hxxps://drive[.]google[.]com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Analysis

max time kernel
256s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
5584	Antares Auto-Tune bundle V9 CE.exe
5808	Antares Auto-Tune bundle V9 CE.tmp
4144	Antares Auto-Tune bundle V9 CE.exe
4780	Antares Auto-Tune bundle V9 CE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\VST3\Antares\is-MLFIB.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-PGCJT.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune_AAX.aaxplugin	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Antares\PlugIn.ico	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\x64\is-O97JO.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\is-GFIKV.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune EFX.aaxplugin	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\Contents\x64\is-H0GMP.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\is-E5B0Q.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune_AAX.aaxplugin\is-QKJB9.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\is-3SOPL.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Antares	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune EFX\is-9JO5F.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-F6K7U.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\is-JJ64H.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\is-9PICQ.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\is-RV21A.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune EFX.aaxplugin\is-8NDMA.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Access.aaxplugin\Contents\x64\is-AKS97.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune EFX.aaxplugin\is-87UM2.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-HJF4T.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-DHHD9.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\is-2UKHO.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-O0R3T.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-DPR98.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune EFX.aaxplugin\Contents\x64\is-AJ8SP.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune EFX.aaxplugin\Contents\x64\is-OS05S.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\is-E5CPP.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Artist\is-NCVLL.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\is-V261Q.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Antares	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-H2MQ3.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Antares Audio Technologies\Antares Central.exe	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Access.aaxplugin\Contents\x64\is-VMR09.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\Contents\x64\is-A0ACA.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\PlugIn.ico	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-BP882.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune_AAX.aaxplugin\is-K4DFE.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-CQIBB.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\is-QA16U.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\is-IJ9T4.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\VST3\Antares\is-1S9RU.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\x64\is-B718T.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Access.aaxplugin\is-SLGOH.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Antares Audio Technologies\Antares Central.exe	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Access.aaxplugin	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\is-449RM.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune_AAX.aaxplugin\is-4GRTL.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune_AAX.aaxplugin\is-5O8O0.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Access.aaxplugin\is-OSKRO.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\Contents\Resources\is-P2KLA.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Antares\desktop.ini	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\Contents\Resources\is-1DKGV.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\is-VDMJP.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Access\is-JID6P.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\is-4PKFO.tmp	Antares Auto-Tune bundle V9 CE.tmp
File created	C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\is-T9RVG.tmp	Antares Auto-Tune bundle V9 CE.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin	Antares Auto-Tune bundle V9 CE.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Antares Auto-Tune bundle V9 CE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Antares Auto-Tune bundle V9 CE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Antares Auto-Tune bundle V9 CE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Antares Auto-Tune bundle V9 CE.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4460	msedge.exe
4460	msedge.exe
5204	identity_helper.exe
5204	identity_helper.exe
5912	msedge.exe
5912	msedge.exe
5808	Antares Auto-Tune bundle V9 CE.tmp
5808	Antares Auto-Tune bundle V9 CE.tmp
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	6084	7zG.exe
Token: 35	6084	7zG.exe
Token: SeSecurityPrivilege	6084	7zG.exe
Token: SeSecurityPrivilege	6084	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
6084	7zG.exe
5808	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp
4780	Antares Auto-Tune bundle V9 CE.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4428	4460	msedge.exe	85
PID 4460 wrote to memory of 4428	4460	msedge.exe	85
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 1488	4460	msedge.exe	86
PID 4460 wrote to memory of 4488	4460	msedge.exe	87
PID 4460 wrote to memory of 4488	4460	msedge.exe	87
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88
PID 4460 wrote to memory of 2284	4460	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe13ad46f8,0x7ffe13ad4708,0x7ffe13ad4718
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3398253848005372289,2153886967580370450,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6004

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\" -ad -an -ai#7zMap28490:142:7zEvent6166
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6084

