHA1 9ef99982c660861cb2431a64a2d502478b5caa31
SHA256 a93e73ad508fd843b6bd33ff29e5f221d9af834f4040d0fcba1fde16957d7926
SHA512 a393a1413e5b75a2a158103a0bcbf3a67b9cc1da89a23d2db318037dccf0341a6f378ea2a55cf551897f459cca6e63cc78de4c7f62efebfd4fa90a1f982b0fc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 1c9b119530cfaa11276c546c6a28dc4b
SHA1 802b57e59b1653e01132a2b3c1068d975ed33177
SHA256 c103e0ab921aba7f72967c30a82d33d11b7a342838b96b2d9b2901c2556748f2
SHA512 12da5bdf0f2616170c3e2558b4a48d7075b4c1db12eb5a76bd5c42fa9b95fcfb3c771443f9d59a9c315b0f9481c190f6466ea5d5cf1f1c82fa773531cd7b2a4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe5d7571.TMP

MD5 4b838a099321cf632ee271cd78c3665d
SHA1 85c890598c19e8c152a7865a424af01f87dc5b40
SHA256 6abde48fc2de20bcd927e1edb9a1cc5939b373cea3815822bd4f2f4ca5f54135
SHA512 fa7dd39c355914b1c87af7cad5e0935e6b65cd61bb8c3cc0ab7382df4287a338e26c065039fc473bf0e06c97bc339847b8ba5ddadb8af2e8cd2f33a07c252aca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 09096afc8eeb5aca4a956a0c099d8918
SHA1 b7d905d1c7127de0840f649dfc315e265f07f513
SHA256 6d5619afb61c15a7e1694938477b731edc0094eda41491fa0681680529ba53df
SHA512 4f7af94705cf87f8afbc8b438963c083fcafee631c556ac1b9fde8feed7f7c474b17e1b11aaf87c25039aae758fa8a55bb382c625c48c47dc079761f856c76b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 97d5f65881dcf1370e0f450c74916071
SHA1 8356aa6595b01f1b3d60df82686d78c6b573c033
SHA256 3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc
SHA512 7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 ceb9d109db3a0a4b84dea2ebffb9198f
SHA1 4512a8685090aeb478d508a626f93ce2cfa0aa2f
SHA256 93def5610ee9e624855572c88736496886b7d6574a3c53f767ac531ce4a3ffd8
SHA512 43744a790638134f2f424b16ceb1887a53fd4ce474f3243c1763e80f6ce37cb1b48763040b250cf76e602cb63daa54a700898253c964443a717b8e2e520bd5de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 53086bcdce2a185e39989ace94e92b50
SHA1 48ffb1133ae7b5e71e4948fd6d0a019c6fa65ceb
SHA256 e9466727da90b5649f6c76de2304f9f38b026adf9e33f8a143293e76cc7e90f6
SHA512 fa06fdae917d4924c375160e563ae76abc4c43784d9a21470ee4cc7570225b58174cd6fdd9a712198cd2698e779594197b68f7e237a2cf3f05e876a7ba84af8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 9bd8afd16de03fdaa2c81de6b4b2225f
SHA1 4cefbdb95beba6ea6a3a49f09322f7eed7758377
SHA256 1d0ddf9cdf2988f7a46ed719db8e9113cfc70b0033df4e1492987682b53f0537
SHA512 c352fec902ae11d73783bc811d3096267109f5ffb2ffa4494bab46f6a7241b2d75661aff4d25917fba78f9ab3084af23211088879c9fc6affd30405abc935e5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

MD5 1784d82edabfbc66aca767eb7becc500
SHA1 6b5e78f735d0d09fec5ff94efc3374af2a75ad74
SHA256 7ea81e7c911e5ba134b67278f0d7f2baf4e652243c57bb699030ecc77e85619a
SHA512 852dbdb202cd0e83dcd4b2e83a9875db060cc2202d55b9b37c3514e8e63f1d12178a3ba24ea6e2cd10b57888c56477d18a6883e520bbf7092c3f9b2d33746849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5a12cf68b8f339300d793e7d677cef2
SHA1 f4b49fb22b4ccbfb46b222d2a582a11c41fbe1d3
SHA256 a952f09081ba8bc99b7bcecc5edbbb3c78ec4074d95d390f46ec1092af4c8db9
SHA512 5103cd2e73741e3d139b88c15bb36022cadec558125304f9e1686e9e6e72a5b5ce508d93f54465a415a9ac42cea066a1becc2230fe16f5936b43f0fc78bab5bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df

MD5 823cc03dc2a57ff7ddcc40c4728be9f9
SHA1 385a6d029a0d1efd47bf12fbb64a018a0d7737ec
SHA256 29d4725dbfdff4c26719db2a8c3b065e6911745ae745717e688bd22843eb3053
SHA512 2a572ac4f1a6d1ab42695892d457acde1887f2ba1f786823afb805aab88edc3244afe3a7a5d288e616b8031b98e8a084046da55daa7d8a42498bae0b2322979d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0aa19bd70c1d5810f13720d6d403279
SHA1 f2a7dc161db7f46fe9999e6dac94ca4d441afa5e
SHA256 e9a89de057b741ac389516a0a1006ac07e227ac6ac4eed10ea0089df947ec904
SHA512 40dc74f65d53c4930db203ff161f182b499c0c11f40b24b2b0ab3c8fe0a3ffe572fec7b90c147ee1b5683e22a7c15e94ad0b43d2e0ef95a681a98576301b4c9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2513b0e21124d73ef45a382a13b76d75
SHA1 9cf5e84cc6a1cd7cdaf15d190056ec8710f2efc4
SHA256 fd15e026ac1a6a04448cf3a6bd285f0e0efc59626ee0a754de42bcb14e45ae3b
SHA512 1dd9593432e17aceb531f931c555c742514ec15ca179183691a562bac52c5499bfbea1fe70f18ace7d3c6c6182c09e14736b61b8ff41912b8109e186f05f1044

