Analysis Overview
SHA256
d50ad141854cca0a356de2c38f533ae4e87bb9379d96f656f12fb75c94024cc8
Threat Level: Likely malicious
The file Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Modifies Windows Firewall
Adds Run key to start application
Drops file in System32 directory
Detected potential entity reuse from brand microsoft.
Loads dropped DLL
Drops file in Windows directory
Executes dropped EXE
Drops file in Program Files directory
Checks installed software on the system
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Enumerates processes with tasklist
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Runs net.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 01:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win10-20240404-en
Max time kernel
314s
Max time network
1592s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win11-20240611-en
Max time kernel
1484s
Max time network
1503s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com].rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win11-20240508-en
Max time kernel
1799s
Max time network
1716s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643578972060089" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd12f5ab58,0x7ffd12f5ab68,0x7ffd12f5ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1524 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4892 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4092 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2424 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3272 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2028 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3284 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4092 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3832 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3328 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8a7ac94930d209501b0db1d175b833a0 |
| SHA1 | 78c30f85d70459464e0a0918b62b556008b65642 |
| SHA256 | 068a00a89cb7edf68c2864a3f94ef2cbdda9337f83569eed1aa9e1d2c05b4fee |
| SHA512 | d7409fd49bab60df6a88133fe072fc3b77feda45656058456a4fd746e6237a278d98f9877ae731b89bbe441015101af6d96803ca57ebf91fe7e430ddb075b70c |
\??\pipe\crashpad_1776_HISLBGTUJOGBBAIM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1edb2f2d-9e28-47f5-a67b-4c435ecc3cb6.tmp
| MD5 | d4593c547774c4f3a0bec229405367f3 |
| SHA1 | b6636fc1e90171dd468c763bd088904e9976cea1 |
| SHA256 | 23a51aeb69a5e24872e504ff2d977e265f05233a2597da392b92aa933c6e13fe |
| SHA512 | 00d2e2abda098688a1ee792ac5e6eae052b6274a8c8242599bdcf75930250200936f1c938e89725b6b39226fcce2200907c308f7aa410c4feac441f0608c52f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18cef4b0e064f7a4941ef611864200b3 |
| SHA1 | 80be32d87fe54d4f1d5e0bd429d7efb8ee0a5adb |
| SHA256 | 0469b9e83bb389605fe9307493e403b2fccb24b68a322e7af4eff8ea2adf7194 |
| SHA512 | 556f7f6f2d70adc3be05f40653448daa0fc5b227dbc161e99f74ff5fcba8339871d53efefd0e35a98c37b66cbf1a3ffa1e0cb99c83c8f0caec4dab78013e53c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 05f74a00effe0b3211ac3f53a92e72ac |
| SHA1 | 8d494feb310d54c42e25856b81a1750d430e5da5 |
| SHA256 | e94d67353c61ccc8b3b0b29b16ec4b4ea573c5e2ddcd8322aaaedb88cd10e8f1 |
| SHA512 | f6d4f3db2bb9240bdc51412ecdef69364cc5a71cb936ca77d202b9237682efbd24f3f1f0044614dcacbdae4e43164941fa570976a664f6b41410d55744bc65b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586f20.TMP
| MD5 | 3bba1399dc975b046d7ed68b5ed2048a |
| SHA1 | 38539354fadefb083b4296ce188f25a9ac63f0d3 |
| SHA256 | d3d6fce51fcdd7ab8ced46202eb709d21f39adefa2c847ca514d2a25f695bcb8 |
| SHA512 | 5481d59b578109d59ea55c8e6441ead754b37cf07b88f6b9932e314910652ec5fbd67fcf204efc02363db2617ca03c217ab0a9773adb57ef67be197026a21742 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1b5825ddb76016e731ce4b1f350874f |
| SHA1 | d641294c929dfed6f17bc741ca5b2229d181639b |
| SHA256 | ff66869426b0b13287fd5f5f1f28edd322244eb3b568a0ac1579a9e94997a5c8 |
| SHA512 | 4e7992dd18720167c891ae54410e24c3384591ac461101f3ac2dc5fa67ac2a2659232d5569ef495ce1cbc984738c6e04f598df49e1b17cd9f5da18759ff1ddfb |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win10-20240404-en
Max time kernel
314s
Max time network
1600s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe
"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | f.f.f.f.9.d.a.0.2.d.e.b.0.9.0.8.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
Files
memory/3336-0-0x00007FF9E08B3000-0x00007FF9E08B4000-memory.dmp
memory/3336-1-0x0000019C6CB10000-0x0000019C6D05E000-memory.dmp
memory/3336-2-0x00007FF9E08B0000-0x00007FF9E129C000-memory.dmp
memory/3336-3-0x00007FF9E08B0000-0x00007FF9E129C000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win10-20240404-en
Max time kernel
494s
Max time network
1598s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win10-20240404-en
Max time kernel
1792s
Max time network
1588s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$501FE,66753197,750080,C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
"C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=9251837d-e9a5-4229-9a78-b1085d98b1bb -o C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\deviceId.txt
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
"C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"9251837d-e9a5-4229-9a78-b1085d98b1bb\", \"country\": \"United States\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
"C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"9251837d-e9a5-4229-9a78-b1085d98b1bb\", \"country\": \"United States\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wsw.voicemod.net | udp |
| GB | 13.43.198.129:443 | wsw.voicemod.net | tcp |
| US | 8.8.8.8:53 | 129.198.43.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s2s.mparticle.com | udp |
| US | 52.1.237.99:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 99.237.1.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.249.124.192.in-addr.arpa | udp |
| US | 52.1.237.99:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
Files
memory/4400-0-0x0000000000400000-0x00000000004C5000-memory.dmp
memory/4400-2-0x0000000000401000-0x00000000004A9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-K8DFK.tmp\VoicemodSetup_2.6.0.7.tmp
| MD5 | 3b93628e07e9a9352cb7ea41c59ef578 |
| SHA1 | 48615d4428539e9f0af70153656f3e8ae4e2589c |
| SHA256 | 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60 |
| SHA512 | fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2 |
memory/200-6-0x0000000000400000-0x0000000000681000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\idp.dll
| MD5 | 55c310c0319260d798757557ab3bf636 |
| SHA1 | 0892eb7ed31d8bb20a56c6835990749011a2d8de |
| SHA256 | 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed |
| SHA512 | e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57 |
memory/4400-12-0x0000000000400000-0x00000000004C5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\curl.exe
| MD5 | 1c3645ebddbe2da6a32a5f9fb43a3c23 |
| SHA1 | 086f74a35d5afed78ae50cf5586fafffb7845464 |
| SHA256 | 0ba1c44d0ee5b34b45b449074cda51624150dc16b3b3c38251df6c052adba205 |
| SHA512 | ccc9534a454971db0014ba0996d837a36cda0b91db32a93d73f17097825b1ab7c973601586d06c953bc79d2863c52c7db0fb4d04e37f83581a27e1cf7284224b |
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\deviceId.txt
| MD5 | becefc83c0f3a0ee7dfecc5fcb232fe9 |
| SHA1 | e1b8cd17c04d6a18e6bd9cc324bb305984659289 |
| SHA256 | 4a3531076c76b91698360148958a81f04e2b5fc3b446728250fe91daeb1ba166 |
| SHA512 | 9f011d4a08e81d61f04bd7b4340eaae27fc295897e5b3c1a38d63a9e66e5b1fe1dbe9465689f2a3f6ad66308053ab8ab1a0bd538e5c6a78cde5f069056c3e1a4 |
C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt
| MD5 | 62fbe89e25a8c4578a2c23f9b2d9c5b7 |
| SHA1 | 16fac837514602a185ba45e9b5182b43c08f7f4d |
| SHA256 | 728009382433be470dca2c84155692ecd809e7d1d001b1ff23eb3a6f326cb277 |
| SHA512 | 7993fa6c8d0f7473c2a7a2a68280a29e7b181b24e911ce94b33e5240936d08f6dbc46ae0a7a760c84bd8ca50701087606f1ebe173eceaa0f7827a3490c53213d |
C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt
| MD5 | 7954abe298935814bbb47fb91bb3f34d |
| SHA1 | 5a1f4b8d7a59b064c5c08f270e3bdec3635ca140 |
| SHA256 | 92e68dd079e9b45a3fdaaab54292e9f42a1415ee6be48bd855210e85b2b1c94f |
| SHA512 | 03573303ea3b32596da10c2e5a9165eb49377f615419bc65b45947638c1936f9e24e41574395048e3551cf189d31045ae9629b1ff7fc83f90774ec88cec9e9a7 |
memory/200-34-0x0000000003460000-0x000000000346E000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\botva2.dll
| MD5 | 0177746573eed407f8dca8a9e441aa49 |
| SHA1 | 6b462adf78059d26cbc56b3311e3b97fcb8d05f7 |
| SHA256 | a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008 |
| SHA512 | d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a |
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\bg-top.png
| MD5 | 229152b01d238ac58d066bbdd45219bf |
| SHA1 | b47d2070eb77d723f925f36c902c6cefd5bb1c31 |
| SHA256 | acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e |
| SHA512 | fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30 |
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\bg-inner.png
| MD5 | 4a1378ccbcbcf4a320bfc4d63aabef36 |
| SHA1 | 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5 |
| SHA256 | f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a |
| SHA512 | 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e |
C:\Users\Admin\AppData\Local\Temp\is-GTCKO.tmp\buttons.png
| MD5 | 84d27be69f0f13909dab87c1cb270a29 |
| SHA1 | cb3a480bf9d790342e12775b4d50c350475f3bb5 |
| SHA256 | ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de |
| SHA512 | 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a |
memory/200-88-0x0000000003640000-0x0000000003780000-memory.dmp
memory/200-98-0x0000000003640000-0x0000000003780000-memory.dmp
memory/200-108-0x0000000003640000-0x0000000003780000-memory.dmp
memory/200-103-0x0000000003640000-0x0000000003780000-memory.dmp
memory/200-93-0x0000000003640000-0x0000000003780000-memory.dmp
memory/200-111-0x0000000003460000-0x000000000346E000-memory.dmp
memory/200-110-0x0000000000400000-0x0000000000681000-memory.dmp
memory/200-117-0x0000000003460000-0x000000000346E000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win10-20240404-en
Max time kernel
314s
Max time network
1599s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win11-20240611-en
Max time kernel
1484s
Max time network
1500s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe
"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Crack\VoicemodDesktop.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/4544-0-0x00007FFF60233000-0x00007FFF60235000-memory.dmp
memory/4544-1-0x0000023B63F80000-0x0000023B644CE000-memory.dmp
memory/4544-2-0x00007FFF60230000-0x00007FFF60CF2000-memory.dmp
memory/4544-3-0x00007FFF60230000-0x00007FFF60CF2000-memory.dmp
memory/4544-4-0x00007FFF60230000-0x00007FFF60CF2000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win11-20240508-en
Max time kernel
1736s
Max time network
1748s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3240 wrote to memory of 1540 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3240 wrote to memory of 1540 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\Readme _ password 123.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-02 01:36
Reported
2024-07-02 02:07
Platform
win11-20240508-en
Max time kernel
1799s
Max time network
1173s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\mvvad.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\SETFF99.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\drmk.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\SETB4A0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\drivers\SETB4A0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\drmk.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\portcls.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\drivers\SETFF99.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\portcls.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Voicemod = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3B6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE02.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3B6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE13.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE02.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE13.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\SETB3C8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99}\mvvad.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{54cb6315-9215-0d4d-bd56-29aab9204c99} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\vmdrv.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mvvad.inf_amd64_307d82593046a239\mvvad.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE14.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{7f4932e6-af8e-d24c-84b9-5e8c992bed1b}\SETFE14.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Http.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-RQMM0.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-13I0J.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-KU4P7.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-CC9H9.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-63L28.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\System.Data.SQLite.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-OA0BS.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-C2BR8.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Routing.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\cef.pak | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\System.Memory.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-S3RHU.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-LTT5A.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-22GR2.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-0P2E8.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-C21LP.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-TOV9I.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-C61VV.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\CefSharp.Core.Runtime.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\zh\AutoUpdater.NET.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.IdentityModel.JsonWebTokens.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\CefSharp.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\icudtl.dat | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Hosting.