C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares Auto-Tune bundle V9 CE.exe
"C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares Auto-Tune bundle V9 CE.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5584
- C:\Users\Admin\AppData\Local\Temp\is-J5R4A.tmp\Antares Auto-Tune bundle V9 CE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-J5R4A.tmp\Antares Auto-Tune bundle V9 CE.tmp" /SL5="$702A0,114585444,763392,C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares Auto-Tune bundle V9 CE.exe"
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:5808

C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares Auto-Tune bundle V9 CE.exe
"C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares Auto-Tune bundle V9 CE.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4144
- C:\Users\Admin\AppData\Local\Temp\is-M48H8.tmp\Antares Auto-Tune bundle V9 CE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-M48H8.tmp\Antares Auto-Tune bundle V9 CE.tmp" /SL5="$E0230,114585444,763392,C:\Users\Admin\Downloads\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares.Auto-Tune.Pro.v9.1.0.rev2.CE-V.R\Antares Auto-Tune bundle V9 CE.exe"
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Antares Audio Technologies\Antares Central.exe

Filesize
72KB

MD5
a7ca0d123c7252899d4a6372ec198e3e

SHA1
15f645713de2ec4adc24c6965ff972a455a17347

SHA256
22474c4ea7c88736a4a400175a266ce176a899571f14db9497b9895b81b7568d

SHA512
371508340775ed1b530cba573ffaae2aeea92d82e8f7bd761cd8747a549eb169c5952cbd0c6a1a23d5340bfd365459046134679c76bae0a751d184837ed47f80

Download Submit
C:\Program Files\Antares Audio Technologies\Auto-Tune Access\Auto-Tune Access Manual.pdf

Filesize
428KB

MD5
1e7a244b72e96bc46532c3ee21ab810e

SHA1
222cb5969f191dc0c56aceb1137662ba566975a5

SHA256
c0e2e362b51fba8f83d3700956acaa33a946ad16b57cda0f2896191e9d930ce9

SHA512
6b02abe416651618019d13575fe61b3a8edc609b6f51da31daed417fb78ca8b65110c032ca25d9955fc20d6cff5ec3755a0a7318fdf9caf412b55217b8ddcf90

Download Submit
C:\Program Files\Antares Audio Technologies\Auto-Tune Artist\Auto-Tune Artist Manual.pdf

Filesize
701KB

MD5
efa9d6aba2ff6c9089ce42e1c44b6fea

SHA1
8f92f99b41b291546db62d8f74d6f1ba508e4a51

SHA256
8014e006ab312980c9e0223aff0934037af3f4705a532ab3add14173495e3e22

SHA512
457b91d1a87aa7148c767e439fd2b80ca8d372197b091cfc82a4edf34658ab7f239f269072a13865df054a4273bd7b110602732931d7ef8f9e9d1680b3f36973

Download Submit
C:\Program Files\Antares Audio Technologies\Auto-Tune EFX\Auto-Tune EFX Manual.pdf

Filesize
689KB

MD5
1ad4a309ef43669fcdfc88574256ab8d

SHA1
f454f1dfcc6bb8f89eba7d269511a8ae7d12f172

SHA256
ad9b58bb3b8e52145a73d68c619865b29ed52d012e13e4f41de24489a4ef6707

SHA512
ea0b670ccb9b9302f52edd1872282f755a0d2fbc0299aaf683000c3a3345571cac44668cf25e88f5bd6c3a7b1394ca6b9eb2781acef01b4633edf4db3536d416

Download Submit
C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\Auto-Tune Pro AAX PC Read Me 9.1.0.pdf

Filesize
62KB

MD5
7305dd0a8e95312165425596b80b1475

SHA1
cfee50391b04560698a3ccb2f8efcd99f86cf37b

SHA256
2f6668f52002d5488c9f5a2d075df121c5845f64288980f8b91e343796a65465

SHA512
060d6907cfb4d98abf231dca988de4e61b7777a6e59948c34f698823991ebcfed2889d8be61515765ce38d41e3130d22e0d8352f48cb9b3456c33b04dbf5e92a