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

MD5 09814414996a9057923d44f7b0922b3f
SHA1 377225e02f4dcc73717a6a0d8a60726fdcd25008
SHA256 88f123b738924069453c67c1b7ad158833c13a6699c4de0d57c125b41f2e664b
SHA512 3bbd20fe3fa0718e8944f1eb3035c520a4a6c1703561d1a171453c914c1c8c470d1436243d3cff31eb36c205ed43a5850c85f9958c9f58f24371ac006ae4693e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

MD5 712c793349abe1987ef8d693e34a91cf
SHA1 5e35d51ae90040f4bbb68895de824aab0f500b5c
SHA256 585dbd6df27b9a7b606d1a12b80f99029f3171324ee5d99c153ea9e41cb70e7d
SHA512 deb1638e0b464be8d28376f19963e93217b5b2b13979a516daac71f48620e7b8089855aad5b99f185b0578134314312b196528ff216219f79f4c97a15a773f73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 01073cb5e0510b3fd57d407f77ef52df
SHA1 4fc5b4f3250f6d7e2f5aeaa20ea449874b0bc04b
SHA256 18802a28d1f448e57b6652b19d84c2c16660bf06943ce321bccdd4d7f65f2a1e
SHA512 f8e1b6b74218ca288cb4823ec32ed3914267d5e35412429f56c6308506841e0ea9b229b1bf41b17cb9773537f08ab0e223d1dd11d3dfd9ac3ba11d1c927493e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dc391.TMP

MD5 3abb1515b8e673a7b37cebac68e9ef84
SHA1 d52626084d4e86eb351c5a0089f1f9ac9d65b4cc
SHA256 b06e707ad5f361d72c7f835a190b660c2153a5c6dee44bce49dbc49db9bca29c
SHA512 c7299abbfa21e281900e9322c877815ab9ab933cf239d8b6e70eda310eac9bb9d7d0bdf1b360241c81673e47b5261ab668ee7dff8be2e96ff95da17bb4478f2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index

MD5 c6f8fced967bb8cd3485386ac4ac987b
SHA1 6b009570321f24d77f07d4c0d581d0dbcda95ddc
SHA256 f6d713a37b41ad1bb76898693431fb3d6192443f54b91a7e37964ec69db59617
SHA512 8b49f8d28489e17b14ca2202fbf78b497ab3690219ee29fdacc1f0d5c2158a9dddf6f21f932c32741dba76030f43be041829b4c5849d571c02685acdfa266511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index~RFe5dc3d0.TMP

MD5 26819be724a19ed9f8b0d0a84f700029
SHA1 15d2700bd46b5f060961917cda2d3403fda7d5a5
SHA256 51e8023072fcace799ce570adebf7128367f233ae6b281615dd34ff80c85cae9
SHA512 026cae0a2db259dec41bf193b71c94ce8e4c19cdb271c32370dc77fc9ac034bacbbe9ec41084f9854ce735d9b0c4d4fe0fcce3de789746f089070f1237af7c7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index~RFe5dd014.TMP

MD5 d037b3c15fad06e6aebf5f65f13e168f
SHA1 0b883439e6eb7f3e4d68444a9f2993b2ead6f4f9
SHA256 d8658df1395a83b682f0c0df14996c38d969d92eda3e426ff738bbd4f42db60e
SHA512 c2b7b56a9247944f8875d3fd94c67f3578da8b7d6b60977a8a3e89140281785c9a665e7ec32614b790153a78f7a87c34e139f675cbbfef91a1534ce99c5b6ab7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index

MD5 9e1e94b40e2b38764ac2571a9db4f67b
SHA1 eb91fbcc6a122cf792381b5486781a4c25b69927
SHA256 8ae87e6ba2e6cc298cb08089c846ac5ffb73d6bd61214fe6b0545010d30900b1
SHA512 e8c6b27ad50c64bc9e00b14c047427563d47836a0658ba1a028e98af8e3ebe2a9a2c93837ac35ce7bb4d4cf3a4249ddf5c19c6b3bb9de3571041af0c5576ed58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b4ec6383-6ef0-4231-bb7d-f4739ffba2d7\index-dir\the-real-index~RFe5dd024.TMP

MD5 54e64ec0e6006425ac013d3f6dedf4d6
SHA1 1854af08678156d3cb0ff85d05e195d72ab28c5a
SHA256 1092d54dba6b62847a83cadfd15405c87ad1e3d9d4447a79620da32420ab588f
SHA512 783bf55a51dab5bff2a117f48d4f449c32c4de63e3aa9726856a0b116c699f1908b083fe9c24e6c100bce081d4b453106f2975a356da11fc41ea0a2b20bd5304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b4ec6383-6ef0-4231-bb7d-f4739ffba2d7\index-dir\the-real-index

MD5 3e05ac097a8204bf24a46ff1210541f5
SHA1 a9a9e1820a007f576f85561ae3c93ce163435534
SHA256 f6f636fc9ed0be08fce32c017d8233ca8fc0b65381364cc68b67ed6c8f6a5004
SHA512 5eb16aea1690eb0b5e423d818c9ec4abff28f371e72d4f30d64f95ddeaa75addbfd61d3eb9db23d98bfc9ff3aecf7ff97ef71139969d44ab6090625de75caf6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 fd21ca48ee2fe771edbc4312b074a1df
SHA1 eff7f87e4378d9db9430867a2f0d3af76ea54263
SHA256 f4b72391b3efa1271484d48e0266d0286a885608afe23f92fba98159fb541bf2
SHA512 b7a123d210d2050af7ad6485f682787116ce90e0858843e0bf4826f6035bd4535850c1d497e08ed587692bcbe21d3370c6962c499816fe292b1b430724ddcde0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6df07f06f61de3a167d963dd0048233e
SHA1 14bd389c4a40b2ae6a174542895c02ff4779ce64
SHA256 20c97e62ffbe60d0412b646aaaecc0976328e72ae3d3e8fac2e740c4f5a5be86
SHA512 e0314d2e01e3410de1259fe5113cce4656f524541071bd7138e612d5644880c2d2a2f5a99332829369f0963095a5f3844ea8827c373b279ac72f439a30c6e195