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.IdentityModel.JsonWebTokens.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\fr.pak | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-I08TN.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-SE51G.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-1BULT.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-9POP4.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-JSM0L.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-AME0F.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-76P5B.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-SA2EM.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Localization.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\da.pak | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-CM5JL.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-6KAFJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-L5PDO.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-6IRB4.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Server.Kestrel.Https.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-5IQUK.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\NLog.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-EV0PN.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-SH9OB.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Configuration.EnvironmentVariables.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-T9GJK.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-676HD.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\Microsoft.AspNetCore.Hosting.Abstractions.dll | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-K663C.tmp | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\de.pak | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\locales\is-RGU0Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\locales\am.pak | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\driver\is-KGHTU.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File created | C:\Program Files\Voicemod Desktop\is-QDR95.tmp | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\driver\defaultdevices.txt | C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe | N/A |
| File opened for modification | C:\Program Files\Voicemod Desktop\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File created | C:\Windows\INF\c_media.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.pnf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{4D59E0E2-5AF5-41BD-84D0-D7C85F8F62B0} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command\ = "\"C:\\Program Files\\Voicemod Desktop\\VoicemodDesktop.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{2EF04503-52A5-48DE-868F-07A2116C00A3} | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon\ = "VoicemodDesktop.exe,1" | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\ = "URL:Voicemod Command Protocol" | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\voicemod\Shell | C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp" /SL5="$6020A,66753197,750080,C:\Users\Admin\AppData\Local\Temp\Voicemod Pro 2.6.0.7 (x64) Multilingual [PeskTop.com]\VoicemodSetup_2.6.0.7.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=15439030-dbba-449d-b460-326ebc585651 -o C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\deviceId.txt
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpLicense\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"2\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectDir\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"6\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpSelectTasks\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"9\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon install vmdrv.inf *VMDriver
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a7bd73e8-490c-a545-a4d0-b2f18a550b44}\vmdrv.inf" "9" "499a51a03" "0000000000000140" "WinSta0\Default" "0000000000000160" "208" "c:\program files\voicemod desktop\driver"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2020.9.25.0:*vmdriver," "499a51a03" "0000000000000140" "3349"
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-9ce275fde2ae0e4fa29e7be3416716f8:I9wI9bIvnwhEBAHqgGq3iwgv6F_rq98MMw45315t6FXIOcfqtzsfedlzBqqhJBb- -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"roku\",\"roku_publisher_id\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.6.0.7\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"True\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --field-trial-handle=76368,9746115217409457502,988163329435870738,131072 --no-sandbox --disable-gpu-vsync=1 --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --lang=en-US --cefsharpexitsub --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --service-request-channel-token=8974918378777404042 --mojo-platform-channel-handle=67704 /prefetch:2 --host-process-id=2464 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --field-trial-handle=76368,9746115217409457502,988163329435870738,131072 --disable-gpu-compositing --service-pipe-token=13316085170771774197 --lang=en-US --log-file="C:\Program Files\Voicemod Desktop\debug.log" --log-severity=disable --enable-system-flash=1 --cefsharpexitsub --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=13316085170771774197 --renderer-client-id=3 --mojo-platform-channel-handle=115844 /prefetch:1 --host-process-id=2464 --custom-scheme=resource|T|F|F|T|T|F;resx|T|F|F|T|T|F;fmeme|T|F|F|T|T|F;fvlabvoice|T|F|F|T|T|F;fcorevoice|T|F|F|T|T|F
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000518 0x0000000000000534
C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe" /NOCANCEL /SILENT
C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AJNQ1.tmp\VoicemodUpdate_2.43.2.0.tmp" /SL5="$50250,115887019,720896,C:\Users\Admin\AppData\Local\Temp\VoicemodUpdate_2.43.2.0.exe" /NOCANCEL /SILENT
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=15439030-dbba-449d-b460-326ebc585651 -o C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\deviceId.txt
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Open\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist > C:\Users\Admin\AppData\Local\Temp\\tasklist_unins000.exe.txt
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpWelcome\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"1\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpReady\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"10\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpPreparing\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"11\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpInstalling\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"12\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Install\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
"C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe" defaultdevices.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\setupDrv.bat""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process 'setupDrvAdmin.bat' -Verb runAs -WindowStyle Hidden -Wait"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Program Files\Voicemod Desktop\driver\setupDrvAdmin.bat"
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe remove *VMDriver
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_delete oem3.inf
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\vmdrv.inf_amd64_d69cebb32d098656\vmdrv.inf" "0" "48643ea57" "00000000000000F0" "WinSta0\Default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "voicemodcon.exe dp_enum"
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon.exe dp_enum
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Communications --format Raw --fields ID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Multimedia --format Raw --fields ID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --default --flow Capture --role Console --format Raw --fields ID
C:\Windows\system32\net.exe
net stop audiosrv /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop audiosrv /y
C:\Windows\system32\net.exe
net stop AudioEndpointBuilder /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder /y
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
voicemodcon install mvvad.inf *VMDriver
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\mvvad.inf" "9" "499a51a03" "00000000000000F4" "WinSta0\Default" "0000000000000140" "208" "c:\program files\voicemod desktop\driver"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11e5016dc2:VOICEMOD_Driver:2022.6.1.0:*vmdriver," "499a51a03" "00000000000000F4" "3349"
C:\Windows\system32\net.exe
net start audiosrv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start audiosrv
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Communications
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Multimedia
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setdefault --id="{0.0.1.00000000}.{40a8d4aa-d61c-4ce9-8863-b06dffa6ac6b}" --flow=Capture --role=Console
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Voicemod Desktop\driver\disableDrv.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe get --name Voicemod --flow Capture --format Raw --fields ID
C:\Program Files\Voicemod Desktop\driver\AudioEndPointTool.exe
AudioEndPointTool.exe setvisibility --id="{0.0.1.00000000}.{cceb0de6-8e2a-4aca-b0f7-bc5fe11d3608}" --visible=false
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall delete rule name=all program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="Voicemod" dir=in action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="Voicemod" dir=out action=allow program="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step PostInstall\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Page wpFinished\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\",\"page_number\": \"14\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
C:\Windows\system32\curl.exe
"C:\Windows\system32\curl.exe" -u us1-760719ecefb3654a9377029b145d3706:fz_LnFaF0dOp3ih1I1jB_678-A5yc8Sj4woz-2whrU37YgWiq8_jIpGev6khPc4U -v https://s2s.mparticle.com/v2/events -H "Content-Type: application/json" -X POST -d "{\"user_identities\": {\"other\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"device_info\": {\"platform\": \"Android\",\"android_uuid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\"},\"mp_deviceid\": \"0f53e42a-5f24-4cfc-97b3-3ad130d9eb70\",\"events\": [{\"data\": {\"event_name\": \"Installer Step Done\" , \"custom_attributes\": { \"version\": \"2.43.2.0\", \"machine_guid\": \"15439030-dbba-449d-b460-326ebc585651\", \"country\": \"Unknown\", \"locale\": \"en-US\", \"is_new_user\": \"False\" }},\"event_type\": \"custom_event\"}],\"environment\": \"production\"}"
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=gpu-process --no-sandbox --enable-gpu-rasterization --disable-gpu-vsync=0 --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=10480 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=175424 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=115844 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=227108 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=87996 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=renderer --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\Voicemod Desktop\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=113496 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.voicemod.net/?url=https%3a%2f%2faccount.voicemod.net%2f%23%2f%3faction%3dlogin%26ws%3d59129&origin=desktop&u=15439030-dbba-449d-b460-326ebc585651&appVersion=2.43.2.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffca8a23cb8,0x7ffca8a23cc8,0x7ffca8a23cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-severity=disable --user-agent-product="VoicemodDesktop 2.43.2.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voicemod Desktop\debug.log" --mojo-platform-channel-handle=227016 --field-trial-handle=7928,i,8843349815839568617,15782940378356559872,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2660 --custom-scheme=resource|25;resx|25;fmeme|25;fvlabvoice|25;fcorevoice|25
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7196 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11573548113052937059,4785726272533994872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wsw.voicemod.net | udp |
| GB | 13.43.198.129:443 | wsw.voicemod.net | tcp |
| N/A | 127.0.0.1:49738 | tcp | |
| N/A | 127.0.0.1:49745 | tcp | |
| US | 52.1.237.99:443 | s2s.mparticle.com | tcp |
| US | 8.8.8.8:53 | 129.198.43.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.237.1.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 52.1.237.99:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:49838 | tcp | |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:49873 | tcp | |
| N/A | 127.0.0.1:49876 | tcp | |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:49879 | tcp | |
| N/A | 127.0.0.1:49883 | tcp | |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:49886 | tcp | |
| N/A | 127.0.0.1:49900 | tcp | |
| N/A | 127.0.0.1:49917 | tcp | |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:50370 | tcp | |
| N/A | 127.0.0.1:50373 | tcp | |
| US | 18.211.125.192:443 | s2s.mparticle.com | tcp |
| GB | 3.11.187.130:443 | wsw.voicemod.net | tcp |
| N/A | 127.0.0.1:50431 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 34.38.70.171:80 | sdk.voicemod.net | tcp |
| US | 172.64.152.183:443 | redirect.voicemod.net | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | tcp |
| N/A | 127.0.0.1:50620 | tcp | |
| GB | 3.11.187.130:443 | wsw.voicemod.net | tcp |
| N/A | 127.0.0.1:50624 | tcp | |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:50753 | tcp | |
| N/A | 127.0.0.1:50757 | tcp | |
| N/A | 127.0.0.1:50759 | tcp | |
| N/A | 127.0.0.1:50761 | tcp | |
| N/A | 127.0.0.1:50763 | tcp | |
| N/A | 127.0.0.1:51280 | tcp | |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:51284 | tcp | |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| US | 3.213.147.222:443 | s2s.mparticle.com | tcp |
| N/A | 127.0.0.1:51319 | tcp | |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 172.64.152.183:443 | redirect.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| NL | 23.218.64.21:443 | cdn.xsolla.net | tcp |
| US | 216.239.34.21:443 | ts.voicemod.net | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| RU | 185.30.21.21:443 | secure.xsolla.com | tcp |