Download Submit
C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\Auto-Tune Pro Manual.pdf

Filesize
2.6MB

MD5
26ea468195e5e6726ae65999fb72211d

SHA1
b010f9731ac34651aebc8252f0aa10c3aea30298

SHA256
c4a19fc18ee751840fa57298d867001489cc9ffbdd3aa07091a9c0205de3df2b

SHA512
fc278334465827b9c24b1316bc06caec4ceee050b733dd00eb05dbdfcf4a06a3ba7570948c8391ba26a0fcbc2ba3706ed18f2b4e45a1e882de1999018f01ca7c

Download Submit
C:\Program Files\Antares Audio Technologies\Auto-Tune Pro\Auto-Tune Pro VST3_ARA PC Read Me 9.1.0.pdf

Filesize
64KB

MD5
37470225b6c55213761539cfc9e12fda

SHA1
3440b30863f21f32bd76dd7cb3278d894430d123

SHA256
53e6efe158f9741da0c15ac37b624fe2cb3bc52e4ad955be63e11fe67a0eaef7

SHA512
c84af48f0fee5eac190bf14399782c8e4f0d66c5d5c62b497799956dbee9cac61100b86f57813f72d677e85b007313f7190f4636de9401baed4e131447e67119

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\x64\Auto-Key.aaxplugin

Filesize
8.7MB

MD5
f6dddf54d6bf80aad320d1e987883eb7

SHA1
76f2093be7a21236de0560af8bce4d09e1875b50

SHA256
dfe7216cbb20f42e360fab7d15e982a3a570243807a7fb726e92da6ce366462a

SHA512
584e04396ba3bea81936a8f379292f5576571404167f21dbab874de175d144d6c5433ef2d93edc9e0b85f1554def9d5fcd265a7003e23391526365c58ae9416b

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Artist.aaxplugin\Contents\Resources\AutoTuneArtist.xml

Filesize
30KB

MD5
1fc90b459dec82e1a8b906b4418543f4

SHA1
d882e4693e6f70eb405ecd4ba86622535a5269c8

SHA256
cf6de6d28533d199b9f4226013bdd9112b3422979ed06ac7f2750cecd3c2ae25

SHA512
c356c3b0b59cdb98a70907f6fbd3882c0bb7ef33c8b44b79aa0c109832824740b9c446431b5d963e61111dcc04e73f6947abe8facd20af4daacea410adb79720

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune EFX.aaxplugin\Contents\x64\Auto-Tune EFX.aaxplugin

Filesize
36.8MB

MD5
ad045039378ab0d917da1577319c9d81

SHA1
1cf61f743d21a9e3c2ed038bde80550bfbaeaea0

SHA256
32ca304ea0f1a512403373d498c07ec8231dfc339a2b921e334c6c52a7e19b95

SHA512
ddbd1065574a3e1a5423f3ceb5edc486ffdd2218b2642275ad40dd445954c53f07448dacf4a687cbc65ca28717c33771a2ad98cd7d343d5610913504de20ac0e

Download Submit
C:\Program Files\Common Files\VST3\Antares\Auto-Key.vst3

Filesize
8.6MB

MD5
680c8e96c8f19b39340d704027ce7310

SHA1
c8c367619757be418f8dfa63a470ce9359424d76

SHA256
d2dbcc255d691e392674610f19194bfe5ddee1938eaaf950e02d9b05e8d9a67d

SHA512
b47ffd3fc79177a8626768e6b97f5e6ce7e73240b4967171dd5765b124f44770f082aeff5f7b2aa094dab4ae7c4c702c24176a89fe074deea3109a74ed67a428

Download Submit
C:\Program Files\Common Files\VST3\Antares\Auto-Tune EFX.vst3

Filesize
36.8MB

MD5
f79e3d7ce5f92ec7c8b4751526dd9a9d

SHA1
bb95db8d6219a5481d8398159cc83abc47f714f3

SHA256
44cec4da9c50bff0fa415cff635ddd9930f90bd3df816ebdbd0c942ee967525c

SHA512
b13bbccc40b550028a109a2a9060054fcad7f58247860e1c4260af9c9fab5ee32969820b052f841af5feb22ffcbbdddf118ffa5c2db6d747c842e88849878af6