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

MD5 393f6e04fe1febc491f93fe20cb31448
SHA1 a78431170ec1b9bff90c27879a7eed693b328436
SHA256 b5326dbcc52c1487423919a7a23261dbf3a18f18e541db3d6ab131eb1a96bb27
SHA512 aab2639908888130a799c8255e0ae7340d2adfb8474030d5ab197836f6409287a7b23f6a2dfcc78610716f6235a58fd91f42f748ef46ed23f87b8d9df19b1580

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 1f7db58bf28700b7422824c2f78ed07c
SHA1 39c8e818f97cb269f1dacbe7255d62d7761e75af
SHA256 4372c4852a57b9a1cd955be53113327cebe7df647c4f6c2a57d378ceb6728e52
SHA512 d302e1e8b365708d516a97a7efbda3bbc0ae6cd47d2f7b34f891b5970dd49c12071fa2c9c8cc5ef89bdb79b9110838228170e6809fcfdd9a4cdd3ce3f7f62305

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 1e7619f077d0d71abac499ed85af0a3b
SHA1 e5be8873abde38dda5628503452552f2c890d57d
SHA256 418378e8f6993248b7533e12239401e64715fb03a85a5de96d56e53bf4b4c638
SHA512 ec46595c3cf92fe53654df784a8c6c9f7c2a8666212d1042581c5a4022611190277b89249a107c901fc67bb788e6e60bdcb798f1d399b576732d38edc3a381a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88dbacebdf751acb786c125118b8f3d6
SHA1 6c591cdf1ef473e9e7cce3dcfdfbefc988e8bfc4
SHA256 4a4048e9e8bfaf8a1520c03e678153daadb1ef4beda070c8fe0f1eb47eca4851
SHA512 0e9e92ad83b88cc4516b5a900a8475805ac346d43fd66c46edce1643a56863a8271a533cd2e11b3735f8516d37ba4a9f5e4fd295e846894e162fa02eec8ede41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 879953d6fa2e0e68dd572c8b6a81d233
SHA1 8f88e8a8e1c571eb6bb3e80255fbae6f5168f1b2
SHA256 0b16e27e7c7418decc33d8d01e0d8de6287d0084fd0180edfaec3b096baaeb30
SHA512 c49eaa7c1b76904a3711a1d6b14280a2096df6d6e759d7197140f7befe9a69f2662ef1bd7a7e47d0642a789f2a7a7dcd63765a702c4d92b0500c30ed33486387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1b26eb92dc28ee05549460f467f27489
SHA1 478f7a9863eca3e1cce5648de49120a4e4763518
SHA256 cf60e789900f2db60b83bf0e50d84b78d26bfea4a0fdf544eb65368d99484939
SHA512 37564d578bcf28a6714486847c26bc8aa3af799a1808599a3edf2246f4c56f3ec53763e8099aa93d99ab21c02f8afeffa236196cf1f9ba7491693c32431c8459

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0eb9ec3c85d631ad8a6545b5ef4905e2
SHA1 1ab97addb00de5be5b9f59e715f400adf3ccfe1c
SHA256 3541be8510e62e53493e0a03c1d593d88768d07548dd5c07c1972a451ae32e7b
SHA512 aa1e2e320751ee97a2deaf5c97db9ec84174f12c249ecb2bb7829a64a0f7015e825243581fb05062bb5a150524355700fb8e2fa6d2edf1eb1f6a95f3bf1fd15a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 40f92a03c6e29ce35acd661a5e65d02b
SHA1 994e3711b317e9d6ab9e08ab351a73d5d4f8ca72
SHA256 f6ebb56d1f9bf988082c03823d1073482f456428e98197fa827546a84f384858
SHA512 bcadc0dd25b89e5aacc5b1b19401dda43bbd124d24b4089f8cf5081b453e5336a1572444a286c673f968d71e919ecac9edc40f01ab9ce24ca2157d011032b401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index