| US | 151.101.2.133:443 | mp.voicemod.net | tcp |
| GB | 13.43.198.129:443 | wsw.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| US | 151.101.2.133:443 | mp.voicemod.net | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | tcp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| GB | 52.97.146.178:80 | www.outlook.com | tcp |
| GB | 52.97.146.178:80 | www.outlook.com | tcp |
| GB | 52.97.146.178:443 | www.outlook.com | tcp |
| GB | 40.100.174.210:443 | outlook.live.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 151.101.65.181:443 | play.vidyard.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | 137.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt2.microsoft.com | tcp |
| NL | 184.30.249.69:443 | assets.adobedtm.com | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 69.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 20.189.173.17:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.17:443 | browser.events.data.microsoft.com | tcp |
| GB | 40.100.174.210:443 | outlook.live.com | udp |
| US | 20.189.173.17:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.17:443 | browser.events.data.microsoft.com | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| NL | 2.16.27.199:443 | client.hsprotect.net | tcp |
| NL | 2.16.27.199:443 | client.hsprotect.net | tcp |
| US | 35.190.10.96:443 | collector-pxzc5j78di.hsprotect.net | tcp |
| US | 35.190.10.96:443 | collector-pxzc5j78di.hsprotect.net | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.204.67:443 | tcp | |
| US | 54.157.126.25:443 | s2s.mparticle.com | tcp |
| GB | 216.58.204.67:443 | udp | |
| FR | 18.244.28.117:443 | iframe.arkoselabs.com | tcp |
| FR | 18.155.129.16:443 | client-api.arkoselabs.com | tcp |
| GB | 52.98.207.178:443 | outlook.live.com | tcp |
| NL | 23.73.0.183:443 | res.cdn.office.net | tcp |
| BE | 2.17.107.176:443 | exo.nel.measure.office.net | tcp |
| US | 20.189.173.10:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 23.73.0.183:443 | res.cdn.office.net | tcp |
| GB | 52.98.207.178:443 | outlook.live.com | tcp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| IE | 13.74.129.1:443 | c.live.com | tcp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| IE | 13.104.208.162:443 | storage.live.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| FR | 40.79.150.120:443 | eu-office.events.data.microsoft.com | tcp |
| BE | 2.17.107.105:443 | th.bing.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 185.89.210.153:443 | m.adnxs.com | tcp |
| FR | 40.79.150.120:443 | eu-office.events.data.microsoft.com | tcp |
| NL | 184.30.249.10:443 | cdn.adnxs.com | tcp |
| NL | 184.30.249.10:443 | cdn.adnxs.com | tcp |
| GB | 20.77.247.185:443 | consent.config.office.com | tcp |
| NL | 184.30.249.10:443 | cdn.adnxs.com | tcp |
| NL | 184.30.249.215:443 | widgets.outbrain.com | tcp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.247.77.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.249.30.184.in-addr.arpa | udp |
| US | 13.107.6.156:443 | admin.microsoft.com | tcp |
| NL | 184.30.158.108:443 | images.outbrainimg.com | tcp |
| GB | 151.101.190.132:443 | mv.outbrain.com | tcp |
| US | 64.74.236.63:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.63:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.63:443 | log.outbrainimg.com | tcp |
| NL | 184.30.158.108:443 | images.outbrainimg.com | tcp |
| NL | 184.30.158.108:443 | images.outbrainimg.com | tcp |
| NL | 184.30.158.108:443 | images.outbrainimg.com | tcp |
| US | 13.89.179.9:443 | browser.events.data.microsoft.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| GB | 40.99.201.226:443 | outlook.live.com | tcp |
| US | 64.74.236.63:443 | log.outbrainimg.com | tcp |
| GB | 40.99.201.226:443 | outlook.live.com | udp |
| US | 35.244.178.73:443 | sentry.voicemod.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 104.18.24.109:443 | apply-creditcard.oceanfinance.co.uk | tcp |
| US | 172.64.155.119:443 | privacyportal-uk.onetrust.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 3.165.111.23:443 | www.datadoghq-browser-agent.com | tcp |
| US | 172.64.155.119:443 | privacyportal-uk.onetrust.com | tcp |
| US | 34.149.135.19:443 | logs.browser-intake-datadoghq.eu | tcp |
| NL | 185.89.210.153:443 | ams3-ib.adnxs.com | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 52.97.211.178:443 | attachment.outlook.live.net | udp |
| NL | 2.16.27.215:443 | res-1.cdn.office.net | tcp |
| GB | 52.111.242.2:443 | loki.delve.office.com | tcp |
| NL | 2.16.27.215:443 | res-1.cdn.office.net | tcp |
| NL | 2.16.27.215:443 | res-1.cdn.office.net | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| IE | 20.50.80.214:443 | eu-mobile.events.data.microsoft.com | tcp |
| IE | 20.50.80.214:443 | eu-mobile.events.data.microsoft.com | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 104.18.40.148:443 | privacyportal.cookiepro.com | tcp |
| US | 104.18.40.148:443 | privacyportal.cookiepro.com | tcp |
| US | 104.18.40.148:443 | privacyportal.cookiepro.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 3.11.187.130:443 | wsw.voicemod.net | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| FR | 18.245.175.16:443 | static.hotjar.com | tcp |
| FR | 18.164.52.40:443 | script.hotjar.com | tcp |
| BE | 2.17.107.105:443 | r.bing.com | tcp |
| BE | 2.17.107.105:443 | r.bing.com | tcp |
| BE | 2.17.107.105:443 | r.bing.com | tcp |
| BE | 2.17.107.105:443 | r.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 3.11.187.130:443 | wsw.voicemod.net | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| RU | 185.30.21.21:443 | secure.xsolla.com | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | udp |
| NL | 185.89.210.90:443 | ams3-ib.adnxs.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| GB | 52.98.236.114:443 | attachment.outlook.live.net | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| BE | 35.205.157.23:443 | api.voicemod.net | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 35.244.178.73:443 | sentry.voicemod.net | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| GB | 52.97.146.130:443 | outlook.live.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| NL | 20.50.201.200:443 | eu-office.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| NL | 185.89.210.90:443 | ams3-ib.adnxs.com | tcp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| IE | 13.74.129.1:443 | c.live.com | tcp |
| IE | 40.90.136.179:443 | storage.live.com | tcp |
| US | 151.101.65.44:443 | cdn.taboola.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| FR | 185.235.86.189:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.151:443 | gem.gbc.criteo.com | tcp |
| NL | 23.73.0.190:443 | res.cdn.office.net | tcp |
| US | 20.42.73.30:443 | browser.events.data.microsoft.com | tcp |
| NL | 185.89.210.153:443 | ams3-ib.adnxs.com | tcp |
| NL | 185.89.210.180:443 | ams3-ib.adnxs.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 50.31.142.95:443 | log.outbrainimg.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 50.31.142.95:443 | log.outbrainimg.com | tcp |
| NL | 185.89.210.180:443 | ams3-ib.adnxs.com | tcp |
| US | 35.244.178.73:443 | sentry.voicemod.net | udp |
| US | 52.45.241.131:443 | s2s.mparticle.com | tcp |
Files
memory/1960-0-0x0000000000400000-0x00000000004C5000-memory.dmp
memory/1960-2-0x0000000000401000-0x00000000004A9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-7T301.tmp\VoicemodSetup_2.6.0.7.tmp
| MD5 | 3b93628e07e9a9352cb7ea41c59ef578 |
| SHA1 | 48615d4428539e9f0af70153656f3e8ae4e2589c |
| SHA256 | 498cfe20132fe22e726b0fb8c5d6bd6153cc73416567148ab469f78820bc6b60 |
| SHA512 | fa180bc3c80220c641d445daa82ca4b195dd4c716e3c9e596546bdb3100e0e3fd8e306d0b88c1cf01ab5fe4ef984965d883605e3ef05540767b819157cdb55c2 |
memory/2200-6-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\idp.dll
| MD5 | 55c310c0319260d798757557ab3bf636 |
| SHA1 | 0892eb7ed31d8bb20a56c6835990749011a2d8de |
| SHA256 | 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed |
| SHA512 | e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57 |
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\deviceId.txt
| MD5 | becefc83c0f3a0ee7dfecc5fcb232fe9 |
| SHA1 | e1b8cd17c04d6a18e6bd9cc324bb305984659289 |
| SHA256 | 4a3531076c76b91698360148958a81f04e2b5fc3b446728250fe91daeb1ba166 |
| SHA512 | 9f011d4a08e81d61f04bd7b4340eaae27fc295897e5b3c1a38d63a9e66e5b1fe1dbe9465689f2a3f6ad66308053ab8ab1a0bd538e5c6a78cde5f069056c3e1a4 |
C:\Users\Admin\AppData\Local\Temp\tasklist_unins000.exe.txt
| MD5 | 5cbbf0804c28f521c892b0645990e29a |
| SHA1 | f7a1fcdcdb6e6c1e6a6ae55ecfd58b2c29342ee5 |
| SHA256 | 29ef1b8560a113820f7563bfc2ccc2a13f5d748984e5ef295680d66e395af094 |
| SHA512 | 722f2a3a1ba0844711835faf0c30ef8f0f6a71948e06454d2caa28153023ffcdc4f00c2c4ec5b7f488851f992a67f009345fc54ad756f4e2f1f3002e648bb2f6 |
C:\Users\Admin\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt
| MD5 | f2a0d78c70d50c47a1c24e0278078c27 |
| SHA1 | 60f500ebaae326f8709b59fb2eb64b55fdc7013c |
| SHA256 | 2d0f0b0a5724404924bbd2457329dfb55425da8794580499841d89046cbd30c4 |
| SHA512 | 02cef64c22549255a537abc6cf905837dc4dbe4a24335cae967dc08ed6a2a54a79397723ef93a7c85af79706d6b33d68b42485340c1503a751f14986645321e2 |
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\botva2.dll
| MD5 | 0177746573eed407f8dca8a9e441aa49 |
| SHA1 | 6b462adf78059d26cbc56b3311e3b97fcb8d05f7 |
| SHA256 | a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008 |
| SHA512 | d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a |
memory/2200-28-0x0000000002F00000-0x0000000002F0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-top.png
| MD5 | 229152b01d238ac58d066bbdd45219bf |
| SHA1 | b47d2070eb77d723f925f36c902c6cefd5bb1c31 |
| SHA256 | acb21fcb80667714749963e8ce2e24b23e3f269de34d8e1734892777cbca2f7e |
| SHA512 | fcf37ba7ae4929d77039b0d90f87cf6523bc7bc4f81ca27c1057f53d93752f0d9603708afaf3e8f460a0e5e67210c8d1eeb44cf95b07919a67a37805b0d63b30 |
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-inner.png
| MD5 | 4a1378ccbcbcf4a320bfc4d63aabef36 |
| SHA1 | 8f17dc3df0a7310ab4a3914a81b7f5576e5546a5 |
| SHA256 | f3640a78436c8f83c8b055c74da597e239524201df4ae6db52a3141a1a47699a |
| SHA512 | 6800224d90fb8c00f31b51a485b90ce0fbc26aea993484a148981d9ef41ee0ff712d43816c1f8ef8b511165de70683ad98202baf27d1a7fb9f31aa88ff17836e |
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\buttons.png
| MD5 | 84d27be69f0f13909dab87c1cb270a29 |
| SHA1 | cb3a480bf9d790342e12775b4d50c350475f3bb5 |
| SHA256 | ed4b81ffc92f6d41c5d4925f0ac83cd280ad1a781a966d2128275c804f6aa5de |
| SHA512 | 290ebef8f3930ffdb0b99df9a99bd419ff591bd83acdb9b49b421a36d920298a05ad8e85dfa7e9e5de8fe9864780eff2af1e85aa5e3fc8b3ce88f074b87bf51a |
memory/2200-97-0x0000000002F20000-0x0000000003060000-memory.dmp
memory/2200-92-0x0000000002F20000-0x0000000003060000-memory.dmp
memory/2200-102-0x0000000002F20000-0x0000000003060000-memory.dmp
memory/2200-87-0x0000000002F20000-0x0000000003060000-memory.dmp
memory/2200-82-0x0000000002F20000-0x0000000003060000-memory.dmp
memory/1960-103-0x0000000000400000-0x00000000004C5000-memory.dmp
memory/2200-105-0x0000000002F00000-0x0000000002F0E000-memory.dmp
memory/2200-104-0x0000000000400000-0x0000000000681000-memory.dmp
memory/2200-111-0x0000000002F00000-0x0000000002F0E000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | df46eb1fe5d54a0521d9965203a4a9da |
| SHA1 | e977aae1bb82f3d57267ead3b91df3d82d6d50c6 |
| SHA256 | 6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d |
| SHA512 | 5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e |
memory/2200-194-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll
| MD5 | 948fa7c2a1fc375157bde5d8d44fe162 |
| SHA1 | 9ed97ef0eb84d52bb5dd0b2343c9deac4bc2b1e9 |
| SHA256 | 9908c60efe2d8dd716e6654ea09e8a19ffce21273aeaa239473c549500479ba4 |
| SHA512 | fdafba662dce2b913d29ebd1d9b80eb41c4c8a1b09444c1275052fc436079dbdb4dc6a3a8021eff0768767bd9c8efba789a865a9e814299478840d12797354c8 |
C:\Program Files\Voicemod Desktop\Voicemod.Websockets.Fleck.dll
| MD5 | aa81651105606461eb63db6d423fb2c7 |
| SHA1 | c748d7a703df483a99f2d434d1a45fb3d285b4c7 |
| SHA256 | 138e544e27ee059ffef19809c54f48076a0ddb29410549b658b3aa67a18d153e |
| SHA512 | 1118a9b1090ff72fd15b269eae7f0d8085ef624fd34318f5c4499dcbae37531081c8060182cf37ca9e114c05eafdbbfb8477cf1ba2a88225106d587caf141541 |
C:\Program Files\Voicemod Desktop\VoicemodSDK.dll
| MD5 | 39844565ec5c8cf05d62ef399b011754 |
| SHA1 | 23ba2573016c6fa7344f4d422d86a76b5216363d |
| SHA256 | f0dbf3861a5cae109edef2e78fa2b9f7c4353025bad314cf3afb3fa173a4f5af |
| SHA512 | 54b5a16b55491a59e6cb7f4172557efc470d6c31f503b7c8767f0ec410f128a7b98bf4191ba8176fe39f77deb6372788797f0dffbaae2041338af63eca544e0f |
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
| MD5 | d20afc7e984fef3a2b2ed3dc0b4c0ef5 |
| SHA1 | 484da3d185b8b87620d4d2d6b7ca4266a651bf21 |
| SHA256 | fb737bdab9bf40f95dc999adc48cca3855fea1290c4bf51629f0298660f92cee |
| SHA512 | e9ab6c311f73bbbd9640be6275c66ce4bb4aa73124e46eb7a3e7a8083bc8de0c461555ea12205c6ce630aa4e783bbea6112fca700f58edb33f0c82142dad127f |
C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
| MD5 | ce0e059d4365c22f6f8cc1ce04ff5418 |
| SHA1 | 09eff27e69a3e4d3cc8bef9e93fe6ae7e20447c8 |
| SHA256 | 663e5b184648639cbcf353ddaeec6688abe323dbccf8de8fc8d2683f5e1a99cb |
| SHA512 | c8c9ff1fcb172bdbf90d598b2cf0c5f0dab31132b8633540a162ec0c299861d64f36bb805da7dca5b4a4ac96c74fc420303235cbc780f09a2c2aad5b7de724ff |
C:\Program Files\Voicemod Desktop\driver\setupDrv.bat
| MD5 | e6bdf4edaca31d8f5f5d8fab141e1bf4 |
| SHA1 | b67c41d0170c246a2b01dd2e6b280c147e98419e |
| SHA256 | 9387039a0be348be9d99989c6f60ded8760c76c5316692dc880b486859ae792d |
| SHA512 | f3b62c78982e7c7ab0d9c04db18642f43e289cda8bacf454df5749b1371d444bb44f57f65931f39a8075c491cb88e3c96b83a3c3a271eb67a9f427c649787c8d |
C:\Program Files\Voicemod Desktop\driver\uninstalldriver.bat
| MD5 | a6261c36b1eb262f18c98e520966c329 |
| SHA1 | be1f1a0bdcc2f26bc41599b257f2b4c95a1a87a1 |
| SHA256 | d0cdbdb5be2be15f77861b6e08aa553d9e8580c224ef0f63e55064f415fc16f0 |
| SHA512 | 06da998b9778148e15065b67ea6ffadd6df7babf6b1b435368e6c7b6e91d3506d3c3498140cd8b950e207d97c78a899e567b4fbf462d07f7ad473a878ea45fec |
C:\Program Files\Voicemod Desktop\driver\voicemodcon.exe
| MD5 | afc1465481d73483af98d1e78419ff02 |
| SHA1 | 7fdea1d99110007a5e560ea7b43ba0dec735f908 |