Download Submit
C:\Program Files\Common Files\VST3\Antares\is-06O5A.tmp

Filesize
45KB

MD5
6e03b680fbee54e69e52a15245989862

SHA1
0136100d693fa2cf4eba38ac0314951b7be22c9b

SHA256
00999004190475604537034d99d9a2cc84355579e4b199045dc6c8c3479e3600

SHA512
1a2e8770e676bfe9c84f81185584fdf347271897637f18ccbcb1f1dfb7f4afac4cf65ab0d19d7f34044b5f5b304d7b54c9c85c8049fee0a4a3e4cabe3ae7c578

Download Submit
C:\Program Files\Common Files\VST3\Antares\is-BP882.tmp

Filesize
126B

MD5
798095cd31340606c8e81d0a5107d57e

SHA1
39d058c4d45ef84b188f7ece620106124eb3d74e

SHA256
5526ef6345adee7c693e58354dd72b095df152be62ff7298b4c6f6d0f91e2f83

SHA512
9ca995c89d3f23cd2a977fb2826da1f75dc4caa4fe965f9aac3a6d486f6558429a44eaeea35217f85d94ba6d7c2c54ab520c9a1786133b2edd103e36159e53a1

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Bright Vocoder.xml

Filesize
1KB

MD5
26541eac69ef1b16add0ecc53a3e3abb

SHA1
0b1f374041016cf8b1a7916ce94b7c2afd2c9dc8

SHA256
82ea07d40fa732e6a0f7c3af1b536c4f730c54a285f749ff9634b51f3b1c2738

SHA512
8e7467740c25eea3bd76d77b0fa14cb718630a81145ea0b8e249434d186ad9ad3ed6523c5725a4785aa368de07a4cb397f870a9b5d02a7da8838891d29897dfb

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Buddy.xml

Filesize
1KB

MD5
46db34682b02a77c8be628da4d117083

SHA1
d9c93f2564fb60bd3c222083d80723e14ae17487

SHA256
538e2f32fed5c0a82e9e68a626947c5477e2d9c16b0ec630ee6ff27c34038dc7

SHA512
71936963fd912f416876b4799060715b4ec0ae810dfe2c225fac32c6d6e5621e56f7f11b49af9b6640cd69bc392838ebd126a097dfc197fe16e92249d52dc568

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Carlos Vox.xml

Filesize
1KB

MD5
fd5fad13f4c10022c58458dfb7a5e43c

SHA1
0d5e29bad463746d9888bc7dbc3f2a9b84b45cfb

SHA256
87a3230889eca5e1c474132f34b61864238ddf9ff36bf764f7229e2ca1ae2692

SHA512
c4fc06814b288939ad6112e6367851219ca2002539abf6dcaa4018722d5f8805821ded1ad765e9f3254b4db3841096be48800026f62296aa41a7e60abaa9184f

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Classic Vocoder.xml

Filesize
1KB

MD5
66cde85ae8e79e4010f77d1e19b817ac

SHA1
a8690e3b26711147af25197072d451d44f55b311

SHA256
8c8be2b5b709266d590c1d19df1a006ca65d93ae79c7a2567bfbd5ad41de47b4

SHA512
76feacd7d1969c004b079dddfd51d0cfe3d972476ffef34b172895903a8f6542bef830d557605eb74cb2197ce317be4a96fc43476313c4227085e538b71b044b

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Code Pink.xml

Filesize
1KB

MD5
9269c17656f1804615874adc7dd56432

SHA1
9d432987f2a02caed9eef5072fa4d0cfab7f271d

SHA256
3d609e3b4167811c332a5fa30cfe7883e6a3c466515a3a0e33aaf1f9da79927b

SHA512
924c1bf5ead57a44b8ee3be825656fe9ba9d47eb6c4a2793948606b8de8d2f9fd71af6b13e927905c60196c6e93ac75a34e4557d7d360cd31e128386ddb5c708