MD5 0af7105a069ce1b45a80188a70c4b019
SHA1 6e0e45a9778eb45ed11732d1ddaf539b2066a811
SHA256 a8af5cfcdf94bc0b7d275f025e6797be47125fa9e1932a8c7ffeebfb16548049
SHA512 56287d17cf30b8444455b706d095bf801c7586bbbe23929c1bf3fc83b45debfe4c1c76446988e03eccea443ee139c7e7d249de400d4e331d320c1c03168e4eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 01a2b2206faba810d476ff8642197eef
SHA1 2a6587882c21f8011e5a086416c6e48eba1fa04e
SHA256 b98e656770e3cd01831e853bc30f05f941dae682e9c2e84ab92612ddd4c1b4b1
SHA512 ee6542c48e7ad6fc8187df88369e4e60acb2da150502d6e47105811895eaf35cdffe7012e99b3100e033fd291e741fbbd49e19da94296aad6de6c2114924ef1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2bc7be32310c1d8487b070e928f91d81
SHA1 2e3056d792ca46d305588da658d4ce45b97b19d1
SHA256 d3a538a2762d35f4bd763d555ec9e7c324975a109123fba3b62f9b3525699f3c
SHA512 e030d2b8e33bf43fd330fb14f2be96caab61b8e802d352088052ffa269b82a42df71564466aacfb816570c53e2d41b4f893965001fcdbb411a132c45c1b14818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b9ded0069b0c5144e07be70c271102b4
SHA1 a44dd17aebcc02235296e9f0f81dbf3cb8180d32
SHA256 c90547cc5c009ae32b4d3593e6881affc3e8e8b63e1f77b94b93e3567522f9c2
SHA512 157bbf632c7bdf2d3735380a7ba7df307ea6f0ce03a17bbbcf8d17ae3e033ac6a01ad231bf9a8fff356e056590b3f8d759777bc746c362e030f5a20b528911aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b69bc22fb671837e4f303c9651251e67
SHA1 4cbe2004bf265f672a9276964bbb85899face541
SHA256 a1b58a76bad5f7c4d524f8e9b995223afccf8974ab50e4f812949d6ab8dd25d1
SHA512 66ab1fa63ffdf453d443e63015a81904b9af4542ce3d34e95f9e4034e294e64331abeb9191f89d3d7192080d5f50014006aeb1a23a7d986945a6435efbb3e130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd9d4a5a8630895b23730bf3d0ea5a45
SHA1 dcc14f851c33c1b987a5da5772e8583b4a376255
SHA256 5359f07ab74320fe317078e69f82914b48ccefbc816b35f92d2b7d0bac38a5fc
SHA512 8c3917b3bbe4991fcf3e8890620592a256c91ed1db09c88b441e26a210403576d3c28e5247f8b3788406cbe5398c202f97778a6071f3511a2a73d19e53a14674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 fd2233c557a06a6b9da52700555123dc
SHA1 9552735dfe2d3735a3d96a8e56b4ee9d605bdbed
SHA256 2d5e4dd8361f8ea6ea73c330886acdc6cac9bbd3cc4d447c6f115fe418e84539
SHA512 6c70ccf83415eb07fe573796b397cbf3220f3faca22beca0b3a763bb39226af02cb7f2cd2ff424ab075d74478cb7c54966b291198b47c5735737218d768c2a86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 676eb8a0a8567df00ced878d486a70d8
SHA1 ef56d12e3abddb76d85314bf76115140d2f50fcf
SHA256 7b10472228a8f61b9a152dbff160b3fbc3dcc7663175ec5a0a40fb2bdac93e16
SHA512 32ab782e88c2db08ea0975605f4f509a23bbdd6a74ab38bacbd70bb228c8a3e042f56d8049d95dea9f670f047d02ada87b60aa77b3e8a49da5d3751f0fbd3772

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 da07ea6bbc7742a4826a44c0e14de9fe
SHA1 f4350425c09309bd73e8ff72349300149d59a2ef
SHA256 ddeacb8f7911302dc166dd00b45b0543b575c1aeda61406af964cbd7b40420d0
SHA512 92aaea504d9e9614fbf5a85285aeab8d8e6389e240961c8d722d0b3114ddc2602d6ec0ff34a44900c253ce3694d9ef700ecda2fa8a93a1c56be08a06c798b53a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 9ffa372552c67dff9c0bc3cdb74c4fd1
SHA1 4b988ea18d121fd6463d0dabaaaead89078017f9
SHA256 1e3d2448b8e370c3be2c0048ad7001c7542ad10bf76a7ad13b8ed6553a200eb9
SHA512 94fb7f3d262b88c3625740c4adf5c306b49b2de847a3bb48960652132a03ba162773463e15d3891171b2826acc65f8d0bba7e453e9aaf3bc4ae1fd08f1aa995c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61259ddd0390093b233fdbf9fdc77f2c
SHA1 d02d678694be2e64885ce768637cafff6d6c8deb
SHA256 e66ad2b6d45f79fc8042fe86f97a14c8e4c8acf5d05192aa395c81e9247d336f
SHA512 85822911b9f3f5a1f815a7801235646a411906de8d249e2bd67e8c5b38b1a506f2cb5d08a3704c456192c606142cd70abfb41ea92b2c9b1ae5947aa2bda9c4c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 140c84358f190984a9ede701d3e91bce
SHA1 c39534254b33bbdb936592a07c3a543efce7546e
SHA256 8c0695657dfdbee8fa5871199a9bdcc14ade6529745eb45efe4af5c1bcef4926
SHA512 01873a8df58ae579f3d7c08f5cf6ab2f7316882b959313482058baff734e7b8ebd03ce2e8ea45b676b585025142332da244eae122b98ba7ef7b955139b7c65e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 edecf291a8427e307000d59667aadd2b
SHA1 02c3b122291336b2b0c28cba79ff1cd2568e8cb8
SHA256 bf580034de38828818f28b5b09fbe955322ddb85c8d451a7a1d0ffe923dd690c
SHA512 989c36b129578766afdc3ee7569b1e401f5c3d07fc0b11aea61d179ac37c7f73e3479e8ecb0ec99a9b608aacc7b5e367274e32ac3ac49212b183b568720a6176