| SHA256 | 98ea0aa12cf1a2b0b7337bcdb6fef41ca35f83248e29b6072fb15f3c180232b4 |
| SHA512 | 6b4c9142298a91f65338ce68edd66aceb1a3e7a5ef4d87969064cf49828cfbf8bfb3e0a226fd13bddb933d49d7aca9fd0a9f6cd048505cf5ba2abd4b871b93ec |
memory/2200-530-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\driver\vmdrv.inf
| MD5 | b9b68ddad77911e85697af02b6e311b5 |
| SHA1 | 999c26f4e20fd29abb0404c9b5bfad4fb2664d2d |
| SHA256 | f853d5b0a5dd5cbe1da2ffaae285080019f9e60cf4e4ab7d9810f5be40f362f1 |
| SHA512 | 40e0307e787c8498ffc0922d190973b1634621bbefc2a89feaad1b4d68797f9e55c1cf55e5112a0a8d13ee37fa2ed18a33248c95e4298471e2f7cb3f6359c874 |
\??\c:\program files\voicemod desktop\driver\vmdrv.cat
| MD5 | 46bb11132e5800c97b9d2c1df6e6fe88 |
| SHA1 | 83a6cb8f90ce3a805609eaa3472ee480ac30a8b2 |
| SHA256 | 6bfcc755ffedaefbd2aa94988dbfc2492a185ec1621ccb2db9194d1f83df5ccf |
| SHA512 | fd3de31cf8025e933c8a4966938ab4b59fb9adca41b009c0ef0129bf5297bf4a64e5d4bde662f2aec62ccb3c05bc10c309196c73355cbd409ab4b1f6ba86ad08 |
C:\Users\Admin\AppData\Local\Temp\{a7bd73e8-490c-a545-a4d0-b2f18a550b44}\vmdrv.sys
| MD5 | 0e625b7a7c3f75524e307b160f8db337 |
| SHA1 | 5088c71a740ef7c4156dcaa31e543052fe226e1c |
| SHA256 | d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3 |
| SHA512 | 0ad805d11413dcc9d3c549b94a3644fc9c9caa23f0a661c9aef41c1e6f8d91de784817668ff4f34b3f50d738aa8097b2a0ee38de078ed97f5c17635533e9e165 |
memory/2200-608-0x0000000000400000-0x0000000000681000-memory.dmp
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe.config
| MD5 | 06e40dfadc011f07b0a8bcb910ca62ee |
| SHA1 | a4574e90d61339b3eea2cfd11ed12e557f7f477f |
| SHA256 | ae74231a8e6bd0acff9fb074427be26a73af20885cd23cfa6a636c9df4333f59 |
| SHA512 | ae27cc72c9afdc89a5ef8bf2569284d7ca6cfbcb30a5cd4ace0da11bc79a35f47c65a5f414f84f95f8696822242d3b9718dd860413c55cfddc1cae37d8c5350a |
memory/2464-614-0x0000019166240000-0x000001916672A000-memory.dmp
C:\Program Files\Voicemod Desktop\NAudio.dll
| MD5 | 047bca47d9d12191811fb2e87cded3aa |
| SHA1 | afdc5d27fb919d1d813e6a07466f889dbc8c6677 |
| SHA256 | bc4bacc3b8b28d898f1671b79f216cca439f95eb60cd32d3e3ecafbecac42780 |
| SHA512 | 99505644d42e4c60c977e4144165ea9dea8f1301e6456aa809e046ecc84a3813a190ce65169a6ffef5a36ad3541ec91002615a02933f8deb642aa3f8f3b11f2f |
memory/2464-616-0x00000191683E0000-0x0000019168464000-memory.dmp
C:\Program Files\Voicemod Desktop\NLog.dll
| MD5 | b70274014c925937f0f2e79de6a17615 |
| SHA1 | f0c7f4d5f977c99a3205ee5c1c8c838ba4a81bce |
| SHA256 | 08f1f52716216fdbf4e918c88bedd87c13d06d914e4f39673f2528237638107c |
| SHA512 | 7cb67d07c136f48231da2a2fdcb7f93e8a63a391d09ceb56c12287b93a58e3fe9117313da4578f2225b178adb2bb5e0bf8d75d076c79be7823ccd42389f5dfdf |
memory/2464-618-0x0000019169090000-0x0000019169162000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-454ML.tmp\bg-bottom.png
| MD5 | 495e1b72f1318b9abd18396170a8b73b |
| SHA1 | 1f75098efccea494cd6bd1241eca02a9996fcf2f |
| SHA256 | 9b86e47b5b3972b1de9d55b53caed3538f7179ddfbc79fca35ce9f30c354c6aa |
| SHA512 | eaa474168ba803b326961ec89a17dedcbec470cc8b412a1206bfd71cb02b6c031fbb3af9ca1e218e19f7780e5b39d36ecfbcc02a3dc71e13cfc8712546f99351 |
C:\Program Files\Voicemod Desktop\Sentry.Protocol.dll
| MD5 | c3b6084fb4a7ad53d42b6301bd19ac43 |
| SHA1 | 8b528d371629c1aa1a31d35d7a257813a90b6846 |
| SHA256 | 60857310276b69557d2596356f78b53b74f8ff8a905bcc5ac57b84b2fddc064d |
| SHA512 | 63e37c164561fbc9136244b1cf7c581fc4fa277ed5b24f9b767c126970740e358e340ba2609bc7f10523b48eaf3bb873fc4ce01094d039e43110263817c4b964 |
memory/2464-653-0x0000019168FB0000-0x0000019168FC2000-memory.dmp
memory/2464-655-0x0000019169380000-0x00000191693EA000-memory.dmp
C:\Program Files\Voicemod Desktop\SimpleInjector.dll
| MD5 | 799368d49236de4022d232fbb6a4de38 |
| SHA1 | 3e3181dcfc62a9067a0265385a6cd5e228626ce7 |
| SHA256 | 0414c6cc3fe30f6baf019e30148a6c841358b6f3ab570b4419812eb7350b6a19 |
| SHA512 | 9bb4b681cacd1c1361080fd3e768ea524a11fd284ea9795e04a5173e1ff326bda17c18debd26bd146f19eaebdd10f6c275fe0b2dfce88b601e9c9a2bb9fa91f8 |
memory/2464-642-0x00000191692D0000-0x000001916937A000-memory.dmp
C:\Program Files\Voicemod Desktop\Newtonsoft.Json.dll
| MD5 | 4df6c8781e70c3a4912b5be796e6d337 |
| SHA1 | cbc510520fcd85dbc1c82b02e82040702aca9b79 |
| SHA256 | 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af |
| SHA512 | 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c |
memory/2200-661-0x0000000000400000-0x0000000000681000-memory.dmp
memory/2464-662-0x0000019168FD0000-0x0000019168FEA000-memory.dmp
memory/1960-663-0x0000000000400000-0x00000000004C5000-memory.dmp
C:\Program Files\Voicemod Desktop\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
memory/2464-665-0x0000019168FF0000-0x0000019168FF8000-memory.dmp
memory/2464-660-0x0000019169020000-0x000001916906A000-memory.dmp
C:\Program Files\Voicemod Desktop\System.Collections.Immutable.dll
| MD5 | d8203aedaabeac1e606cd0e2af397d01 |
| SHA1 | eef943e4369166a039dee90f2d81504613d49ca0 |
| SHA256 | 2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57 |
| SHA512 | ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6 |
memory/2464-658-0x0000019168490000-0x00000191684AC000-memory.dmp
C:\Program Files\Voicemod Desktop\Sentry.dll
| MD5 | a3571d57212d66885f7e19ca16c76d19 |
| SHA1 | 32017244672e20e5e99d35aa05907f835f1246ae |
| SHA256 | 4890f2bed66f98c4edef6174a9500a3b13d5a5419204003507468b45e946582d |
| SHA512 | 317bb735044b78603f8b2ec750ed98e240ba3eeca8f36fefe47af06b15975f402b6f5852ba8c5b8b345475ab3bdd9dc3faef17669a17fd028f0b9b1655dd67f5 |
C:\Program Files\Voicemod Desktop\NLog.Extensions.Logging.dll
| MD5 | 95e7f2457da5b9e710dac09740c16463 |
| SHA1 | 1e81f71d1b69951517eae13cf5e96acd28faeb99 |
| SHA256 | 544aa327ea022e6a8046f2c2fbc822714415aed716f1f0ec37cc707043cd58cb |
| SHA512 | 97b14ee4d1fffa4331ae911ddeb0dd4e2b8eb5db10f3d2ddd8a7a3b562a0110c5be19a72b3365d4f12b5b2543a9ce323143dc4a349c0481c93cf1c56e19bb5fa |
memory/2464-671-0x0000019169000000-0x0000019169010000-memory.dmp
C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | fa43b31fac519d4537325b2d77595c3f |
| SHA1 | dc3c0912d2275684a95816401f63e155fe2b5ed1 |
| SHA256 | ce4721eb7591c77ec23650c079c25730bc9e4f2af440ed0ce913258151434cda |
| SHA512 | e9e050ec7bd310ce3c5c13ac7f3849dd96ee34ca68a91956b956eef6c228a23d790736d05f07562b039a888471f823107d11384e72e172f505192964680335f4 |
memory/2464-669-0x0000019169070000-0x0000019169082000-memory.dmp
memory/2464-675-0x00000191692B0000-0x00000191692C0000-memory.dmp
C:\Program Files\Voicemod Desktop\NLog.Web.AspNetCore.dll
| MD5 | ec154043dd58f7834eeb093bc4d0d7d3 |
| SHA1 | 052f320731f3f35dd10de4149b27f0c8437a21d2 |
| SHA256 | 4442104e5a3620b5e927b50c02325d4a2f873851ce73bd063b7e17f2a344bc2f |
| SHA512 | 2cac794852cb182004fc01f7061563dc8512c60591e67249e7aa9f4fb4282dc71142ae36a371daad32fba719a119055886ec8a63c31dacf0fc8eaaf7551d0513 |
memory/2464-673-0x0000019169010000-0x000001916901C000-memory.dmp
C:\Program Files\Voicemod Desktop\Microsoft.Extensions.Logging.dll
| MD5 | b7f13cb30356dbe3e3bf7c01e2d8c7b1 |
| SHA1 | 712900d638167a85017ab7f99119964d84e0a39f |
| SHA256 | 9cb78661a77fbbae56de368f018ac9b06e6a171dab37e49091ac4abc4a3d1126 |
| SHA512 | 6df9337d590adb72df002cd64005a59f60ba064b2ae2d207559f0b43c9c8978ae75b22115556f0f4e7567b7b7862b99fe069ec92b3c98752623636bea92d1bb5 |
memory/2464-679-0x00000191694C0000-0x000001916952C000-memory.dmp
C:\Program Files\Voicemod Desktop\AutoUpdater.NET.dll
| MD5 | 07809155502ca460862d6c3cd554200d |
| SHA1 | a648d3dceaa0dab29bdeb3b08cfcc05b816dd28a |
| SHA256 | 4afa1ef0f2df936fe2ff026d73b9630cff0d567cb66e3e09ed94783c0d3a054e |
| SHA512 | 6314679bab44ac165e77689ee8265f3687b8e7636a0b0fc688fc1b4581ba376c612e8d117dc50e8ae447a36e161167fa4b7d3365e9b92cc7d80f56a8b57d0e08 |
memory/2464-680-0x0000019169490000-0x00000191694B2000-memory.dmp
memory/2464-686-0x0000019169A80000-0x0000019169A8A000-memory.dmp
C:\Program Files\Voicemod Desktop\NAudio.Vorbis.dll
| MD5 | 7721decf5f28e1470d40b912b2253779 |
| SHA1 | 04536a984d29ad5bb1939ab83a1c5eea501f2670 |
| SHA256 | ca4cceb6a39d5b511abb897d8bd3c1de6921cf8a284da73be2f7ba79ac377b92 |
| SHA512 | 2aa81e5a800f804ecbb206cbd2807d4a1987341dd211f8c493b6d5873e7d3d35f4db8c27b4d67631c592861eb3fa05037ea93d02585870e6354054df687af076 |
C:\Program Files\Voicemod Desktop\CefSharp.WinForms.dll
| MD5 | b8ee3de827c9828bfc4ce2d1232110a5 |
| SHA1 | 0a017aab404c48f9f11b3e7e0a29e0c558e8cccc |
| SHA256 | 6b007d59cb09c077e94bc32ee74b3ff03af07422dd50b40d2cf39573140022fc |
| SHA512 | 13dda00459d9fa07d8123a5b100d9ec1b046e470d978e37a769308424c3986bfdcee5515cd32fd7b14b8eee3e9ab4ded1f0ae5939522926bf7a82daeb914123b |
memory/2464-690-0x0000019169460000-0x000001916946A000-memory.dmp
memory/2464-694-0x0000019169AD0000-0x0000019169B06000-memory.dmp
C:\Program Files\Voicemod Desktop\CefSharp.dll
| MD5 | a8caf7f548b13fcd2d676c9c2550e352 |
| SHA1 | 0274fca4d6fcf58f098053de1bb921f18c7d66be |
| SHA256 | 073028a525cdeb485a183a714289199e5650aadcde6bd90fa2726339e139515a |
| SHA512 | c4f9ddc0ab33c1a10522670586857004d39a13c9a8cc44fba8f1f254fe8896b86e79a8ab5bb4843df3fca5bdc3abaf35d061954b429923faacea4ea99f4408ad |
C:\Program Files\Voicemod Desktop\CefSharp.Core.dll
| MD5 | cf23cc10046f463ba2f929b3491be3cc |
| SHA1 | 1763511c3103f191d046ae8a25b344755d042ff5 |
| SHA256 | e1c1c19da47f763b207569eaaec7ab26203720fea2546178cf30630292de22cb |
| SHA512 | a6c190e8b9a2fb59174abef52cbfcdbaa4618019450e860ec1b490643ee26ab33c9352ccb376edcc52ea1d659ac5b8fa8fa9560a25f616dfe098b7455118ee55 |
C:\Program Files\Voicemod Desktop\chrome_elf.dll
| MD5 | 44fc26ae3f77101eacf851f53aa1e64c |
| SHA1 | f129f58aa70cf1ea7741be1c7848062e515d6773 |
| SHA256 | fb884db0b44f47dc451d9729fecaf6aa9de61e757aa4ef76381ca7006d55cbb6 |
| SHA512 | f690665b01eb4e292ce8e03169593fcbb44110253fc4a14510ff3081c41bd13a0538a9a805113f07a9fc11536b552b59c5548c25ba18c08e9738a3e7cbe0d8b8 |
memory/2464-698-0x0000019169B10000-0x0000019169CC3000-memory.dmp
C:\Program Files\Voicemod Desktop\icudtl.dat
| MD5 | 65c6337820fbe9bf2498a9395e3b20f2 |
| SHA1 | 5cc62646e6c73b4be276d08719bc5e257af972bb |
| SHA256 | 33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4 |
| SHA512 | 4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9 |
C:\Program Files\Voicemod Desktop\cef_200_percent.pak
| MD5 | 065140de55434f35f9c5c10764c29ee4 |
| SHA1 | 4bb734f61c04bfc68f7e15f128a2853a5f7649ea |
| SHA256 | ef2c632ca52b27d464d6d3d8cd1b5b31b62b1102845682c680cd2bb102c5fca0 |
| SHA512 | 552e5f79a41e78afd191394cb4cc5a8ab0ead3a0ec1706066e85b4aa3f2a80ff0674dc8f9232a3f123c8c60a9e63d63bc84b79f7c357ff7c7a85b6c98ebe55ee |
C:\Program Files\Voicemod Desktop\cef_100_percent.pak
| MD5 | cc741473d2d075fdc2be804eec407a12 |
| SHA1 | 22a96140286fdb004540a2051b93432aa133843d |
| SHA256 | 6107c1bfdbf2cf351d5281073422b836d7a547e81345bff502fd31335d7fcbb3 |
| SHA512 | 31977768847821379aca3a49a30d6dc25a31621d96b618c4a9fc71bf7eb7f9999db87603190140fbaec8beb103cd8ff793d5144cbc68a7ec7815db64aa530437 |
C:\Program Files\Voicemod Desktop\cef.pak
| MD5 | 3f25f3cb727ec8a91891f8ec21657212 |
| SHA1 | 09f37afff84b2445f0afa8cbb803d53bada62080 |
| SHA256 | f8a79e0f94e8a6ef849aed1910040c7d8a4c8a61487eb67163509008c9cdb33b |
| SHA512 | c931c465c0bf1480978df9ee192bc52be82613707bd9ed813e7857a66c55386498825fa300f028ab59d0a64a1f7b5e3936ed777e97f1aee42f9a2ef8fb68827d |
C:\Program Files\Voicemod Desktop\locales\en-US.pak
| MD5 | 424663a523ce37f8a6087681fe3b05f3 |
| SHA1 | c250b53402e3ca81a5b15b4ae9efbe374d0b40dc |
| SHA256 | a9ad65a2bc012cc22efcea44ff42de06503043f7ce76ccab8edaa33456d339e7 |
| SHA512 | 566adf1626179bdb07615b63545b12dd304b7cbe43767e924a2806fa7fa8ac3b808a862375dd4723e985f15ba83760319a70c594e97934f91022446590fb10d6 |
C:\Program Files\Voicemod Desktop\natives_blob.bin
| MD5 | e350965916554e65a47305a6ab27c2ba |
| SHA1 | 9d60e499a907811a3155e9a07f8645d6c83cb909 |
| SHA256 | 1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd |
| SHA512 | c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8 |
C:\Program Files\Voicemod Desktop\v8_context_snapshot.bin
| MD5 | 9aaa9081a7199218a25c788aa3e65be4 |
| SHA1 | 1834a6ff2b69121d01da29eb1cb82ed29f493ae2 |
| SHA256 | 0c3eb5fed8f9ce0166a4d75f41d60d8af4d6082f77f230867511eca0036f9a26 |
| SHA512 | 2bab85623e897a386cac4bd764e1db0254e80423744a077ef14fea82992de7f7edeff55cbd540a7d73bbfec78ac31e8b136410e53c60f198d4325a5457beb666 |
memory/2464-719-0x000001916D0C0000-0x000001916D0DE000-memory.dmp
memory/2464-720-0x000001916E6A0000-0x000001916F9F8000-memory.dmp
memory/2900-721-0x000001CCAC9F0000-0x000001CCACB0D000-memory.dmp
memory/2464-744-0x000001916D3A0000-0x000001916D3BA000-memory.dmp
memory/2464-746-0x000001916D3C0000-0x000001916D3C8000-memory.dmp
memory/2464-745-0x000001916D4C0000-0x000001916D4E6000-memory.dmp
memory/2464-747-0x000001916D3D0000-0x000001916D3DA000-memory.dmp
memory/2464-748-0x000001916E430000-0x000001916E48C000-memory.dmp
memory/2464-750-0x000001916D4F0000-0x000001916D502000-memory.dmp
memory/2464-749-0x000001916D490000-0x000001916D4A0000-memory.dmp
memory/2464-751-0x000001916E4D0000-0x000001916E50A000-memory.dmp
memory/2464-752-0x000001916E490000-0x000001916E4B6000-memory.dmp
memory/2464-796-0x000001916D110000-0x000001916D11A000-memory.dmp
memory/2464-797-0x000001916D390000-0x000001916D398000-memory.dmp
memory/2464-798-0x00000191710B0000-0x00000191715D8000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\settings\voicemod.db
| MD5 | cb12ed580481b56678d2469784cc6931 |
| SHA1 | a3799528c449b723015a2d9201be56756384ae4a |
| SHA256 | a2e76797e52b5ec21801e2e5b85fc434776b26ecede90110e3a18865831680e8 |
| SHA512 | be192ee6f57d26927a39a3566f7bea999a05c7a42152ab924fcdfa4e268d599b58efc1120671e935929ec4b31862bec370857056e3ac3b556159a4730bfc0c4e |
C:\Users\Admin\AppData\Local\Voicemod\vmlog.txt
| MD5 | 588c132cb9d9b72f029de3aef842a7b8 |
| SHA1 | 419c989af1ab3a0191e5f5de11f77c114eefd6fe |
| SHA256 | add018d9319a41ce9145639991a517e8305229657e0cfbff426ff405394ba8e6 |
| SHA512 | 2d6ea3c609aeac5793b17c08033d61f67a701bd9de900545710ce901161467b05e5724eed02eacaf3fd2d0400e5a5ac3404cab5a73018f0b961ef76fe130ffdb |
memory/2464-816-0x000001916C590000-0x000001916C743000-memory.dmp
memory/588-829-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/2464-834-0x000001916C590000-0x000001916C743000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\bg-top.png
| MD5 | dc19715992c0051d1456308b41f04e98 |
| SHA1 | 85abf86dd0e738638fff84ecd44e5b3cdbb4b96d |
| SHA256 | 86bfe5acda1b1fc9bc8f205a58c824ad58179925d2ceae11b2a341122604457d |