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Cylon Vox.xml

Filesize
1KB

MD5
1e1d42bf775bd19bbb14a29f71b00037

SHA1
d189ba463f0454cf5c205d3bc25479dc20d8d720

SHA256
9392268a4b4422d08c8207629f7cdecbc28b1f6b8e6e92027578cd2975655bbf

SHA512
8e1d26f2c3a95a21c16eb2ae1b7ce1669c91cb1bb030d0b8440582a811ee0a11e2abe05712aee7ed03eb881a854a81746e01afc1dd4350035e164c47c59604ce

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Ghostcoder.xml

Filesize
1KB

MD5
cfe09d8a6d026f82311d919886143c68

SHA1
dc04753f36fbdfe925e5a43d365d1a1c546b5a8c

SHA256
772bc047d9b3db38ff21dee275c03110fcbc352f1891b2e77c67046f80567478

SHA512
a8308ea30e359169522f7d160658139ff8dbebed8d014a33bcdbacc76872c6689a474cc53e650b9a44b12b5df5dfa2e9407f4b1ee22c33635c2c93fd8baf11d1

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Intergalactic.xml

Filesize
1KB

MD5
2d4b12eb9f4e07f95d604780207cc073

SHA1
97a2191b9505c1ed8b67f801b99a6d64f07f444b

SHA256
ab402a9749bcdaccc8e58ef71520f3d49f82da87809b8134241495c92d1112c4

SHA512
72efecb924a7be3cb29388bf91114f5bf8fcfd61099604fd8f95a7213e143878215e157adc122649fae6b37c96c49fe0e80219c886d4658c6f41f50619807c0f

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Krafty Dope.xml

Filesize
1KB

MD5
c94b94d1d7988911d5bf185dc6a67764

SHA1
9af8fd6f21f29d8171c555de7e95be1ef540cc6b

SHA256
4b3cac629bae19275d1e3b1b6c6a6fa94a4b44c65bc15241cdc509073b06f111

SHA512
5d3ed640413a854ef1a7d5e6b1e8bf83d46c9d1fba758565917db7eab36a4dfd60d5c67f28a4ed717aab3d6608b32468206ef3a00c17fa786f399ef30c3658fa

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Modern Digi Vox.xml

Filesize
1KB

MD5
a6fa3da4aa9844838608e901a59bd402

SHA1
a0b63d35165096061cf866fb72ea35affa73f8da

SHA256
9a2fecbbc978be4dcaf70983e9cfbb5530c83c9fe3f8500d28c5e4b8c589d381

SHA512
20e0c9f7a521a0bd18de8e7d7fa3301647145a6fe95d61a24017e80e62ff390e09154c00e67f08c7da80a41ca6f33c8d301f0ed373c1345a4acf4956c64011f4

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\1 - Vocode\Robo Vox.xml

Filesize
1KB

MD5
64923bf07c8be9f0764df5b958fedec7

SHA1
d3be835aff9e892a81b6775c91c3161d2272f859

SHA256
53641d2fc88337c566b1a906cef6b768a602561ac4fb3ab5a4876a38383577e1

SHA512
e459cacba3928b13a5e0e4254b3c5196b9263fe64bfa589825fd18940486c836001a85cf6dcd7d22b9f7e3ecb989d90516351ac230bddf62d92352b30830be19

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patches\Antares\2 - Extreme FX\DISSONANCE.xml

Filesize
1KB

MD5
7f6df8a6de0ed215e86259210a1081aa

SHA1
71320ff5e2bbf1521d5ff64939d50a7f13912535

SHA256
0887ed7bf49c5b3436cbef2e72b1263ec0e627ab39f0ba4bf4e4d8cff9fd3314

SHA512
3eac166f7d819a6c01338236fdaab0a3b0e0175bd1f97af958e42de773a094860b58bd0da0d2853fdb9553a2bf5fef5a3d6301eac86731f115af95ad0407326d