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03b3363a8eb171d66ad972bdd618df8f
SHA1 bb89396620557a82c20e58c64758adbcfb38c64c
SHA256 a44e46a8e0cac4ee5a71c5ff3ec7cf604d62f2b0acb16b30f81cf6045e3b609f
SHA512 0d6495f53185d8c7eb021cfa1f6e14c29c749283ffc00fdceb78755ddd665e109d35f0b531e2341609c4f9912f579837b62be6c0bb924d2e5368bf2ad93eff33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 964d978820b6a7b69eb435cea1c9fc29
SHA1 9cbf63febf5bf7f31c10b94b093a060d20acfcfa
SHA256 86ae8f2f3fe7a466f4bb65a8114b89df06eb8c5076efc1050c0d61efb38cbe48
SHA512 773f8aa39e61f5c9ce363e4d11c7ca054fdde33bff5601a60b7db5e28c2c78a3c75e83385495b9491b260717d176dbd447052f5bc36b3bba6176209342fd990f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d01823a39d4ab685d04e47b59d43ef09
SHA1 39a4a2cee433c6b64669098bf15278b2b87fa433
SHA256 267839f53e7939e9d86a377e87dc9db9ba5c5ce62ad9331f3282e3dc2de7efdb
SHA512 de51a7fc977ce21ed78072dd58626a4a5a60b063f74a99b9c669eab035d09ccecaaeec750bcbe00297df0d385e63d1612e14be113de43b68c0d4dd77b4223899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37537e449938674310daff7efc6e4ec2
SHA1 70ce62fb4a08f328bd928d98473ac2c62ee72661
SHA256 90ac3d4c6ed3236dcd0f8cb5da148988154e5703d16e9ed0e5d5d71dc28e35d4
SHA512 792d1e49b41d1dd765c5d1c208c41b3e717779248d41d78dacd4c0f85863f611406e3126cf66b82deeb303cc6c3ee287b3db8cb9f2b00a1f25a7afca02297d90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 190702bee33264545fd274c8c91cac73
SHA1 514345fc3bb565c91aedd5c950cf194d4250957d
SHA256 0a62dd6ff5466d6634c71f3a8525927cb0c3439f9e99cf10c3d1fa1ad57bc084
SHA512 05d1dd7edf273bac7136d1544cfcffb69fe2c123f1698049ea83fa0e652d8e1a3807600b4ffab242fc726b87933efd97954732443277c83dff02e8d96cb114f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 10666fd7b9e1a759a6bcc0d965d690b7
SHA1 80cefe7ff7b997b1403972dc262106c26b19a4c3
SHA256 19f31a2469b6c00c262cc975c61bdf36221bdcbfc7ab985c532999eeb6b786fb
SHA512 3efdee03f1bc9f3a9536134cc39edc008e50060d0aec3333c40fbabc9704539db88a2abbe224a46985fa76e9c25c72770c0740e0782f037c925d78846eb56533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ec6b54ab62721b5e828d60a574ddceb4
SHA1 5d1625f418290a61fab6b30ec710c0a6a400220d
SHA256 16d4f049b0c5ac45120dc5fede18991366cde46afb2ad49e931ecc012a616f21
SHA512 d878ad6fb760f4d3ef1c2d7053b220caa9ff869b5decd13895faff0c9133e6a04da836afdb0bfea0b858fd977d14fe097cf0baf31fff7cd5502df54a69cfed10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19aa86a89e4343508b6db463a97b646b
SHA1 6c6812f06d6cffa4f355ea72070882a5c472da9e
SHA256 b33e7a23827b31f866696394eaf58e549d1a7e06919e334d989c1ad1050eb0c9
SHA512 0b034fc90ac59f3c18cad0d5d7a74fc5705cabf10e23f76bd726cb54809fff39ec52faf38628799ab566ba04cc201bd1abc60dd60fe193058d0b1c612a324c2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3e8319884133cf995fa84dadfacad98
SHA1 db6774bbfd0304612c461e4196f246ccb0998848
SHA256 9b9a470ad3196a4b8ca71e213600b0e13bcae1a663b186bab77ddf1233386924
SHA512 9d9532a38e79ba5662fadaef8bf8d83d9888d9f610e02dd3465f9dacf08dab3ef335f661e2568688bce36d57762abcb77f53c3a737b6dc46b6af7681b1563c31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30db551ca7b38da20d2eb9636b77ddd2
SHA1 7e8c3ef8e1e1682df2bd512257f2e41219ac110c
SHA256 4796a257a0a3f2a16dac02aebd17fbe88a2f5b3e7a0a41fcec5629b85c523cd0
SHA512 79636a3e550631cf42bc8699e9d6675b779d48fa2b666d65218439b6bb42ae22691020a6538aaac452c2aa24ef39f96bbae716f240ae20c5f0664084a62c6102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index

MD5 7d0cc1f92b1e4e58d89023a24cbc6328
SHA1 be78012e5e42ab41aeaf918e4f4a0dda07a03d48
SHA256 f8a9e75d1fe48a5fe276f8d07fe6f9b96366af3b28fd07fce3a4d3a3bfc1e4fb
SHA512 53ea61325929e3dbeceb7e49fd2d0a51bc10e41eb9ff3e29d46149a6ffd19f3074dda24c7498eef8172ebf8673bfb22a34e124433ee7f22be2d1d7e6374a98e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 99b86bc03af27e7d807424ec640a642a
SHA1 812c920f23ad749bdba07d7d8e5c52cc2bee5ea7
SHA256 26873ca3bd6c9279683d2dfff19f5fe64e46c82d01dbbd775ccf5036c6a3b971
SHA512 bdb3d55e8eb4652599f1418ce63259006fe43e8092a80ffbde69a214e96a358cc563b9daed369e7a283846329f7d5801e3b3fa800205fd0cc1b48942c7ac8b4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9051abd95d8b60f1cb6ac3fcc2b5e349
SHA1 775c5ed8a31b5c0c1e0b261a1187b9334abbac83
SHA256 a335fd826daacaa53ac11a0d4cb80d78da000a0c59a36f8eccd6d9f91559b4f3
SHA512 47c92347bb197c496948b087aed9991ec693082fcecba47a9d1770bbaa82ee207dacf058445b4dd9c19b61f2d9e896e506a0efb03c57b72001280682f3cdb942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\3cdb198e90f24fa7_0

MD5 8b44c73530459382274a349f62a89ae8
SHA1 6817830094da0bd88ed8a5bf4c8227d67d1674f2
SHA256 d2eccc15e74435139cbd63325fa04fc33994739458cb92d2eed1d676fa867bb0
SHA512 055dfc1beac76f2330a4873e81b39bdff71a2d8bb4623091bab3f551ff777bcd4f4705b0ff51cf15dff8ea5ce41a08b6450709acff70df3b3c238e20138c34eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\e6b56a88b3d010d1_0

MD5 5dc5cfed4d48e81068a23cc11964e4a0
SHA1 22b2967a0f9fc139bb48eabdce7a8e0d84d78f98
SHA256 cbfb56db1d1c20cda62080ce19c1c4363d77d2625226ea6515aea3d814df7f16
SHA512 b5e228f038bd87e12c07f320e0f9a42ae0e8fd052c597522a48e813bd95951fa1c9cdc5d6da34e50f7d6f787b31a14ca3edfee716ef4ae3a1199f4ebfc91cbe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\2e63cd3937e3ee4c_0