| SHA512 | 2f7b3bfa6c084b830213996f7691b6abcb9efd0ac44da4739972758b4eab0478e46761d8590fcea03d2902909c2c992f1eed1ef48e353a05ba67c06189d2117f |
memory/5064-919-0x00000000022F0000-0x0000000002430000-memory.dmp
memory/5064-904-0x00000000022F0000-0x0000000002430000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\buttons.png
| MD5 | 87cc673665996a85a404beb1c8466aee |
| SHA1 | df01fc67a739544244a0ddabd0f818bd960bf071 |
| SHA256 | d236f88ef90e6d0e259a586f4e613b14d4a35f3a704ff559dadda31341e99c24 |
| SHA512 | 2058e3fd362c689a78fb3d0a163fd21bfe472368649c43dc8e48b24fa4bc5ed1307faf1cab2c351a4dd28f903a72d4951a72d7eb27784fee405884661a259c32 |
memory/5064-924-0x0000000002F10000-0x0000000003050000-memory.dmp
memory/5064-914-0x00000000022F0000-0x0000000002430000-memory.dmp
memory/5064-909-0x00000000022F0000-0x0000000002430000-memory.dmp
C:\Program Files\Voicemod Desktop\Voicemod.VoicemodDesktop.UI.dll
| MD5 | a8e7088990c747bc8fd07c1c93e8beb5 |
| SHA1 | 3c028409a4979829f4b2019cb9d30a04194cd5a0 |
| SHA256 | af5edaf2769d35bb0fcacafb5fb0491a665d4293c77b462d6ee5739398f0a34b |
| SHA512 | 19aba1c87b6ec35778bbf5f8da21773a103d91cb34408529de90a767998df575dcd5ca31fb5be91c68296dcc0d9a2e250addee2cfdbda1002529cca5b890610a |
C:\Program Files\Voicemod Desktop\VoicemodSDK.dll
| MD5 | 2bf54840de051a2d293e421cd49d0eba |
| SHA1 | b4dd90e42eda8e0401885f4d5637fa79892750fe |
| SHA256 | 225a00a907fc3c88ef4607bb3b2e3876499bd0679908ab48b1df0b08e2c6600a |
| SHA512 | 9eacfa6be037b5e00d62d317fa9c7919ddbd6d8014f4d85052eeee39a929c9b6ae353c41e114827f4ccaed0112ccd8cdaea3064db7d81a0ec1c599c9539d8dfd |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_frngub3h.spu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/588-1390-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/5064-1392-0x0000000002F00000-0x0000000002F0E000-memory.dmp
memory/5064-1391-0x0000000000400000-0x000000000067A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\SETB3A7.tmp
| MD5 | 53bdc7ca40487c4f643db4ff2c1d2fa8 |
| SHA1 | 91d750b1347831365729f4ce22ba13ea8ae91dfe |
| SHA256 | 651b6a24e897b78ac164578a24f97961a3507366db7875765a7ad274d7e787a2 |
| SHA512 | 8ec9c30c68d40a0fa11a43c872c14dc8d0d44b0a97ff3dd1c276b82c4a1c144ba9043a9cf0716c5f37c2fd95d43fcecc858d2ffc442dcbd4ff43f3cd86b8c958 |
C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\mvvad.cat
| MD5 | dca9fa98db5e1e00a86b21a42e0cfddb |
| SHA1 | 06381ce9b5c8e52a7c6fbe635cbe1ea063535a4c |
| SHA256 | a75ae4d761054f1ef771434dc2227fc4a130820aae6f6ffb72a2ff62d130fc4f |
| SHA512 | 8d7e56e1587ef1d424c2d7765946c34851b51068236411131a3ed4e588605602e741c5d22017b95a5fdb76786809e777f59b67ad4553d69aab6a0653c1446a39 |
C:\Users\Admin\AppData\Local\Temp\{58b11c4a-9481-8449-aa2e-c4d2dab4bb0d}\SETB3A8.tmp
| MD5 | b695055318ef82cc15971b882d71890f |
| SHA1 | 86b5d52e404b56245130d5858784aeac25ca67d5 |
| SHA256 | 1f040cbb99d627bcfa63979b539d6c93e6d5a85c1a103f501aa88b816954b400 |
| SHA512 | bae69f3021029934ab195f83ac7c654d90f40350c626972f17ccbcb848c02541b605f987515b0f1a17bb23d84cbfdf845731fdf96022ce272afe4d2a763bffee |
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
| MD5 | 40797c8e92d0ce07d0eead04513c7bb3 |
| SHA1 | 32927f08995b54c3d5417626d2c212fa03812d90 |
| SHA256 | cd53d7e811e6ed5f2dd8963590b3dc3a7e76dbe426c9f47f62eb3dc5d296e264 |
| SHA512 | 65f671b0992077cf80a4daa3eaa5edb97e063de670ded6e50b9190d0dac0542d10d42201492b667a2772fd8c6f5b123726a0c3c58199a4f58b8e46b11a4cdbb5 |
memory/2660-1479-0x0000019707660000-0x0000019707D72000-memory.dmp
memory/5064-1481-0x0000000000400000-0x000000000067A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-C7LNU.tmp\bg-bottom.png
| MD5 | a85701bbac20a65391e4e202afc96204 |
| SHA1 | a0e73596a79baaa29fbbb368bd132e3ee49d3b03 |
| SHA256 | 7e3058acb23e999d1ddfdea122afd33bc487b075c2a966affeec4d38cdbb738f |
| SHA512 | 55b1015a0d6a613104ae7edb64a59d198a176ee4fc0c32d9f1af1e7ad577af606adf55ea5586ad25443fb9ea9e770dbc2267301027c1a5f3db5eff928086a27f |
memory/2660-1499-0x0000019722610000-0x00000197226E4000-memory.dmp
memory/2660-1510-0x0000019709950000-0x0000019709960000-memory.dmp
memory/5064-1509-0x0000000000400000-0x000000000067A000-memory.dmp
memory/588-1511-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/2660-1521-0x0000019723320000-0x0000019723434000-memory.dmp
memory/2660-1522-0x0000019723440000-0x00000197235FE000-memory.dmp
memory/2660-1524-0x0000019723860000-0x00000197238D6000-memory.dmp
memory/2660-1523-0x00000197237B0000-0x0000019723860000-memory.dmp
memory/2660-1525-0x00000197238E0000-0x0000019723950000-memory.dmp
memory/2660-1526-0x0000019723300000-0x000001972330A000-memory.dmp
memory/2660-1527-0x00000197232F0000-0x00000197232FA000-memory.dmp
memory/2660-1540-0x0000019723E60000-0x0000019723E6E000-memory.dmp
memory/2660-1542-0x00000197240A0000-0x00000197240AA000-memory.dmp
memory/2660-1541-0x0000019723E70000-0x0000019723E7E000-memory.dmp
memory/2660-1539-0x0000019724080000-0x0000019724092000-memory.dmp
memory/2660-1543-0x00000197241A0000-0x00000197241B4000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\cache\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Voicemod\cache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Voicemod\cache\DawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
memory/2660-1578-0x00000197267C0000-0x00000197267DA000-memory.dmp
memory/2660-1579-0x00000197268E0000-0x00000197269D2000-memory.dmp
memory/2660-1586-0x0000019726820000-0x0000019726854000-memory.dmp
memory/2660-1608-0x0000019726AF0000-0x0000019726AFC000-memory.dmp
memory/2660-1625-0x0000019726CB0000-0x0000019726CBA000-memory.dmp
memory/2660-1624-0x0000019726CA0000-0x0000019726CAE000-memory.dmp
memory/2660-1623-0x0000019726C70000-0x0000019726C7C000-memory.dmp
C:\Users\Admin\AppData\Local\Voicemod\cache\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/2660-1622-0x0000019726C60000-0x0000019726C6E000-memory.dmp
memory/2660-1621-0x0000019726CD0000-0x0000019726CF6000-memory.dmp
memory/2660-1620-0x0000019726C80000-0x0000019726C96000-memory.dmp
memory/2660-1619-0x0000019726C50000-0x0000019726C58000-memory.dmp
memory/2660-1618-0x0000019726C40000-0x0000019726C4E000-memory.dmp
memory/2660-1617-0x0000019726BB0000-0x0000019726BBC000-memory.dmp
memory/2660-1615-0x0000019726C30000-0x0000019726C38000-memory.dmp
memory/2660-1614-0x0000019726BC0000-0x0000019726BCE000-memory.dmp
memory/2660-1613-0x0000019726C10000-0x0000019726C28000-memory.dmp
memory/2660-1612-0x0000019726BF0000-0x0000019726C06000-memory.dmp
memory/2660-1611-0x0000019726B20000-0x0000019726B2A000-memory.dmp
memory/2660-1610-0x0000019726BD0000-0x0000019726BEC000-memory.dmp
memory/2660-1609-0x0000019726B00000-0x0000019726B0C000-memory.dmp
memory/2660-1607-0x0000019726A20000-0x0000019726A2A000-memory.dmp
memory/2660-1632-0x0000019730420000-0x0000019730F74000-memory.dmp
memory/2660-1631-0x000001972F7C0000-0x000001972F8BE000-memory.dmp
memory/2660-1606-0x0000019726A10000-0x0000019726A1A000-memory.dmp
memory/2660-1605-0x0000019726A00000-0x0000019726A08000-memory.dmp
memory/2660-1604-0x0000019726AD0000-0x0000019726AE4000-memory.dmp
memory/2660-1603-0x0000019726AB0000-0x0000019726ACC000-memory.dmp
memory/2660-1602-0x00000197269E0000-0x00000197269E8000-memory.dmp
memory/2660-1601-0x00000197268D0000-0x00000197268E0000-memory.dmp
memory/2660-1600-0x0000019726B30000-0x0000019726BA6000-memory.dmp
memory/2660-1599-0x00000197268C0000-0x00000197268C8000-memory.dmp
memory/2660-1598-0x0000019726A80000-0x0000019726AA4000-memory.dmp
memory/2660-1597-0x00000197268B0000-0x00000197268BA000-memory.dmp
memory/1984-1595-0x00000188F4970000-0x00000188F4A90000-memory.dmp
memory/2660-1594-0x0000019726A30000-0x0000019726A80000-memory.dmp
memory/2660-1593-0x00000197268A0000-0x00000197268A8000-memory.dmp
memory/2660-1592-0x0000019726890000-0x0000019726898000-memory.dmp
memory/2660-1591-0x0000019726880000-0x0000019726888000-memory.dmp
memory/2660-1590-0x0000019726870000-0x0000019726878000-memory.dmp
memory/2660-1589-0x00000197267E0000-0x00000197267EC000-memory.dmp
memory/2660-1588-0x0000019726800000-0x0000019726820000-memory.dmp
memory/2660-1587-0x00000197267A0000-0x00000197267AC000-memory.dmp
memory/2660-1616-0x0000019707660000-0x0000019707D72000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 23da8c216a7633c78c347cc80603cd99 |
| SHA1 | a378873c9d3484e0c57c1cb6c6895f34fee0ea61 |
| SHA256 | 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3 |
| SHA512 | d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e4bf11ed97b6b312e938ca216cf30e |
| SHA1 | ff6b0b475e552dc08a2c81c9eb9230821d3c8290 |
| SHA256 | 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad |
| SHA512 | ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bd64392d8f69c7930c4e3dab1adb0fe |
| SHA1 | dceca2ffa8acf05e01c6b4f56e4d186c8d532b60 |
| SHA256 | cbe6cc0e7e5adcfbc92aac987262997a9a6ce0ff5d02533fc88ad289f28b90a3 |
| SHA512 | b22a1c9bbe58514ed4c3fd78a4cddf17807b1815bd2f70659386b16a2dfd3a5455f3b6068d998acbfa9058c4340a9fd8e9b03dd199eb47631cfd271dd5c05ab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e47f5a00846928c24f0d6508d8c6b8d |
| SHA1 | 98c9b4b382540efed50217356fc11920b22e99e4 |
| SHA256 | b175ca302ab95d7c005184dd3e45e1e24274323d3108c01c011309033300088a |
| SHA512 | 09d5754f08470a21b3f9e5909b2745db11c3edfff98239f71511800565477772fa652e6df77b834b50cbe317d7d138f1899e114f4e4341e653c873eac8fef5db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71ed3e84-1c11-4e46-bb69-0ff97bb88310.tmp
| MD5 | cdeb9a89f531d8d6fef9413452f6894d |
| SHA1 | 0c3696bfa46587b94feadc6a4addd18813708ae1 |
| SHA256 | 26a3784633d9fe1d5d5eefa90c312f8101799072b6a2b65d1d7417373c51ea85 |
| SHA512 | ee64446190e9058ec43724596f5c27b9ed3bda1640ed99fd7ac572f52bef14a5acffafd9dbcd928db5c038922ed7db41cf792c6e03221013247ec36f7e1d3db6 |
C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index
| MD5 | d05ac9e060e347dcb475d4622b86faaf |
| SHA1 | b7f41235352deb86da46b6bc777cfc7714a1eac4 |
| SHA256 | d0e1bf0803bd431b0fac0b303d795fa5d658130ed6279dfffa0eb676871f5dcf |
| SHA512 | 51512802919d5b8e1b514bad1a6fd6eb1f8b340c7a10ffbfbd5cfe9b6bd8a977dfdcfa4fbcf2caee519e96af208d59d8aab4bb071c3fbc48f560021aa1034120 |
C:\Users\Admin\AppData\Local\Voicemod\cache\Code Cache\js\index-dir\the-real-index
| MD5 | 7ac7a0f134a68d00d76a3addad2a7a58 |
| SHA1 | 35cdf655a158fb8524d72456f882e460d8c72e0d |
| SHA256 | e0592ab514746169755e71b309e89ba50101839e7c119433a0f00541fbc9d9b1 |
| SHA512 | 80e084b13f733adbe599854ddda70c9e464fb16ef1ccd0edcad75e987fecf050ac27fad9759f985fb5f604a280850ccc0dd22156e149b103f2ea4b96016ddc81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d69b27d194229740be87b99993ba2df4 |
| SHA1 | aabf72ebfe691943df1c01f9954b960d1c2ebcce |
| SHA256 | 048495612e50de68364d1010e01707fb9c8c24ca12ad4e9cdad62622efe5759d |
| SHA512 | 31e8744a1b15736461a4951a524ce8389e076e40a1cdf2a5fd9e75ec2f7144f3a02d70feac9ac418e176e95ebf2a8d58838c261900acb44169c11228056e35ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a738b.TMP
| MD5 | 0152e94a277b9e1fa4e6d6e4702c89a1 |
| SHA1 | a41b0ed168da2069d09054ffb3822b86ae71b812 |
| SHA256 | 16377ac60a7d7432888d08d138436e61a720998fe86e25639d85859c6329f296 |
| SHA512 | a1b6184a98ec6adea3c2b6f54c0a907a51a6e26340b0418c5db683f490189a8844fb2f82f91a8e5265a52e26745f3cca16743065ef840456f91e031bb4281035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e4cfaeebba97b5201c612ac585a9d12d |
| SHA1 | 9ad802d30e60a8c7d268decf267bb7e70f6793d5 |
| SHA256 | 05bf61b18643506a6071f696e9eb47df0607b5969bc6567e1b8aeae3496fc765 |
| SHA512 | c5d457d0dd7506ffa09c8ef135c39764ea82fc36f839142f00d80c68b6b2f0217787ab5d6a0244a9c384ac372e43a54f447bca17c332718a2e85ee540dfcbc0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d82fd7a8966f2eacce424d1ec85c59c2 |
| SHA1 | 6d39714d044d567313880654925a52a3e167c3f3 |
| SHA256 | 4350b2ffe6138a1d0d18d0e4342bfcb3b849d3a1092b2d9d98fbbdac0bfa8711 |
| SHA512 | 8f46f58650d67583555b195019e4afd544b8c8550e4adb284b9cab5ac2d4fa7eb642c2b56e3688af744dbb7fee3b8f732161f1bcc01da09c44edd237a13c9acf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f52c5eb37390c6f98ad54ee1e3dcfe6 |
| SHA1 | 96830013be9b80cc68104e9763e182e10343b02a |
| SHA256 | 8084fdb3979220cdbd8d08dca9d5cd5194cae7c16231eb1ac10c4dd4f7feaba0 |
| SHA512 | 97d44f1ca55ee37d12b5a86ac4f8f644ad6c7bf3c3260f22e6439be17fad6ce3e78154b61e24b6897b614a810a5bc55f049702010f28b93872fbe94009dfae61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e15604fdbdd4545a769ba1a506302c7 |
| SHA1 | 950dce7c95de00dbcccaf51c50252673a50049e8 |
| SHA256 | 029afe53b096f496e42be2a32e6658b0aad208d35622e81d87f78b320f9b4111 |
| SHA512 | 40beea6bce3ccbf2feb3c2ef7fa1cd08d4957bb01818233dac99b17ea2b12e746a5a18698e4c4d50f7916625ec4325aa79471a9e73902426d20a6f79ec9eaa23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 690055b6758601f27085580d23aa32df |
| SHA1 | e387ef546a09d6306c01b4540d2454ced9f4501e |
| SHA256 | dba12796cfbc919dbef12e098a9300d90facd7fc2ab24bba6829514ed62528c1 |
| SHA512 | 6b170ccf8a231ea46bd275620fbed559bab8ab82e54e48ba36884affc5d44bbae181bae28eef5423150a857b07cd93c84f371dcc110b4e73aac47375fdd9df64 |
C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json
| MD5 | 7bc47d7417680515b6ac325042233fc1 |
| SHA1 | a275dcad75b69d6c40031ef30f4fbad0d2a28efc |
| SHA256 | 43d68897e3934e4e5efed0bf6c33cc5921eca10c05c8345e756aa0639fb7a8e3 |
| SHA512 | ec740c01f2a7f2d84f49d2c322b9074ca056bab0644d70d555968758070d6db773829aecb667c09981c3522a1ed05d50ed95e1bbe4e86e88821295c7e9dc0775 |
C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json~RFe5ae8db.TMP
| MD5 | bdaedb6ce6d10b48b99180b292310786 |
| SHA1 | 49f3a91054c56e812df810a225a6240b01a6ffb2 |
| SHA256 | 832e0dc0df7e3e9b2830a11ab4a170788ec03e6a69d9291fb2bfac152f113270 |
| SHA512 | afbd531f54f0966dc75e4d929e97a645373956cae84ffe073cc2adbaef223860d3d75737af430924a0a9328057b4a5ea066b5c265cb668dc835eecd28aa4a3de |
C:\Users\Admin\AppData\Local\Voicemod\cache\Network\Network Persistent State
| MD5 | cb6d6b6874a7fa5a66ffc64008ac6092 |
| SHA1 | 2580c521b97f7762619cb7a6f191bde7486f52c9 |
| SHA256 | 44334963ca1212858c02cfae449bdc5379b03e15974294571543766702548f94 |
| SHA512 | aab765b9d34f4ea05dbeceb53c4e022b755980d83ecfe91d9008b24c2c003ba5f99a94e673eadd649d933851ccbdd1a4d64461e37dc56727c58c4944ad0d0129 |
C:\Users\Admin\AppData\Local\Voicemod\cache\Network\Network Persistent State~RFe5af57d.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab2eda650b1b1482cff7a5c594ef81c3 |
| SHA1 | 42c2c663ea2cffc27c3ed3b8a66c83f077eadbe3 |
| SHA256 | ef27d70701a636d5749a5820038132e830effb7f34dbcf206b3e46ce78edd979 |