Download Submit
C:\ProgramData\Antares\Auto-Tune EFX\Patterns.xml

Filesize
312KB

MD5
af26da967cdc3e76f94653e16f65be86

SHA1
018c6e7b863dd12762db68738001d69408dd8dca

SHA256
3de32bde39b1fadf96bd2128928b837d511e5172489c7638f08ac20e6c08b356

SHA512
9ebb1ca54d8b76c356e0314ae661fb1269fa0ac6abb9bec8c16b6d58c2a21eb415eb7a9962ff65a40a2a48ff636d239ce087db5eab4f6d6cae011d2b432b8862

Download Submit
C:\ProgramData\Antares\unins000.dat

Filesize
44KB

MD5
47403c25c1001ee1ef0f0526de18404a

SHA1
3fe50f594c764b4592c8500ed53f0c036a365802

SHA256
d11d3d11c65a88b0e67111256fd0dc41f1f2732497394e4923631177c6cc63ee

SHA512
85d0009fedaec82d87114a65f5f2c06cf1a97776af47c7dc616b860e67843e41735665f7eb75a8b785a0efe8258eb0ff5bf778bbad44f5627fc2fe0b04efd694

Download Submit
C:\ProgramData\Antares\unins000.exe

Filesize
2.5MB

MD5
f9f5ebf1286b47f1a57486bea7506ede

SHA1
776b3b46334e0ea2db686a24524526e131f74869

SHA256
0ec27dff2bd94ac109857f4995e51b1ca6054debf988ae60536f950abaab2884

SHA512
7ca8d4d9b60f4523e4ff24eab49c4e87c9e0e3462cb822c25c473af8a83076fba95d33615546bd7d6344b873b8197bec25ddb4d273f1cda451844ab9f176bc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e98111e2d1b3ca5a0acc1a6be2ec4539

SHA1
2700a5f696478aa66a0931660319b79f75b57a71

SHA256
5a3cc17a83d0c82f24366b2b31882c1e3a4b08e24d6e4a5edb37177764c1e828

SHA512
bfbecd1e8de1f5a4463e1330df898fc5020c2f806e4ea4f4d112d7eb803e8035ed0fa4807094b7b3034eb4ecb7194016a4b3f70872e50a67d100a74301691262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
202c27c6ddb951000456aebb9b5e0595

SHA1
47a29a20ed43cb3733facb912c93c4c5572ad388

SHA256
98a007fc0fcb02b192151a90ebddbb565144bf4b96dd0a110ce6e188906bee61

SHA512
c8775b25454cf8880b3966e7bd394fe815f5d822be845d324451f7fd6f666c04be9619d669f2ac6e0decff93d58817d9cc3ec6c074607f311e01854464d24bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2e4ba5436580dc2fee42d6fcbf8ff4d9

SHA1
b58272ec0bd14cc3dbba5ea63eed77e2c4846690

SHA256
73ee6db6d6dd3764ac44313153995109197f876fc114a83cbaab93efdd797d69

SHA512
382f3aeca7a0be68972b73cfbdea7f6752ac65315e05cafcc8eee3fd1be58223efde321b6c83fb1fc1ab56c589fc37f55edb99cd8c581eade28600679ac672bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5393f4fb59bde01ac724e4ea396450f8

SHA1
63a044a21f0ad89bfc22844fe23fc9942a561531

SHA256
2ebedb565c1c8251fa3aa74c2296eb71cca3522d229c28fbfc6c3a9c04912d1e

SHA512
c2424ea2611c55049f7b98564b4f7100dfe2782a05db0960ed30b3e8d558b36febc6a331d37b09f1f918d1d674b79f6730ed2e822896f6023de648ceca0457c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17d143e39867a57d971bf6170217d12f