MD5 575163881afab469cf02bda5e38158c9
SHA1 369055e31ea8766232f43a63ca5953efa258bd15
SHA256 696820585e60751a278d31784e3d4e5b66d15386451a46c7c1179cdabfe622fc
SHA512 a70e2073d5c14c2c98564b9783d3a196e21196655aec06b82947f02e0c8c5aea9ea75052dabecef8b86ddc28fc856f4c86182ac997ba6c531fc7b21f33472fd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\d53dc615668330b5_0

MD5 ea0c93e4a2083191c787f192e4ae279c
SHA1 b13ab6edc6f3b8bab8d990db6fb40a8f7ab70c6e
SHA256 f09524a15a6bb89e0af0934f10a6f09c67b7efad630a1ec3224da9184f066642
SHA512 6d4a268f4eaa5d57876c639c1e382ebc03b57cc4609a8cf192e1301c723732fd336925759b5d8374bce324baec3cd09d5d7db2dfe906b0cedb1a4749279a4de1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\5a908b654bee3127_0

MD5 d2d51ef499d755fac1bbc01db1fdb79d
SHA1 69f957b153e1b0c93458af6fe3241693b0928e78
SHA256 1b70c10793ef8a628e2702098cf6a7a10b0cce014d6aa5004594cfd3d8b9c8d3
SHA512 48be4c908472436c8f87d2042023526807c62c5a77b2f37f7ca66b08e20016ba6a01f5706df5144794693520b9ec901fac81a6db8845be13fec74eac52d263f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\52d63d67b59f814a_0

MD5 2bec61f1507062b6577bb0ea2a5a4980
SHA1 767f3244165f75bbb56d28f647487467d1916137
SHA256 029c70080bc8b5c15dfe1c296b15053bdd9d38f1fbb59b1d8534d22d8dc7b5f5
SHA512 c2ad8ae9cd8df94c73f591acf3f5a344d39993c4be8667c6f8400aa0db1441dca43c461a8165f330c07f3f57a69cd29229bff3f8a5977935945e6f8f0a4239f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\5720364b2e5e45ce_0

MD5 636e9cd1ab4abb6f553c7415da1b4f3b
SHA1 bd50710af40424d74c986f996e56c983d711e59d
SHA256 04c0b82099cffac05c5567debfa15292d267b6bde614140e8d8547aa3f6ca5c3
SHA512 6e78545f5b86f657724b3f9220afb42f3af8b46d5007789bba54ad89e890bcce0d341893374e61f6fbcc8f87fcebea7494160d7e73344372dcd0772cafd10194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 26a4dbbc81a2c879a58ed7ffd87c31bc
SHA1 39eccf8a742ab268c279d8a38a9d6f2ac5e91ca8
SHA256 255dbda53535e4f261cc8d5b4aba72b60c87b2b93ebd337db58e225518fef0a2
SHA512 02b79b822bc32bf1b594ab3d86455be310a187d8116dccd98d408793f9d3c0059e2f6382c6c0d4d09663e8ada507c9b2086ef93ea54fa96171e8ebde35f0ed9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce7a6279c1b6f5c961c4779b9646681f
SHA1 f0cf78491b37fb061c733583a74834f1152eb529
SHA256 af856dac819eab91d4c074937bbe4a036e8fd65cb4b23cb74eaed9d2b5c9598d
SHA512 4b91ceb0485d9909100e1f830a700065f15d1f12a54ca69cccc996831e3b50fca13836e3183d71677bcfa5ac58563625cba3390cfd29d3959db22325ff9678e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be

MD5 fe7ece252c0149463b708a17ad0046c7
SHA1 0101929a0bfd9e6ec6a93102461447b3a83895c2
SHA256 ff27002995a1e236cf207001bd3074c36da08b222c1a36f2f8bf553ee049b4c4
SHA512 53fb8bfb73196d5b949133339664531adcf854bf5dc767f76212b84a3d10acd44e1096a1458a5e79dbcace721de9e4aa5b7dbad99cd39848d28067d21703d382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 72aa57842938e50c7add7300eadd6333
SHA1 94e3b3e4b97b3a55261f4c62328488d1175424b9
SHA256 f9576a07b311d2374922d370f31dc5b96d7f7ee52511540155bcd70b659dfe27
SHA512 b12f4a9685fa1a434a126e66669d1e3a01d66324fdb67baa2b91fa1961b72b4662fbab6f3281beb1938100c8e2954ab33de9a2b6e963ae1e5b01a2337c9745e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd35451ec299199e8059699bc7060332
SHA1 13d158181632fc1d0aec3e2c24c1b855622b5f2d
SHA256 6d15c98f5c238677fca165efa1d15cbc9e4abdd6d4348c229c531375ad40e019
SHA512 dbdd2ee324cf2f9eda30a124620130a50d3104bd7c7c2869ed0157f5ecfd232015090e87f780d1a2788bb916b5fb76d59b924ec35efd250b11be23ba1de3e6d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea7740cfe97e2702be453981ab816985
SHA1 688ac56361c13943322019757f48a6c2aadb162d
SHA256 50229f2f1308201af1a1d32d1b478e474b9276b8dfce73c73cdbc196f58e1435
SHA512 6cb800f6b0af6d67f70f18687fc907d782290da56a8c402f933deba9555ec364d8f8c46b05b2cbdda6df1d5362dbc3cb769f0170fffc2e339ddf1f8fd445078e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\23b18c1e8d80b179_0

MD5 946bd68cfa955610976854870ef105d5
SHA1 10505fb2011f2e4bb20e56b1923de678e61237f9
SHA256 0b20f5618c0e5dfc50ba91ca290d7718517ee65c4d8c44a575b365295f02edb1
SHA512 23fafd8c862f783d5a21e9992689ce9ee6ad93828b6c99624bb8287f4572cf34959ebb02ec2246c5076e8f6218391b3a8b24bb30407a1a8e16081ceee833a4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\c3177ebf0e62352a_0