| SHA512 | ced4f8f3b2d1947f18a1254ab9c273415391766c4e821efa332d44b575fe57434da3f27065f6361b137c988643dd286fc5f5a381fb23fe8bc5dddfba8c011b82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6e884fb7b8ffd1defae831e74c5ce1d |
| SHA1 | bfe862aa7fd92ce97bb2827a16f60709da60c91e |
| SHA256 | f745c8ff6f57cd3037641cb7a3ca953f15920768b4bc324672245a61ec0cad27 |
| SHA512 | 9960d9c86b9ccb4bf3bdd34969a5897cbe4546a666c8b86dc167f1d2807b8774ffff8005a1059e59cc30afc1ceb6e693c8b24ed33466a29e1cf441eb3be59729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ad148b392409d0616b8fd9cd92b93e2f |
| SHA1 | 44981194e7cac2af778226edda5b91d9180d1d11 |
| SHA256 | 9b8e877e0ea069e430ec05931111ddaa224c011343ae278c884e5faf5bab1741 |
| SHA512 | 56d9f25aa3556be71aaf3199002666d1ddd2ff04f290893cc1766e7c41950727adf90ca96d88a3f189855e74378b3d4d343bfff8039603efdea47a01e56122d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 928e25eef66092603ada3084421ffd0c |
| SHA1 | ecf173dae9e8ce342d925d33f331350a77569495 |
| SHA256 | 60d25ca98defb15fba847bdbc61ee1c3a8325e4a2cb0d5a6c5e00328571873b7 |
| SHA512 | d9e0fdabf91b65ef2a60963f5b41be1dfdd552344f445bad98b30adcaeaeff38e8d12a46d496c257861e386819cd5b188d0552655b2415b67702e79f4dc95e30 |
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2660_2116094413\manifest.json
| MD5 | 2648d437c53db54b3ebd00e64852687e |
| SHA1 | 66cfe157f4c8e17bfda15325abfef40ec6d49608 |
| SHA256 | 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806 |
| SHA512 | 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828 |
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2660_2116094413\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b524948d2cb4df6a1b6b3e18e54bf94c |
| SHA1 | 121fc4754bc73c9a573a1a963e55e6c66be150ec |
| SHA256 | 6a94b0214f41998d3582aa65dcf5770ad44ab45de181649105564009cfc1d158 |
| SHA512 | 7e62991fd9e27d26dc6a454563abfd91c13c19d6cf4ae0f35c6f62cf629749675e5172ab7497c1798548030b880bc32ce9c0a85dff32d56a32cc83c1c95a7819 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a927e0f1bd6924dfc0e630676a7bf9f |
| SHA1 | add0cb4956388462042d05a3a08f275eb69a1c49 |
| SHA256 | bb72f086baee3c15b7e5ff94515f5f741e656d73d8acde3b3ecf15fea1ff940c |
| SHA512 | 830dd27802bfcc9637d83d796a553232c4ed518f3732d93aa9c1dc752f8bbb82a5681aaacbc0bb599f076d8e9c5ff754950be027a3ba3bac8cff9b87bcc61404 |
C:\Users\Admin\AppData\Local\Voicemod\cache\LocalPrefs.json
| MD5 | 656df3700d969d2959b8f814f468a48c |
| SHA1 | 979f5e5c17c486f74e75492baf017bc753b46c95 |
| SHA256 | fa52f80b1046b4eadc5dba9e6fc22058283bc78da9c88c6c34d1a405363e882f |
| SHA512 | d9da7c76b95fb812b5d7d4aea82e63faa1c60cf4efa43e4fd09d76c628587dfc40fd9c4878bb64cce7eb93536532ccbb50ce9af6732c859054e8239a7c73015d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38b6769e904cba17403d44b14195f9f3 |
| SHA1 | 4cb41cea95a7c0da859b64ffe40afb25f6302079 |
| SHA256 | 8012e70124c99d937bce5ba5b41ef98305d7bd493cc39f46d42f2ea17e0ea8dd |
| SHA512 | 2738162ce57c67413f0e55cb8183b9828fb1b62ca970c3c25bcd08a36d91b9f79d16520ab6b27477cc77619c873e8d6c07524ca10e08321c81bd72f0a53c929d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0cddcf3a20b688662454eaf81c4ea60c |
| SHA1 | 90427c40ff4d49f0082dbed705e8158587a56ada |
| SHA256 | 1ed91b818997edb3a071d62b217196cf87eefee78738032c77f908f88b461fae |
| SHA512 | d2f93548f73b2da256d8f5a8d11fcc33be29513b041c2511baef78f05cf110efe74d7972ece7fdcf76b23d5c81a1933c16426d385be0cd712209270791877f37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52840c61a9d4ced0763b30d24010bba9 |
| SHA1 | a742966eec5fa6e8183a958fc1753a628788f2a0 |
| SHA256 | 3a4ac60a501ead45bea0037d2dc17d10702b7bec3a6b3476148292305bb65d2e |
| SHA512 | f27f847e7c501a83354350a4aad32f03f8502e8fd51428dd590489fb382ffea988eea2a0e8031137c92fbb59d53c95878e4d1e20b7034e651e98d1874677c100 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 141263a0f116f5eeca6710cb295baf09 |
| SHA1 | d47fd4c252bf2f2d71fba869c82b2ee81c8ca082 |
| SHA256 | 923c90f9b888c8c3f93c90f6882ebbcc55873eec6a10faf901586a15a02ed5b4 |
| SHA512 | c5bd6889cfb687e61a4d168e2fe75e5d773d5a408bd930382b161d89ff0c36d690feb4849d2a04c5aefa31157696fb52cebedbc1e089cbcdab223901b3d417f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f51c517a43072c4cf1f239fbd9f74c6d |
| SHA1 | fc6cb083cea6aa67a77840a189917bb88448af46 |
| SHA256 | bab838401accb2a76530f5e4c5e39168112309228923eb926319c16e68675b37 |
| SHA512 | 1352d60efbe4195354802962dde2742d50158f334d0a7084a13e3fb672b38e0ea3791b250272166fe85117830999fbb74c64f7fb6c4c3dc02d56e344bf9b5df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b904436e5a91efd8d0fc5a31da4ad489 |
| SHA1 | 68375be935c9f9e0736f04f33492d9428059b038 |
| SHA256 | cf386af1b2d26061d53a220e33eedb5e7a1a6b9fcb306ccb0905ed09d6358cce |
| SHA512 | b0d40ba4a23eece19bc83780ac761b272ab5df80f1ea581692fd422bcdf29f961e5fa92cce13450b4b390c119ee15568d7e639c837700568bdf2d4d9584edbca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0678d5c67d34bcb35e209d940310f169 |
| SHA1 | 301f32dc2bd88fca5d4cdffaa4b2d57aaab690cc |
| SHA256 | a1c3ef67eb1ae5d277c28af0922a1c4dea903b4b60be51ef4355ae677eeb72b0 |
| SHA512 | 1f41c42adf99d654cd9fa897b37810209f5df2ae7d04cf01374dfe7bd398984efe33bb2b6c8d0b49daa79adbbd3a5d05586e73e1363fd1bb95c4f2ea39d1705e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8fe29b39c5aa42e5e80d448ad6bca096 |
| SHA1 | b6e24069979cd27bea231e9c535ff31a51918c03 |
| SHA256 | ce6cdc9422e3cb422815a9dd47db5d633696daa44a6bdd1a52984ab7e049da4f |
| SHA512 | 6dc2f54883bce0b9c4dbd544bb3b998db3c500a07c413df1dff0e16da36b89e9624a6ed5ee859b0b9ad259ec29c2db652c813f5b41f86f164b9d75eff9875453 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c84013b7496d01b8c36bbe12318dc463 |
| SHA1 | 369222ea152a18a7b2bba2164f0f7eb0d4177a42 |
| SHA256 | b8608b1d88e8c1106444e660761e4d4bb167df95ed100095c5f6fe21b15fd26a |
| SHA512 | 0476aabfd7b23c069662b8203a7481a333abfd53c2e75f6c9d7930da6b590fab22832fb2eab68eb828c863e266e3c376e0b0608396175283e61a1a08367e6259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 171db2a33a280a288ce489997f999ee4 |
| SHA1 | 408ff35a0109f716198d6842cefb64c652983ee4 |
| SHA256 | 9b41cbd9402153f9c2c026e29f7a1086347797d52c90e1512583e8917661421b |
| SHA512 | 5222d99e162c92230940d0c1160e98b363b8fb79262cc0dad24fee2a1a8cf82047ef215a1f28e79591add37f91f216e31dc351463084619f9c0b9b0d237ed675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\17940795-9251-4922-aa4a-c346530551a3\index-dir\the-real-index
| MD5 | a0c335396e8e8e53a25485c2a54e92a5 |
| SHA1 | dbb537c3b1e81d446cc19bc475dcd244fa9d5256 |
| SHA256 | fc01cc0734f063a4ebef1d098b142e29888daf066214cd94a3a545fe41be5684 |
| SHA512 | 6513e9fe5e3fc8dc0bf25b15b45d8d3f26eace5b4a6951179bb29fb3c70dc0feed0652b5c4b8d1bb085f0dd1d67e2d641de57a41b395c869de398619870543d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\17940795-9251-4922-aa4a-c346530551a3\index-dir\the-real-index~RFe5d6ef9.TMP
| MD5 | c9ea22fee2372825187618b60417a1c2 |
| SHA1 | efa6aa64ba2f1cb6e3b369ab9a640fa45c791dc5 |
| SHA256 | b0b4a00234f6cfe2c77944f6f435093385ef45dfa8537cdfeee2746af266a626 |
| SHA512 | 18f57fee5e7d8e7731f9884c3ab87c19fad34528ad0892ac67ec10a4fb7a962bc6f1c1bbe0dc7fd3421f84da8755f36b033b854f43a6ee97fc1bdc7a0484415b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099
| MD5 | 4efb9aa5385421fc5899f9e7abf7e8cb |
| SHA1 | 2572cbd83a21ce01f315c126505f20f5e52da704 |
| SHA256 | 1f9c006e426f89d13e2ad5550f1eb29e85fa4595b31086be29cd9adb3cbdc960 |
| SHA512 | e4ac6b0b72ffaab0dac276a764e6bfd7c78cb07024adfedaf0542a88515ca57bbcaa6c679dcf0f221f2da4840f25aedc08cb0a68146e181cf776b959b5463d07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a237a48244eef094d31ad803e1727a5f |
| SHA1 | 9ef99982c660861cb2431a64a2d502478b5caa31 |
| SHA256 | a93e73ad508fd843b6bd33ff29e5f221d9af834f4040d0fcba1fde16957d7926 |
| SHA512 | a393a1413e5b75a2a158103a0bcbf3a67b9cc1da89a23d2db318037dccf0341a6f378ea2a55cf551897f459cca6e63cc78de4c7f62efebfd4fa90a1f982b0fc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 1c9b119530cfaa11276c546c6a28dc4b |
| SHA1 | 802b57e59b1653e01132a2b3c1068d975ed33177 |
| SHA256 | c103e0ab921aba7f72967c30a82d33d11b7a342838b96b2d9b2901c2556748f2 |
| SHA512 | 12da5bdf0f2616170c3e2558b4a48d7075b4c1db12eb5a76bd5c42fa9b95fcfb3c771443f9d59a9c315b0f9481c190f6466ea5d5cf1f1c82fa773531cd7b2a4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe5d7571.TMP
| MD5 | 4b838a099321cf632ee271cd78c3665d |
| SHA1 | 85c890598c19e8c152a7865a424af01f87dc5b40 |
| SHA256 | 6abde48fc2de20bcd927e1edb9a1cc5939b373cea3815822bd4f2f4ca5f54135 |
| SHA512 | fa7dd39c355914b1c87af7cad5e0935e6b65cd61bb8c3cc0ab7382df4287a338e26c065039fc473bf0e06c97bc339847b8ba5ddadb8af2e8cd2f33a07c252aca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 09096afc8eeb5aca4a956a0c099d8918 |
| SHA1 | b7d905d1c7127de0840f649dfc315e265f07f513 |
| SHA256 | 6d5619afb61c15a7e1694938477b731edc0094eda41491fa0681680529ba53df |
| SHA512 | 4f7af94705cf87f8afbc8b438963c083fcafee631c556ac1b9fde8feed7f7c474b17e1b11aaf87c25039aae758fa8a55bb382c625c48c47dc079761f856c76b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 97d5f65881dcf1370e0f450c74916071 |
| SHA1 | 8356aa6595b01f1b3d60df82686d78c6b573c033 |
| SHA256 | 3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc |
| SHA512 | 7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | ceb9d109db3a0a4b84dea2ebffb9198f |
| SHA1 | 4512a8685090aeb478d508a626f93ce2cfa0aa2f |
| SHA256 | 93def5610ee9e624855572c88736496886b7d6574a3c53f767ac531ce4a3ffd8 |
| SHA512 | 43744a790638134f2f424b16ceb1887a53fd4ce474f3243c1763e80f6ce37cb1b48763040b250cf76e602cb63daa54a700898253c964443a717b8e2e520bd5de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 53086bcdce2a185e39989ace94e92b50 |
| SHA1 | 48ffb1133ae7b5e71e4948fd6d0a019c6fa65ceb |
| SHA256 | e9466727da90b5649f6c76de2304f9f38b026adf9e33f8a143293e76cc7e90f6 |
| SHA512 | fa06fdae917d4924c375160e563ae76abc4c43784d9a21470ee4cc7570225b58174cd6fdd9a712198cd2698e779594197b68f7e237a2cf3f05e876a7ba84af8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 9bd8afd16de03fdaa2c81de6b4b2225f |
| SHA1 | 4cefbdb95beba6ea6a3a49f09322f7eed7758377 |
| SHA256 | 1d0ddf9cdf2988f7a46ed719db8e9113cfc70b0033df4e1492987682b53f0537 |
| SHA512 | c352fec902ae11d73783bc811d3096267109f5ffb2ffa4494bab46f6a7241b2d75661aff4d25917fba78f9ab3084af23211088879c9fc6affd30405abc935e5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087
| MD5 | 1784d82edabfbc66aca767eb7becc500 |
| SHA1 | 6b5e78f735d0d09fec5ff94efc3374af2a75ad74 |
| SHA256 | 7ea81e7c911e5ba134b67278f0d7f2baf4e652243c57bb699030ecc77e85619a |
| SHA512 | 852dbdb202cd0e83dcd4b2e83a9875db060cc2202d55b9b37c3514e8e63f1d12178a3ba24ea6e2cd10b57888c56477d18a6883e520bbf7092c3f9b2d33746849 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5a12cf68b8f339300d793e7d677cef2 |
| SHA1 | f4b49fb22b4ccbfb46b222d2a582a11c41fbe1d3 |
| SHA256 | a952f09081ba8bc99b7bcecc5edbbb3c78ec4074d95d390f46ec1092af4c8db9 |
| SHA512 | 5103cd2e73741e3d139b88c15bb36022cadec558125304f9e1686e9e6e72a5b5ce508d93f54465a415a9ac42cea066a1becc2230fe16f5936b43f0fc78bab5bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df
| MD5 | 823cc03dc2a57ff7ddcc40c4728be9f9 |
| SHA1 | 385a6d029a0d1efd47bf12fbb64a018a0d7737ec |
| SHA256 | 29d4725dbfdff4c26719db2a8c3b065e6911745ae745717e688bd22843eb3053 |
| SHA512 | 2a572ac4f1a6d1ab42695892d457acde1887f2ba1f786823afb805aab88edc3244afe3a7a5d288e616b8031b98e8a084046da55daa7d8a42498bae0b2322979d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0aa19bd70c1d5810f13720d6d403279 |
| SHA1 | f2a7dc161db7f46fe9999e6dac94ca4d441afa5e |
| SHA256 | e9a89de057b741ac389516a0a1006ac07e227ac6ac4eed10ea0089df947ec904 |
| SHA512 | 40dc74f65d53c4930db203ff161f182b499c0c11f40b24b2b0ab3c8fe0a3ffe572fec7b90c147ee1b5683e22a7c15e94ad0b43d2e0ef95a681a98576301b4c9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2513b0e21124d73ef45a382a13b76d75 |
| SHA1 | 9cf5e84cc6a1cd7cdaf15d190056ec8710f2efc4 |
| SHA256 | fd15e026ac1a6a04448cf3a6bd285f0e0efc59626ee0a754de42bcb14e45ae3b |
| SHA512 | 1dd9593432e17aceb531f931c555c742514ec15ca179183691a562bac52c5499bfbea1fe70f18ace7d3c6c6182c09e14736b61b8ff41912b8109e186f05f1044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
| MD5 | 09814414996a9057923d44f7b0922b3f |
| SHA1 | 377225e02f4dcc73717a6a0d8a60726fdcd25008 |
| SHA256 | 88f123b738924069453c67c1b7ad158833c13a6699c4de0d57c125b41f2e664b |
| SHA512 | 3bbd20fe3fa0718e8944f1eb3035c520a4a6c1703561d1a171453c914c1c8c470d1436243d3cff31eb36c205ed43a5850c85f9958c9f58f24371ac006ae4693e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
| MD5 | 712c793349abe1987ef8d693e34a91cf |
| SHA1 | 5e35d51ae90040f4bbb68895de824aab0f500b5c |
| SHA256 | 585dbd6df27b9a7b606d1a12b80f99029f3171324ee5d99c153ea9e41cb70e7d |
| SHA512 | deb1638e0b464be8d28376f19963e93217b5b2b13979a516daac71f48620e7b8089855aad5b99f185b0578134314312b196528ff216219f79f4c97a15a773f73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 01073cb5e0510b3fd57d407f77ef52df |
| SHA1 | 4fc5b4f3250f6d7e2f5aeaa20ea449874b0bc04b |
| SHA256 | 18802a28d1f448e57b6652b19d84c2c16660bf06943ce321bccdd4d7f65f2a1e |
| SHA512 | f8e1b6b74218ca288cb4823ec32ed3914267d5e35412429f56c6308506841e0ea9b229b1bf41b17cb9773537f08ab0e223d1dd11d3dfd9ac3ba11d1c927493e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dc391.TMP
| MD5 | 3abb1515b8e673a7b37cebac68e9ef84 |
| SHA1 | d52626084d4e86eb351c5a0089f1f9ac9d65b4cc |
| SHA256 | b06e707ad5f361d72c7f835a190b660c2153a5c6dee44bce49dbc49db9bca29c |
| SHA512 | c7299abbfa21e281900e9322c877815ab9ab933cf239d8b6e70eda310eac9bb9d7d0bdf1b360241c81673e47b5261ab668ee7dff8be2e96ff95da17bb4478f2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index
| MD5 | c6f8fced967bb8cd3485386ac4ac987b |
| SHA1 | 6b009570321f24d77f07d4c0d581d0dbcda95ddc |
| SHA256 | f6d713a37b41ad1bb76898693431fb3d6192443f54b91a7e37964ec69db59617 |
| SHA512 | 8b49f8d28489e17b14ca2202fbf78b497ab3690219ee29fdacc1f0d5c2158a9dddf6f21f932c32741dba76030f43be041829b4c5849d571c02685acdfa266511 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index~RFe5dc3d0.TMP
| MD5 | 26819be724a19ed9f8b0d0a84f700029 |
| SHA1 | 15d2700bd46b5f060961917cda2d3403fda7d5a5 |
| SHA256 | 51e8023072fcace799ce570adebf7128367f233ae6b281615dd34ff80c85cae9 |
| SHA512 | 026cae0a2db259dec41bf193b71c94ce8e4c19cdb271c32370dc77fc9ac034bacbbe9ec41084f9854ce735d9b0c4d4fe0fcce3de789746f089070f1237af7c7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index~RFe5dd014.TMP