SHA1
3e81c3f00d0fc59d289d68cffdab057984c08cb5

SHA256
0a1fd3282f427d414f04bed58a85af64fbe373d18c61291a9b1d46403d70b5b2

SHA512
a2901c10486ed7fd94985f274fe55f7d192557d48c068ecc7974230335044e43045df2ccf99e3bcb822c7a1a32ba285718422f847b214a375724b09cb46d1893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65b16009e949b16913f178dfaf3c0282

SHA1
01de413d42c63598c448fee0447df6f53aaba3ab

SHA256
c14d3a9e412c48ea5ee1a2530f7d660a127c38005672070bb8dda81be6555735

SHA512
4d49c6dcd82524fe72634627c6dad39bff5cbfa08f8028f1e43cb4105e25e3630ef03134282103e8dcf37c945b782ec5a69b03abad07896946c40a79a2c09c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36bb0fa1d7073fe4feabdc3f22c98897

SHA1
c87d9cc0397e04d7dfd7b010e256f93603776d5c

SHA256
2e1b46179804974bec9ca14dce3f837fe9194bee369574df52b7e59dedad1711

SHA512
f6631e1baef816db596cd0a517d282c37ef5c5e4ad9a2f8afa6c18d6ee173b9629d53c456e0692097807e393581cc32f019b1ebc4d59404f352db55eab17c73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30e8e8429d8dc07d69422d6dffff04d9

SHA1
9a4fef98580a92379acd5257d6ac54b71c0dfdf0

SHA256
2d0fab039d4cb9c2a0c8f05eabec7f5112219fc3e7b1a66692ecb1c2685a29f4

SHA512
7cf2c44ead37ab4eead5ed500d7753c94afd95fb98c2108b471bd56a5c4cb0375c10c25f843534e849bf3127267a202f6b3c7b9d72db28dcc91e774a04017ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7467a384b0a78b4b5d1bc6d92de1bb13

SHA1
e3aa5d781812f8f1e61d6a17c62bb2e77a207026

SHA256
cbb7980e3572bdad5f57e48bd8d8f88ef00baf245f3047f8a78b25ef1c8775f1

SHA512
e9afd8c062d7b964bfc5a13f86427908e3893aa913cb847bc6e6a9819ad881b1276419239ee697e99841070be83196b13d52788ed3e59111951591e17b5ab12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ca25780125947aa44b24c61065d42698

SHA1
de6c8070cd64cd296eb77ea7b2591019d2f188d0

SHA256
65aeb146dc5622565f0f006f2d736b7548157db7862e6d1daa0387dbf61026b9

SHA512
1212dae5c83512931160da4cb620fcbf0000165fb12fcb8990a7d31065afc4c1b22fb873ec0c8a7faad4ef22770dc0e74d8adff9a3562bd5ad3b454112c4bd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
089404ea36ab5f36fdc05f24185a2fce

SHA1
48d85300eb2f5256fdcc0013aa88adc77947c03b

SHA256
1df59249913de50ba2639851803ac57978f72c420786b0b64b2eef7f0a7d6e11

SHA512
bbbaab0fb7fa8885a206eacabc2f0fca5fc0d29b852381b3aa44e043b886a2c0084cadd12a35a7e928be0f9bcd35344e0dfefc0409ef63031f1d77995f0885b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J5R4A.tmp\Antares Auto-Tune bundle V9 CE.tmp

Filesize
2.5MB

MD5
ebbb655a85d61e4adad34d9ade0ea184

SHA1
41d3a5ab6de2cd4c45bd9545906c53ba9eaf345d

SHA256
4cfcbcffe82bc6943890fa818ded2708f46c4f85ec368de00836ac708acdb080

SHA512
a84a4104356c23fa5a618368fa4ba2793435832f3eefb6b243d1513d7ac586002449f127abc6bbb3cf199a930bdd718c6d1ec273738e1d9796d423ddb312eb50

Download Submit
memory/4144-547-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/4144-553-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/4144-916-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/4780-554-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/4780-610-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/4780-913-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/4780-915-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/5584-136-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/5584-153-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/5584-461-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/5808-154-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/5808-180-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/5808-460-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download