MD5 9bab8c03a35b7595833440d7336ccb93
SHA1 15659a9a723224714907937cb5216d806e0fc3ea
SHA256 1009a4778533c51ebfce6d0ca6189746eb7595876da20ef373db128d44ed4816
SHA512 7fe81abe5b2d0deb90656bccfd461b131877162d682fcd6a845a111124b1052b677c9a4c8d73d0f0eb5ea89f38a1ba9eedd5b3962cda85ef5e38b47f0c33043a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\4134607f90dbe928_0

MD5 ee6730376d73fc101fd35c620e1e6379
SHA1 3d536477d1891832100e69e1f7c00204a0b11e49
SHA256 6dbb700226b6ea9ca462059bd6eaa7c2fac2acc30e6fee63e1832f41799575cb
SHA512 54b2190120b18d7edd218cfdfb6787e40384ca0d5a76e0107d5bfd58494cbb5c69d90a4236821b07f8b8ce7e40b5746fa97edf19642b8bf01bfb4764bc7dc12a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\fc6ac2678e1dfd2d_0

MD5 a8518dfc54646f436b6fda242c213e23
SHA1 cfd7818f597ca3943618c0646252d3ba262dbdd5
SHA256 de17d19e1e607faeeac3726832dd89b64acae953e4827d8e678b05a74e8d6198
SHA512 fe5c7e9bf58957ca4d94ce3f2226e94d723bec9745b33938fb80f8d6997ccf75a5100a206b9a3713bd4cabfb1f41a1de3c676c9e1937ff99fb5827e9d01d760e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\465028514c1b8b25_0

MD5 f03b19980a3db023b127e7bb4f5ff01a
SHA1 b7713e84b4b46b81e8f64cf846919364c4dde168
SHA256 62d03dbeda27d28ca237c50c1dba77e085f2e045c335af87206b35a5c3a82ac7
SHA512 0bf6e53ee457ecc790bcc0633e0a8225c2b09cc85ad39937a109ee4f1ded505012a64a019c5f1c36e277c38ad5c6442596fcb43a6a502b164fb85214f0414b9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\4550a01511f50674_0

MD5 7f2702e9720dc54155504216edd214ad
SHA1 68852a1648098b627dc937f0054215b3df07ccac
SHA256 a3f10ae3345c5d710e0ca96986ae8a2f268c472f5fb8ea6339c0c012f2906129
SHA512 5c630b23fae744fe0599e0c826c815d74a4830b8449a042635542e70da20b6cb69774b25d6c39e8ecd01c0e2f9f0fedff68b52993e060cb508e66643b62aea50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\71c440e7826a39c2_0

MD5 114167a743acc3762d3d3ae6bbff0c9b
SHA1 98a8f332a4372c9819f174a1762c00e956d8036b
SHA256 474acfbebe2e621339b97b062180fd37ea55361a6e7480e94d5be532dc8c155e
SHA512 2cdee0b7b286068d958c08f1ef9d2e35b4b767099e31e547980ba4d2c7c696daa1e6ebd97f58059e433abfd68a8bdb7c160e20b937306bd6b74b0d493bf0e547

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\127d7fc1f4a2bba8_0

MD5 fa5e5c717c694878fb4e62576c0305a7
SHA1 a1cd8106dbc8594ae328cd1e9b3357042fc39cb0
SHA256 e6398f8d6b6e21285ebff9e2d40fca2e30d66a48a01a1f0714eca76bb7b0b1cf
SHA512 0f00abf3e8543aa95f3410dcf82d710c1fdbbf98722fcd8a8501c2a31e59887b4bf83d77e58a911e2a30c7bc7d450864b78df5a353d744664de5663475dd51cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\b57983df0d220076_0

MD5 e82aa8b61cc736bd9301edf2e8aff974
SHA1 7a9d4cb55975aa1502a9b667b26b2bcabe7c269b
SHA256 e5d5e4ecf6bb899e8eb6d6d5dff149b7f20d60c723ce88dcd446fb8c5ac2ef1a
SHA512 0d8f503632eb19d57fda2131af5e23c9c494ce34fe4ef542f3ecaa2dd3c7cc38c1088a7c990ac9cae991dfaee7bed56a94f5509fa6096b15f16d1c229ee0e241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\08580d5df500cb4f_0

MD5 183249a49858dd0ffa7a38bdf956b4b1
SHA1 a02cedcf6ddb436d16869e827c03e06c62940552
SHA256 db6098982ca6df2535f417493a8679f6d730060f9e4d619ad16ddd6cc1421d19
SHA512 0a1a3926f4eb884a1d8e9eb11579b12d80504ebcb1330fad886a9120d879336e14c9174845a912d8b77d83d3098ec0b886e4f394994f429048fee1a993afb6d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\eacc3992a40cd2cd_0

MD5 2be6c18c631c91238fbb6824757626b4
SHA1 31bedb5637b4f7692746799146db80de564e2ba2
SHA256 d8830836debff5e7b232df5467077eed7e768ae110030b9e8e8d79d2c1ed20a8
SHA512 6aca15b6d08595e8a5d24eaf71b36148a2f180862cdad63673bcc91bed9442990c78a8c237c7839f75475a9867982f3127f3efa420a89fdf943a7c0078adc699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\048e351415e7f8ea_0