| MD5 | d037b3c15fad06e6aebf5f65f13e168f |
| SHA1 | 0b883439e6eb7f3e4d68444a9f2993b2ead6f4f9 |
| SHA256 | d8658df1395a83b682f0c0df14996c38d969d92eda3e426ff738bbd4f42db60e |
| SHA512 | c2b7b56a9247944f8875d3fd94c67f3578da8b7d6b60977a8a3e89140281785c9a665e7ec32614b790153a78f7a87c34e139f675cbbfef91a1534ce99c5b6ab7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
| MD5 | 9e1e94b40e2b38764ac2571a9db4f67b |
| SHA1 | eb91fbcc6a122cf792381b5486781a4c25b69927 |
| SHA256 | 8ae87e6ba2e6cc298cb08089c846ac5ffb73d6bd61214fe6b0545010d30900b1 |
| SHA512 | e8c6b27ad50c64bc9e00b14c047427563d47836a0658ba1a028e98af8e3ebe2a9a2c93837ac35ce7bb4d4cf3a4249ddf5c19c6b3bb9de3571041af0c5576ed58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b4ec6383-6ef0-4231-bb7d-f4739ffba2d7\index-dir\the-real-index~RFe5dd024.TMP
| MD5 | 54e64ec0e6006425ac013d3f6dedf4d6 |
| SHA1 | 1854af08678156d3cb0ff85d05e195d72ab28c5a |
| SHA256 | 1092d54dba6b62847a83cadfd15405c87ad1e3d9d4447a79620da32420ab588f |
| SHA512 | 783bf55a51dab5bff2a117f48d4f449c32c4de63e3aa9726856a0b116c699f1908b083fe9c24e6c100bce081d4b453106f2975a356da11fc41ea0a2b20bd5304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b4ec6383-6ef0-4231-bb7d-f4739ffba2d7\index-dir\the-real-index
| MD5 | 3e05ac097a8204bf24a46ff1210541f5 |
| SHA1 | a9a9e1820a007f576f85561ae3c93ce163435534 |
| SHA256 | f6f636fc9ed0be08fce32c017d8233ca8fc0b65381364cc68b67ed6c8f6a5004 |
| SHA512 | 5eb16aea1690eb0b5e423d818c9ec4abff28f371e72d4f30d64f95ddeaa75addbfd61d3eb9db23d98bfc9ff3aecf7ff97ef71139969d44ab6090625de75caf6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | fd21ca48ee2fe771edbc4312b074a1df |
| SHA1 | eff7f87e4378d9db9430867a2f0d3af76ea54263 |
| SHA256 | f4b72391b3efa1271484d48e0266d0286a885608afe23f92fba98159fb541bf2 |
| SHA512 | b7a123d210d2050af7ad6485f682787116ce90e0858843e0bf4826f6035bd4535850c1d497e08ed587692bcbe21d3370c6962c499816fe292b1b430724ddcde0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6df07f06f61de3a167d963dd0048233e |
| SHA1 | 14bd389c4a40b2ae6a174542895c02ff4779ce64 |
| SHA256 | 20c97e62ffbe60d0412b646aaaecc0976328e72ae3d3e8fac2e740c4f5a5be86 |
| SHA512 | e0314d2e01e3410de1259fe5113cce4656f524541071bd7138e612d5644880c2d2a2f5a99332829369f0963095a5f3844ea8827c373b279ac72f439a30c6e195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a
| MD5 | 393f6e04fe1febc491f93fe20cb31448 |
| SHA1 | a78431170ec1b9bff90c27879a7eed693b328436 |
| SHA256 | b5326dbcc52c1487423919a7a23261dbf3a18f18e541db3d6ab131eb1a96bb27 |
| SHA512 | aab2639908888130a799c8255e0ae7340d2adfb8474030d5ab197836f6409287a7b23f6a2dfcc78610716f6235a58fd91f42f748ef46ed23f87b8d9df19b1580 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1f7db58bf28700b7422824c2f78ed07c |
| SHA1 | 39c8e818f97cb269f1dacbe7255d62d7761e75af |
| SHA256 | 4372c4852a57b9a1cd955be53113327cebe7df647c4f6c2a57d378ceb6728e52 |
| SHA512 | d302e1e8b365708d516a97a7efbda3bbc0ae6cd47d2f7b34f891b5970dd49c12071fa2c9c8cc5ef89bdb79b9110838228170e6809fcfdd9a4cdd3ce3f7f62305 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1e7619f077d0d71abac499ed85af0a3b |
| SHA1 | e5be8873abde38dda5628503452552f2c890d57d |
| SHA256 | 418378e8f6993248b7533e12239401e64715fb03a85a5de96d56e53bf4b4c638 |
| SHA512 | ec46595c3cf92fe53654df784a8c6c9f7c2a8666212d1042581c5a4022611190277b89249a107c901fc67bb788e6e60bdcb798f1d399b576732d38edc3a381a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88dbacebdf751acb786c125118b8f3d6 |
| SHA1 | 6c591cdf1ef473e9e7cce3dcfdfbefc988e8bfc4 |
| SHA256 | 4a4048e9e8bfaf8a1520c03e678153daadb1ef4beda070c8fe0f1eb47eca4851 |
| SHA512 | 0e9e92ad83b88cc4516b5a900a8475805ac346d43fd66c46edce1643a56863a8271a533cd2e11b3735f8516d37ba4a9f5e4fd295e846894e162fa02eec8ede41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 879953d6fa2e0e68dd572c8b6a81d233 |
| SHA1 | 8f88e8a8e1c571eb6bb3e80255fbae6f5168f1b2 |
| SHA256 | 0b16e27e7c7418decc33d8d01e0d8de6287d0084fd0180edfaec3b096baaeb30 |
| SHA512 | c49eaa7c1b76904a3711a1d6b14280a2096df6d6e759d7197140f7befe9a69f2662ef1bd7a7e47d0642a789f2a7a7dcd63765a702c4d92b0500c30ed33486387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b26eb92dc28ee05549460f467f27489 |
| SHA1 | 478f7a9863eca3e1cce5648de49120a4e4763518 |
| SHA256 | cf60e789900f2db60b83bf0e50d84b78d26bfea4a0fdf544eb65368d99484939 |
| SHA512 | 37564d578bcf28a6714486847c26bc8aa3af799a1808599a3edf2246f4c56f3ec53763e8099aa93d99ab21c02f8afeffa236196cf1f9ba7491693c32431c8459 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0eb9ec3c85d631ad8a6545b5ef4905e2 |
| SHA1 | 1ab97addb00de5be5b9f59e715f400adf3ccfe1c |
| SHA256 | 3541be8510e62e53493e0a03c1d593d88768d07548dd5c07c1972a451ae32e7b |
| SHA512 | aa1e2e320751ee97a2deaf5c97db9ec84174f12c249ecb2bb7829a64a0f7015e825243581fb05062bb5a150524355700fb8e2fa6d2edf1eb1f6a95f3bf1fd15a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40f92a03c6e29ce35acd661a5e65d02b |
| SHA1 | 994e3711b317e9d6ab9e08ab351a73d5d4f8ca72 |
| SHA256 | f6ebb56d1f9bf988082c03823d1073482f456428e98197fa827546a84f384858 |
| SHA512 | bcadc0dd25b89e5aacc5b1b19401dda43bbd124d24b4089f8cf5081b453e5336a1572444a286c673f968d71e919ecac9edc40f01ab9ce24ca2157d011032b401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
| MD5 | 0af7105a069ce1b45a80188a70c4b019 |
| SHA1 | 6e0e45a9778eb45ed11732d1ddaf539b2066a811 |
| SHA256 | a8af5cfcdf94bc0b7d275f025e6797be47125fa9e1932a8c7ffeebfb16548049 |
| SHA512 | 56287d17cf30b8444455b706d095bf801c7586bbbe23929c1bf3fc83b45debfe4c1c76446988e03eccea443ee139c7e7d249de400d4e331d320c1c03168e4eb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 01a2b2206faba810d476ff8642197eef |
| SHA1 | 2a6587882c21f8011e5a086416c6e48eba1fa04e |
| SHA256 | b98e656770e3cd01831e853bc30f05f941dae682e9c2e84ab92612ddd4c1b4b1 |
| SHA512 | ee6542c48e7ad6fc8187df88369e4e60acb2da150502d6e47105811895eaf35cdffe7012e99b3100e033fd291e741fbbd49e19da94296aad6de6c2114924ef1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2bc7be32310c1d8487b070e928f91d81 |
| SHA1 | 2e3056d792ca46d305588da658d4ce45b97b19d1 |
| SHA256 | d3a538a2762d35f4bd763d555ec9e7c324975a109123fba3b62f9b3525699f3c |
| SHA512 | e030d2b8e33bf43fd330fb14f2be96caab61b8e802d352088052ffa269b82a42df71564466aacfb816570c53e2d41b4f893965001fcdbb411a132c45c1b14818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b9ded0069b0c5144e07be70c271102b4 |
| SHA1 | a44dd17aebcc02235296e9f0f81dbf3cb8180d32 |
| SHA256 | c90547cc5c009ae32b4d3593e6881affc3e8e8b63e1f77b94b93e3567522f9c2 |
| SHA512 | 157bbf632c7bdf2d3735380a7ba7df307ea6f0ce03a17bbbcf8d17ae3e033ac6a01ad231bf9a8fff356e056590b3f8d759777bc746c362e030f5a20b528911aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b69bc22fb671837e4f303c9651251e67 |
| SHA1 | 4cbe2004bf265f672a9276964bbb85899face541 |
| SHA256 | a1b58a76bad5f7c4d524f8e9b995223afccf8974ab50e4f812949d6ab8dd25d1 |
| SHA512 | 66ab1fa63ffdf453d443e63015a81904b9af4542ce3d34e95f9e4034e294e64331abeb9191f89d3d7192080d5f50014006aeb1a23a7d986945a6435efbb3e130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cd9d4a5a8630895b23730bf3d0ea5a45 |
| SHA1 | dcc14f851c33c1b987a5da5772e8583b4a376255 |
| SHA256 | 5359f07ab74320fe317078e69f82914b48ccefbc816b35f92d2b7d0bac38a5fc |
| SHA512 | 8c3917b3bbe4991fcf3e8890620592a256c91ed1db09c88b441e26a210403576d3c28e5247f8b3788406cbe5398c202f97778a6071f3511a2a73d19e53a14674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | fd2233c557a06a6b9da52700555123dc |
| SHA1 | 9552735dfe2d3735a3d96a8e56b4ee9d605bdbed |
| SHA256 | 2d5e4dd8361f8ea6ea73c330886acdc6cac9bbd3cc4d447c6f115fe418e84539 |
| SHA512 | 6c70ccf83415eb07fe573796b397cbf3220f3faca22beca0b3a763bb39226af02cb7f2cd2ff424ab075d74478cb7c54966b291198b47c5735737218d768c2a86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 676eb8a0a8567df00ced878d486a70d8 |
| SHA1 | ef56d12e3abddb76d85314bf76115140d2f50fcf |
| SHA256 | 7b10472228a8f61b9a152dbff160b3fbc3dcc7663175ec5a0a40fb2bdac93e16 |
| SHA512 | 32ab782e88c2db08ea0975605f4f509a23bbdd6a74ab38bacbd70bb228c8a3e042f56d8049d95dea9f670f047d02ada87b60aa77b3e8a49da5d3751f0fbd3772 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | da07ea6bbc7742a4826a44c0e14de9fe |
| SHA1 | f4350425c09309bd73e8ff72349300149d59a2ef |
| SHA256 | ddeacb8f7911302dc166dd00b45b0543b575c1aeda61406af964cbd7b40420d0 |
| SHA512 | 92aaea504d9e9614fbf5a85285aeab8d8e6389e240961c8d722d0b3114ddc2602d6ec0ff34a44900c253ce3694d9ef700ecda2fa8a93a1c56be08a06c798b53a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 9ffa372552c67dff9c0bc3cdb74c4fd1 |
| SHA1 | 4b988ea18d121fd6463d0dabaaaead89078017f9 |
| SHA256 | 1e3d2448b8e370c3be2c0048ad7001c7542ad10bf76a7ad13b8ed6553a200eb9 |
| SHA512 | 94fb7f3d262b88c3625740c4adf5c306b49b2de847a3bb48960652132a03ba162773463e15d3891171b2826acc65f8d0bba7e453e9aaf3bc4ae1fd08f1aa995c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 61259ddd0390093b233fdbf9fdc77f2c |
| SHA1 | d02d678694be2e64885ce768637cafff6d6c8deb |
| SHA256 | e66ad2b6d45f79fc8042fe86f97a14c8e4c8acf5d05192aa395c81e9247d336f |
| SHA512 | 85822911b9f3f5a1f815a7801235646a411906de8d249e2bd67e8c5b38b1a506f2cb5d08a3704c456192c606142cd70abfb41ea92b2c9b1ae5947aa2bda9c4c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 140c84358f190984a9ede701d3e91bce |
| SHA1 | c39534254b33bbdb936592a07c3a543efce7546e |
| SHA256 | 8c0695657dfdbee8fa5871199a9bdcc14ade6529745eb45efe4af5c1bcef4926 |
| SHA512 | 01873a8df58ae579f3d7c08f5cf6ab2f7316882b959313482058baff734e7b8ebd03ce2e8ea45b676b585025142332da244eae122b98ba7ef7b955139b7c65e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | edecf291a8427e307000d59667aadd2b |
| SHA1 | 02c3b122291336b2b0c28cba79ff1cd2568e8cb8 |
| SHA256 | bf580034de38828818f28b5b09fbe955322ddb85c8d451a7a1d0ffe923dd690c |
| SHA512 | 989c36b129578766afdc3ee7569b1e401f5c3d07fc0b11aea61d179ac37c7f73e3479e8ecb0ec99a9b608aacc7b5e367274e32ac3ac49212b183b568720a6176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 03b3363a8eb171d66ad972bdd618df8f |
| SHA1 | bb89396620557a82c20e58c64758adbcfb38c64c |
| SHA256 | a44e46a8e0cac4ee5a71c5ff3ec7cf604d62f2b0acb16b30f81cf6045e3b609f |
| SHA512 | 0d6495f53185d8c7eb021cfa1f6e14c29c749283ffc00fdceb78755ddd665e109d35f0b531e2341609c4f9912f579837b62be6c0bb924d2e5368bf2ad93eff33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 964d978820b6a7b69eb435cea1c9fc29 |
| SHA1 | 9cbf63febf5bf7f31c10b94b093a060d20acfcfa |
| SHA256 | 86ae8f2f3fe7a466f4bb65a8114b89df06eb8c5076efc1050c0d61efb38cbe48 |
| SHA512 | 773f8aa39e61f5c9ce363e4d11c7ca054fdde33bff5601a60b7db5e28c2c78a3c75e83385495b9491b260717d176dbd447052f5bc36b3bba6176209342fd990f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d01823a39d4ab685d04e47b59d43ef09 |
| SHA1 | 39a4a2cee433c6b64669098bf15278b2b87fa433 |
| SHA256 | 267839f53e7939e9d86a377e87dc9db9ba5c5ce62ad9331f3282e3dc2de7efdb |
| SHA512 | de51a7fc977ce21ed78072dd58626a4a5a60b063f74a99b9c669eab035d09ccecaaeec750bcbe00297df0d385e63d1612e14be113de43b68c0d4dd77b4223899 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37537e449938674310daff7efc6e4ec2 |
| SHA1 | 70ce62fb4a08f328bd928d98473ac2c62ee72661 |
| SHA256 | 90ac3d4c6ed3236dcd0f8cb5da148988154e5703d16e9ed0e5d5d71dc28e35d4 |
| SHA512 | 792d1e49b41d1dd765c5d1c208c41b3e717779248d41d78dacd4c0f85863f611406e3126cf66b82deeb303cc6c3ee287b3db8cb9f2b00a1f25a7afca02297d90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 190702bee33264545fd274c8c91cac73 |
| SHA1 | 514345fc3bb565c91aedd5c950cf194d4250957d |
| SHA256 | 0a62dd6ff5466d6634c71f3a8525927cb0c3439f9e99cf10c3d1fa1ad57bc084 |
| SHA512 | 05d1dd7edf273bac7136d1544cfcffb69fe2c123f1698049ea83fa0e652d8e1a3807600b4ffab242fc726b87933efd97954732443277c83dff02e8d96cb114f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10666fd7b9e1a759a6bcc0d965d690b7 |
| SHA1 | 80cefe7ff7b997b1403972dc262106c26b19a4c3 |
| SHA256 | 19f31a2469b6c00c262cc975c61bdf36221bdcbfc7ab985c532999eeb6b786fb |
| SHA512 | 3efdee03f1bc9f3a9536134cc39edc008e50060d0aec3333c40fbabc9704539db88a2abbe224a46985fa76e9c25c72770c0740e0782f037c925d78846eb56533 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ec6b54ab62721b5e828d60a574ddceb4 |
| SHA1 | 5d1625f418290a61fab6b30ec710c0a6a400220d |
| SHA256 | 16d4f049b0c5ac45120dc5fede18991366cde46afb2ad49e931ecc012a616f21 |
| SHA512 | d878ad6fb760f4d3ef1c2d7053b220caa9ff869b5decd13895faff0c9133e6a04da836afdb0bfea0b858fd977d14fe097cf0baf31fff7cd5502df54a69cfed10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19aa86a89e4343508b6db463a97b646b |
| SHA1 | 6c6812f06d6cffa4f355ea72070882a5c472da9e |
| SHA256 | b33e7a23827b31f866696394eaf58e549d1a7e06919e334d989c1ad1050eb0c9 |
| SHA512 | 0b034fc90ac59f3c18cad0d5d7a74fc5705cabf10e23f76bd726cb54809fff39ec52faf38628799ab566ba04cc201bd1abc60dd60fe193058d0b1c612a324c2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3e8319884133cf995fa84dadfacad98 |
| SHA1 | db6774bbfd0304612c461e4196f246ccb0998848 |
| SHA256 | 9b9a470ad3196a4b8ca71e213600b0e13bcae1a663b186bab77ddf1233386924 |
| SHA512 | 9d9532a38e79ba5662fadaef8bf8d83d9888d9f610e02dd3465f9dacf08dab3ef335f661e2568688bce36d57762abcb77f53c3a737b6dc46b6af7681b1563c31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30db551ca7b38da20d2eb9636b77ddd2 |
| SHA1 | 7e8c3ef8e1e1682df2bd512257f2e41219ac110c |
| SHA256 | 4796a257a0a3f2a16dac02aebd17fbe88a2f5b3e7a0a41fcec5629b85c523cd0 |
| SHA512 | 79636a3e550631cf42bc8699e9d6675b779d48fa2b666d65218439b6bb42ae22691020a6538aaac452c2aa24ef39f96bbae716f240ae20c5f0664084a62c6102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
| MD5 | 7d0cc1f92b1e4e58d89023a24cbc6328 |
| SHA1 | be78012e5e42ab41aeaf918e4f4a0dda07a03d48 |
| SHA256 | f8a9e75d1fe48a5fe276f8d07fe6f9b96366af3b28fd07fce3a4d3a3bfc1e4fb |
| SHA512 | 53ea61325929e3dbeceb7e49fd2d0a51bc10e41eb9ff3e29d46149a6ffd19f3074dda24c7498eef8172ebf8673bfb22a34e124433ee7f22be2d1d7e6374a98e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 99b86bc03af27e7d807424ec640a642a |
| SHA1 | 812c920f23ad749bdba07d7d8e5c52cc2bee5ea7 |
| SHA256 | 26873ca3bd6c9279683d2dfff19f5fe64e46c82d01dbbd775ccf5036c6a3b971 |
| SHA512 | bdb3d55e8eb4652599f1418ce63259006fe43e8092a80ffbde69a214e96a358cc563b9daed369e7a283846329f7d5801e3b3fa800205fd0cc1b48942c7ac8b4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9051abd95d8b60f1cb6ac3fcc2b5e349 |
| SHA1 | 775c5ed8a31b5c0c1e0b261a1187b9334abbac83 |
| SHA256 | a335fd826daacaa53ac11a0d4cb80d78da000a0c59a36f8eccd6d9f91559b4f3 |
| SHA512 | 47c92347bb197c496948b087aed9991ec693082fcecba47a9d1770bbaa82ee207dacf058445b4dd9c19b61f2d9e896e506a0efb03c57b72001280682f3cdb942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\3cdb198e90f24fa7_0
| MD5 | 8b44c73530459382274a349f62a89ae8 |
| SHA1 | 6817830094da0bd88ed8a5bf4c8227d67d1674f2 |
| SHA256 | d2eccc15e74435139cbd63325fa04fc33994739458cb92d2eed1d676fa867bb0 |
| SHA512 | 055dfc1beac76f2330a4873e81b39bdff71a2d8bb4623091bab3f551ff777bcd4f4705b0ff51cf15dff8ea5ce41a08b6450709acff70df3b3c238e20138c34eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\e6b56a88b3d010d1_0
| MD5 | 5dc5cfed4d48e81068a23cc11964e4a0 |
| SHA1 | 22b2967a0f9fc139bb48eabdce7a8e0d84d78f98 |
| SHA256 | cbfb56db1d1c20cda62080ce19c1c4363d77d2625226ea6515aea3d814df7f16 |
| SHA512 | b5e228f038bd87e12c07f320e0f9a42ae0e8fd052c597522a48e813bd95951fa1c9cdc5d6da34e50f7d6f787b31a14ca3edfee716ef4ae3a1199f4ebfc91cbe5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\2e63cd3937e3ee4c_0
| MD5 | 575163881afab469cf02bda5e38158c9 |
| SHA1 | 369055e31ea8766232f43a63ca5953efa258bd15 |
| SHA256 | 696820585e60751a278d31784e3d4e5b66d15386451a46c7c1179cdabfe622fc |
| SHA512 | a70e2073d5c14c2c98564b9783d3a196e21196655aec06b82947f02e0c8c5aea9ea75052dabecef8b86ddc28fc856f4c86182ac997ba6c531fc7b21f33472fd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\d53dc615668330b5_0
| MD5 | ea0c93e4a2083191c787f192e4ae279c |
| SHA1 | b13ab6edc6f3b8bab8d990db6fb40a8f7ab70c6e |
| SHA256 | f09524a15a6bb89e0af0934f10a6f09c67b7efad630a1ec3224da9184f066642 |
| SHA512 | 6d4a268f4eaa5d57876c639c1e382ebc03b57cc4609a8cf192e1301c723732fd336925759b5d8374bce324baec3cd09d5d7db2dfe906b0cedb1a4749279a4de1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\5a908b654bee3127_0
| MD5 | d2d51ef499d755fac1bbc01db1fdb79d |
| SHA1 | 69f957b153e1b0c93458af6fe3241693b0928e78 |
| SHA256 | 1b70c10793ef8a628e2702098cf6a7a10b0cce014d6aa5004594cfd3d8b9c8d3 |
| SHA512 | 48be4c908472436c8f87d2042023526807c62c5a77b2f37f7ca66b08e20016ba6a01f5706df5144794693520b9ec901fac81a6db8845be13fec74eac52d263f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\52d63d67b59f814a_0
| MD5 | 2bec61f1507062b6577bb0ea2a5a4980 |
| SHA1 | 767f3244165f75bbb56d28f647487467d1916137 |
| SHA256 | 029c70080bc8b5c15dfe1c296b15053bdd9d38f1fbb59b1d8534d22d8dc7b5f5 |
| SHA512 | c2ad8ae9cd8df94c73f591acf3f5a344d39993c4be8667c6f8400aa0db1441dca43c461a8165f330c07f3f57a69cd29229bff3f8a5977935945e6f8f0a4239f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\5720364b2e5e45ce_0
| MD5 | 636e9cd1ab4abb6f553c7415da1b4f3b |
| SHA1 | bd50710af40424d74c986f996e56c983d711e59d |
| SHA256 | 04c0b82099cffac05c5567debfa15292d267b6bde614140e8d8547aa3f6ca5c3 |
| SHA512 | 6e78545f5b86f657724b3f9220afb42f3af8b46d5007789bba54ad89e890bcce0d341893374e61f6fbcc8f87fcebea7494160d7e73344372dcd0772cafd10194 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
| MD5 | 26a4dbbc81a2c879a58ed7ffd87c31bc |
| SHA1 | 39eccf8a742ab268c279d8a38a9d6f2ac5e91ca8 |
| SHA256 | 255dbda53535e4f261cc8d5b4aba72b60c87b2b93ebd337db58e225518fef0a2 |
| SHA512 | 02b79b822bc32bf1b594ab3d86455be310a187d8116dccd98d408793f9d3c0059e2f6382c6c0d4d09663e8ada507c9b2086ef93ea54fa96171e8ebde35f0ed9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce7a6279c1b6f5c961c4779b9646681f |
| SHA1 | f0cf78491b37fb061c733583a74834f1152eb529 |
| SHA256 | af856dac819eab91d4c074937bbe4a036e8fd65cb4b23cb74eaed9d2b5c9598d |
| SHA512 | 4b91ceb0485d9909100e1f830a700065f15d1f12a54ca69cccc996831e3b50fca13836e3183d71677bcfa5ac58563625cba3390cfd29d3959db22325ff9678e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be
| MD5 | fe7ece252c0149463b708a17ad0046c7 |
| SHA1 | 0101929a0bfd9e6ec6a93102461447b3a83895c2 |
| SHA256 | ff27002995a1e236cf207001bd3074c36da08b222c1a36f2f8bf553ee049b4c4 |
| SHA512 | 53fb8bfb73196d5b949133339664531adcf854bf5dc767f76212b84a3d10acd44e1096a1458a5e79dbcace721de9e4aa5b7dbad99cd39848d28067d21703d382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 72aa57842938e50c7add7300eadd6333 |
| SHA1 | 94e3b3e4b97b3a55261f4c62328488d1175424b9 |
| SHA256 | f9576a07b311d2374922d370f31dc5b96d7f7ee52511540155bcd70b659dfe27 |
| SHA512 | b12f4a9685fa1a434a126e66669d1e3a01d66324fdb67baa2b91fa1961b72b4662fbab6f3281beb1938100c8e2954ab33de9a2b6e963ae1e5b01a2337c9745e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd35451ec299199e8059699bc7060332 |
| SHA1 | 13d158181632fc1d0aec3e2c24c1b855622b5f2d |
| SHA256 | 6d15c98f5c238677fca165efa1d15cbc9e4abdd6d4348c229c531375ad40e019 |
| SHA512 | dbdd2ee324cf2f9eda30a124620130a50d3104bd7c7c2869ed0157f5ecfd232015090e87f780d1a2788bb916b5fb76d59b924ec35efd250b11be23ba1de3e6d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea7740cfe97e2702be453981ab816985 |
| SHA1 | 688ac56361c13943322019757f48a6c2aadb162d |
| SHA256 | 50229f2f1308201af1a1d32d1b478e474b9276b8dfce73c73cdbc196f58e1435 |
| SHA512 | 6cb800f6b0af6d67f70f18687fc907d782290da56a8c402f933deba9555ec364d8f8c46b05b2cbdda6df1d5362dbc3cb769f0170fffc2e339ddf1f8fd445078e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\23b18c1e8d80b179_0
| MD5 | 946bd68cfa955610976854870ef105d5 |
| SHA1 | 10505fb2011f2e4bb20e56b1923de678e61237f9 |
| SHA256 | 0b20f5618c0e5dfc50ba91ca290d7718517ee65c4d8c44a575b365295f02edb1 |
| SHA512 | 23fafd8c862f783d5a21e9992689ce9ee6ad93828b6c99624bb8287f4572cf34959ebb02ec2246c5076e8f6218391b3a8b24bb30407a1a8e16081ceee833a4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\c3177ebf0e62352a_0
| MD5 | 9bab8c03a35b7595833440d7336ccb93 |
| SHA1 | 15659a9a723224714907937cb5216d806e0fc3ea |
| SHA256 | 1009a4778533c51ebfce6d0ca6189746eb7595876da20ef373db128d44ed4816 |
| SHA512 | 7fe81abe5b2d0deb90656bccfd461b131877162d682fcd6a845a111124b1052b677c9a4c8d73d0f0eb5ea89f38a1ba9eedd5b3962cda85ef5e38b47f0c33043a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\4134607f90dbe928_0
| MD5 | ee6730376d73fc101fd35c620e1e6379 |
| SHA1 | 3d536477d1891832100e69e1f7c00204a0b11e49 |
| SHA256 | 6dbb700226b6ea9ca462059bd6eaa7c2fac2acc30e6fee63e1832f41799575cb |
| SHA512 | 54b2190120b18d7edd218cfdfb6787e40384ca0d5a76e0107d5bfd58494cbb5c69d90a4236821b07f8b8ce7e40b5746fa97edf19642b8bf01bfb4764bc7dc12a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\fc6ac2678e1dfd2d_0
| MD5 | a8518dfc54646f436b6fda242c213e23 |
| SHA1 | cfd7818f597ca3943618c0646252d3ba262dbdd5 |
| SHA256 | de17d19e1e607faeeac3726832dd89b64acae953e4827d8e678b05a74e8d6198 |
| SHA512 | fe5c7e9bf58957ca4d94ce3f2226e94d723bec9745b33938fb80f8d6997ccf75a5100a206b9a3713bd4cabfb1f41a1de3c676c9e1937ff99fb5827e9d01d760e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\465028514c1b8b25_0
| MD5 | f03b19980a3db023b127e7bb4f5ff01a |
| SHA1 | b7713e84b4b46b81e8f64cf846919364c4dde168 |
| SHA256 | 62d03dbeda27d28ca237c50c1dba77e085f2e045c335af87206b35a5c3a82ac7 |
| SHA512 | 0bf6e53ee457ecc790bcc0633e0a8225c2b09cc85ad39937a109ee4f1ded505012a64a019c5f1c36e277c38ad5c6442596fcb43a6a502b164fb85214f0414b9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\4550a01511f50674_0
| MD5 | 7f2702e9720dc54155504216edd214ad |
| SHA1 | 68852a1648098b627dc937f0054215b3df07ccac |
| SHA256 | a3f10ae3345c5d710e0ca96986ae8a2f268c472f5fb8ea6339c0c012f2906129 |
| SHA512 | 5c630b23fae744fe0599e0c826c815d74a4830b8449a042635542e70da20b6cb69774b25d6c39e8ecd01c0e2f9f0fedff68b52993e060cb508e66643b62aea50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\71c440e7826a39c2_0
| MD5 | 114167a743acc3762d3d3ae6bbff0c9b |
| SHA1 | 98a8f332a4372c9819f174a1762c00e956d8036b |
| SHA256 | 474acfbebe2e621339b97b062180fd37ea55361a6e7480e94d5be532dc8c155e |
| SHA512 | 2cdee0b7b286068d958c08f1ef9d2e35b4b767099e31e547980ba4d2c7c696daa1e6ebd97f58059e433abfd68a8bdb7c160e20b937306bd6b74b0d493bf0e547 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\127d7fc1f4a2bba8_0
| MD5 | fa5e5c717c694878fb4e62576c0305a7 |
| SHA1 | a1cd8106dbc8594ae328cd1e9b3357042fc39cb0 |
| SHA256 | e6398f8d6b6e21285ebff9e2d40fca2e30d66a48a01a1f0714eca76bb7b0b1cf |
| SHA512 | 0f00abf3e8543aa95f3410dcf82d710c1fdbbf98722fcd8a8501c2a31e59887b4bf83d77e58a911e2a30c7bc7d450864b78df5a353d744664de5663475dd51cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\b57983df0d220076_0
| MD5 | e82aa8b61cc736bd9301edf2e8aff974 |
| SHA1 | 7a9d4cb55975aa1502a9b667b26b2bcabe7c269b |
| SHA256 | e5d5e4ecf6bb899e8eb6d6d5dff149b7f20d60c723ce88dcd446fb8c5ac2ef1a |
| SHA512 | 0d8f503632eb19d57fda2131af5e23c9c494ce34fe4ef542f3ecaa2dd3c7cc38c1088a7c990ac9cae991dfaee7bed56a94f5509fa6096b15f16d1c229ee0e241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\08580d5df500cb4f_0
| MD5 | 183249a49858dd0ffa7a38bdf956b4b1 |
| SHA1 | a02cedcf6ddb436d16869e827c03e06c62940552 |
| SHA256 | db6098982ca6df2535f417493a8679f6d730060f9e4d619ad16ddd6cc1421d19 |
| SHA512 | 0a1a3926f4eb884a1d8e9eb11579b12d80504ebcb1330fad886a9120d879336e14c9174845a912d8b77d83d3098ec0b886e4f394994f429048fee1a993afb6d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\eacc3992a40cd2cd_0
| MD5 | 2be6c18c631c91238fbb6824757626b4 |
| SHA1 | 31bedb5637b4f7692746799146db80de564e2ba2 |
| SHA256 | d8830836debff5e7b232df5467077eed7e768ae110030b9e8e8d79d2c1ed20a8 |
| SHA512 | 6aca15b6d08595e8a5d24eaf71b36148a2f180862cdad63673bcc91bed9442990c78a8c237c7839f75475a9867982f3127f3efa420a89fdf943a7c0078adc699 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\048e351415e7f8ea_0
| MD5 | 85e15f63ba5e78757e62da889d1a177c |
| SHA1 | 65408e43a03a2ee7dc8b13c9a9a139a5be167a71 |
| SHA256 | 8605859909d5d5ff8c83d829d074e88855a03803bfc4d4b05dd46ec77dd04ac5 |
| SHA512 | ba7bc61ca4df4f03189af5c3e4f4fd600e63aafe876c86a47fd2f718ac3e3d1835480eb84a459b812333e99481e67574ba2d5805cc4bc6d622bb22a67d90c626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3a0970ffd1c7f887ea8e30b20f7a785 |
| SHA1 | 9a55641b04d4c4a9c42135f4f3d3a8e3399dfdcb |
| SHA256 | 0ed1351c685fc489427c9f6e181335558fe1ce99c75ac714768c29ce0972ed98 |
| SHA512 | 84b62932c95619cf74c151b6972ff661075dff8e4b6d8f41100ddc9ccfe0d250669842022183bf1eebae6afb85c4309de2a58d14ea7b96eb68a4ba886aaef6c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d8e46b687673a4e57a2883f54fb03f5 |
| SHA1 | fb6533c22ec714d6548ec26e695eeded3c3fca69 |
| SHA256 | e6f0d170375f0495601c613a9cb8766b3ebf990e3117438b3b6bb6dfe057b524 |
| SHA512 | d0b2c54b4851cb357ff513747e420f0668c1273759bf548b43d1645aa7b85f33320584ae6d4357b26497a05b20ef8b62cb33fbbb771bda8ead4fced40edf3757 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\634cd584-30ad-48ee-be34-7c23191be6df\index-dir\the-real-index
| MD5 | e1c5ff36654414cf3d4e74811fd325a6 |
| SHA1 | 9ddd64f5caf40f24531c33f54da994f4b4e039fd |
| SHA256 | 85631222ce204433d1cc723f5ebe7a3e5ff78fd1f2c3fd438b1903fa7d606d1f |
| SHA512 | 3cea66867e960d4c100eed1a37483d30f7afd60679bdbf82be0785b5788df7fb694c057d444b4cc8e37e5508f79b12b900c2d5fc756dc2298beff3679e726c32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a072f73a4086a15433618e3d390a689 |
| SHA1 | 00b3084740a13945be47723bf406708d13efad93 |
| SHA256 | 8b31a87618fe03e6dfd5e19d4a8a52da915c4e4110f6150fe949fa216b42f107 |
| SHA512 | 87b2dfe778e51e00b9cd0e47a83be38d3921fc9a0829d61e65589e22ca32c78584842e046e0be202c910981ca3bd14219fd143063630c489b60aa7918ce6a06d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a5e03bc6-7244-4183-8a76-7cdb2d1759ae\index-dir\the-real-index
| MD5 | 019b008535b8733832bec34b51826327 |
| SHA1 | 3e348d776490d51a52236b9a834e70e26fa51532 |
| SHA256 | bd4de1799f55dd84339dee127c5efd49d9082b963b5e04281b99b089bde993ec |
| SHA512 | 1fd72baa941482e2a610f47488c7a84af2dc0ff7da7eae213058cf1c04567d2aca6f1286087092937901b9594d57c792bbd1d3318a87fb371538e5970f493d37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 27d0ccf383734d5f39daf29af95882d5 |
| SHA1 | 37266fbbd9b10cce8fbbdab048f0b24453a8d910 |
| SHA256 | 1162a7bbe57ce71e857176c7523d39d78bb1f09563ce7a8856aae816162808b4 |
| SHA512 | 3987067342520304c2930ff9617c9d0de6315d065de074415a2301459c41a39a4ea1e733ae7e71e3494f7bbbf4e50b38b805c6b3081f18390bf541bbe098df71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old
| MD5 | 4fed1c11de850a56b94a7f493a61a69c |
| SHA1 | 19344eda98919cae7385d9991e7b65226063ec86 |
| SHA256 | 1698efb4fcd4d45d577e1e70cd8fe5b3a84c6f19d8d8c15955bf0d401cd5557f |
| SHA512 | 0a2cb6960b00a717bd2589111f38a9021748f208b2aba8e0d8557c9e84e52adb40d3f414e07e59b87c08d830395f3e7b6d6fa9be6f65d65d44faec3e2dd3a0ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old~RFe612395.TMP
| MD5 | 3e97f254af2687f31f4c80a0a2592aea |
| SHA1 | 325f0d74f65046d875de5c84b9ae27a93ede619a |
| SHA256 | 72eff14da649a522fd3335a79a971a1442f2168bd4ace162ff98c680407f2c9c |
| SHA512 | 1434721403aebc2778e011281bdffdeba89bbf20bd9851e1f654cb865de9a000a52edc5377320ebc3b9aef468469a96962ec908cec161002ca9af45a41429d04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c86fd435b802d4021c2e03beae04586f |
| SHA1 | 4ed04b4c8d39af580193535abbaea38fde761c1b |
| SHA256 | e4e3d01b3bf7764c11bc1998d1c0d585b0b14daddec863334f5e6da62e674774 |
| SHA512 | 02af752eb268fe05a085038050cdcb95ce1887768dff17275c20c8be59a69c0f475bb341f0af8013224f99cc960d5a0b5ab3572aa21a3c2fd4d91476e382ca7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5edba30e5569cda2ab642aa7cc8cad7 |
| SHA1 | c13aab12038501c979a5e9cdca24f56ffd470003 |
| SHA256 | 26872560056c927d9219940745245ff569d7159ff5e1765062df19e55f8f53d0 |
| SHA512 | 076f97c87f6fc3ca393392a30bb0372ad5aa7f544a65830d346abb29aff02ead2ec51a24c446597f5a5d6a548baf618e3863a941092200126b1f936aa94e9d86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fd766fe936ab1412e6ce7d3c9da1bec1 |
| SHA1 | 1a9fa90a2887b821e74fd1b076830b8fea6db25b |
| SHA256 | fe466b6f9662938d45afca673ceca11ff28b98fbce7a3840802b80d4666b7810 |
| SHA512 | 0334436bf80da2bd5650449604df2ebb3bd1cb3b1d9a2cd6de0f7d2445521fc6fd643d147f2bf009e7a0fc43ecf30958ca6a3a46612bfe15c6107d6a776388ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64bb769b383f1db10f94be595c5a7e38 |
| SHA1 | 064bb48bcd949767387ea006cdbcde4791d14e6b |
| SHA256 | 40f8ca0b4905c862fcb6d653be6b7ee776ebdf51233341757e8613213e7e0245 |
| SHA512 | 7f80536b89e4a3268ee01057225014d4648471eeb51eea54368f6069d444f0376bda6e7b218afdd1e5ceec1f1e3f9e4536156c8448edb8ee4d33536be0da1ab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 76a8e0072baac4e5084ad50eb5a65800 |
| SHA1 | 972bde99d6d8be070029f75a78f3da7e6c733cfb |
| SHA256 | 36738a7b4c871fb3c2a40350dc782855292ec7b3781200e839302681b535ace8 |
| SHA512 | 5cd5c9f912e0dbfa2abe6b5fc7be4bc15d9e8b7b0243ff57300ea2b515e35de0e7faa1160f902afba47bc05794119716ca972d1cd053cd1e090d578525d9a5f7 |