MD5 85e15f63ba5e78757e62da889d1a177c
SHA1 65408e43a03a2ee7dc8b13c9a9a139a5be167a71
SHA256 8605859909d5d5ff8c83d829d074e88855a03803bfc4d4b05dd46ec77dd04ac5
SHA512 ba7bc61ca4df4f03189af5c3e4f4fd600e63aafe876c86a47fd2f718ac3e3d1835480eb84a459b812333e99481e67574ba2d5805cc4bc6d622bb22a67d90c626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3a0970ffd1c7f887ea8e30b20f7a785
SHA1 9a55641b04d4c4a9c42135f4f3d3a8e3399dfdcb
SHA256 0ed1351c685fc489427c9f6e181335558fe1ce99c75ac714768c29ce0972ed98
SHA512 84b62932c95619cf74c151b6972ff661075dff8e4b6d8f41100ddc9ccfe0d250669842022183bf1eebae6afb85c4309de2a58d14ea7b96eb68a4ba886aaef6c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d8e46b687673a4e57a2883f54fb03f5
SHA1 fb6533c22ec714d6548ec26e695eeded3c3fca69
SHA256 e6f0d170375f0495601c613a9cb8766b3ebf990e3117438b3b6bb6dfe057b524
SHA512 d0b2c54b4851cb357ff513747e420f0668c1273759bf548b43d1645aa7b85f33320584ae6d4357b26497a05b20ef8b62cb33fbbb771bda8ead4fced40edf3757

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index

MD5 e1c5ff36654414cf3d4e74811fd325a6
SHA1 9ddd64f5caf40f24531c33f54da994f4b4e039fd
SHA256 85631222ce204433d1cc723f5ebe7a3e5ff78fd1f2c3fd438b1903fa7d606d1f
SHA512 3cea66867e960d4c100eed1a37483d30f7afd60679bdbf82be0785b5788df7fb694c057d444b4cc8e37e5508f79b12b900c2d5fc756dc2298beff3679e726c32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a072f73a4086a15433618e3d390a689
SHA1 00b3084740a13945be47723bf406708d13efad93
SHA256 8b31a87618fe03e6dfd5e19d4a8a52da915c4e4110f6150fe949fa216b42f107
SHA512 87b2dfe778e51e00b9cd0e47a83be38d3921fc9a0829d61e65589e22ca32c78584842e046e0be202c910981ca3bd14219fd143063630c489b60aa7918ce6a06d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index

MD5 019b008535b8733832bec34b51826327
SHA1 3e348d776490d51a52236b9a834e70e26fa51532
SHA256 bd4de1799f55dd84339dee127c5efd49d9082b963b5e04281b99b089bde993ec
SHA512 1fd72baa941482e2a610f47488c7a84af2dc0ff7da7eae213058cf1c04567d2aca6f1286087092937901b9594d57c792bbd1d3318a87fb371538e5970f493d37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 27d0ccf383734d5f39daf29af95882d5
SHA1 37266fbbd9b10cce8fbbdab048f0b24453a8d910
SHA256 1162a7bbe57ce71e857176c7523d39d78bb1f09563ce7a8856aae816162808b4
SHA512 3987067342520304c2930ff9617c9d0de6315d065de074415a2301459c41a39a4ea1e733ae7e71e3494f7bbbf4e50b38b805c6b3081f18390bf541bbe098df71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old

MD5 4fed1c11de850a56b94a7f493a61a69c
SHA1 19344eda98919cae7385d9991e7b65226063ec86
SHA256 1698efb4fcd4d45d577e1e70cd8fe5b3a84c6f19d8d8c15955bf0d401cd5557f
SHA512 0a2cb6960b00a717bd2589111f38a9021748f208b2aba8e0d8557c9e84e52adb40d3f414e07e59b87c08d830395f3e7b6d6fa9be6f65d65d44faec3e2dd3a0ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old~RFe612395.TMP

MD5 3e97f254af2687f31f4c80a0a2592aea
SHA1 325f0d74f65046d875de5c84b9ae27a93ede619a
SHA256 72eff14da649a522fd3335a79a971a1442f2168bd4ace162ff98c680407f2c9c
SHA512 1434721403aebc2778e011281bdffdeba89bbf20bd9851e1f654cb865de9a000a52edc5377320ebc3b9aef468469a96962ec908cec161002ca9af45a41429d04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c86fd435b802d4021c2e03beae04586f
SHA1 4ed04b4c8d39af580193535abbaea38fde761c1b
SHA256 e4e3d01b3bf7764c11bc1998d1c0d585b0b14daddec863334f5e6da62e674774
SHA512 02af752eb268fe05a085038050cdcb95ce1887768dff17275c20c8be59a69c0f475bb341f0af8013224f99cc960d5a0b5ab3572aa21a3c2fd4d91476e382ca7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5edba30e5569cda2ab642aa7cc8cad7
SHA1 c13aab12038501c979a5e9cdca24f56ffd470003
SHA256 26872560056c927d9219940745245ff569d7159ff5e1765062df19e55f8f53d0
SHA512 076f97c87f6fc3ca393392a30bb0372ad5aa7f544a65830d346abb29aff02ead2ec51a24c446597f5a5d6a548baf618e3863a941092200126b1f936aa94e9d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fd766fe936ab1412e6ce7d3c9da1bec1
SHA1 1a9fa90a2887b821e74fd1b076830b8fea6db25b
SHA256 fe466b6f9662938d45afca673ceca11ff28b98fbce7a3840802b80d4666b7810
SHA512 0334436bf80da2bd5650449604df2ebb3bd1cb3b1d9a2cd6de0f7d2445521fc6fd643d147f2bf009e7a0fc43ecf30958ca6a3a46612bfe15c6107d6a776388ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64bb769b383f1db10f94be595c5a7e38
SHA1 064bb48bcd949767387ea006cdbcde4791d14e6b
SHA256 40f8ca0b4905c862fcb6d653be6b7ee776ebdf51233341757e8613213e7e0245
SHA512 7f80536b89e4a3268ee01057225014d4648471eeb51eea54368f6069d444f0376bda6e7b218afdd1e5ceec1f1e3f9e4536156c8448edb8ee4d33536be0da1ab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 76a8e0072baac4e5084ad50eb5a65800
SHA1 972bde99d6d8be070029f75a78f3da7e6c733cfb
SHA256 36738a7b4c871fb3c2a40350dc782855292ec7b3781200e839302681b535ace8
SHA512 5cd5c9f912e0dbfa2abe6b5fc7be4bc15d9e8b7b0243ff57300ea2b515e35de0e7faa1160f902afba47bc05794119716ca972d1cd053cd1e090d578525d9a5f7