a0a34facbcc28dbe0b6905b29f6aa17353d40383214414e5693d4640f5e4527d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

audacity-win-3.2.5-x64.exe
Size

13.7MB
MD5

36a195ba95270d76f105b3cf7aff4a4f
SHA1

05cdc660d848b7ed2bc4f58e8a5532cd7a98af69
SHA256

a0a34facbcc28dbe0b6905b29f6aa17353d40383214414e5693d4640f5e4527d
SHA512

1d1c142737cf4188ad34518a474c7e68b6361ccbf2e89c5dd773c3a678451c9bb55cd8be2d02a4ca4bd5b59104171cd85e33f28a1629ec7d11c51cda30dbb04c
SSDEEP

393216:MNwu8pVRbrRZZDWMmzOXBerWqJ5Sb/RgYAfEo:vu8VRRZZKMXXBGimYxo

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

audacity-win-3.2.5-x64.tmpaudacity-win-3.6.4-64bit.tmp

description	ioc	process
File opened for modification	C:\Program Files\Audacity\lib-graphics.dll	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\af\is-AO333.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-S1EK5.tmp	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\libcurl.dll	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\lib-uuid.dll	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-IQFT9.tmp	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\lib-time-and-pitch.dll	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-files.dll	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\mk\is-9OS4N.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\oc\is-E9J44.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-AK6HO.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-8RDJ4.tmp	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\ogg.dll	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-BTA10.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\fr\is-S96J0.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\gl\is-Q3LJF.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-PIL26.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Languages\cs\is-0GSV0.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-V6QFN.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-04LOP.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\is-3DQOF.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Nyquist\is-QQCE3.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Nyquist\is-4Q0M3.tmp	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\lib-utility.dll	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\is-9JVK5.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-N8LF6.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\is-T53PP.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\modules\is-1BJ6D.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-II480.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-DVKVB.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-BUFPB.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\bs\is-AK4A4.tmp	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\lib-mixer.dll	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\libcurl.dll	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Languages\af\is-CEOQ5.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\is-0VCOK.tmp	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-project-history.dll	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-B3NQD.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-HJ457.tmp	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\jpeg8.dll	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-D042R.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\ru\is-8MG2K.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-N9UK8.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Languages\hu\is-BFGQL.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-660OR.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Languages\sl\is-EQS5B.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\is-LJ36J.tmp	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-strings.dll	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-2THNG.tmp	audacity-win-3.6.4-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-sentry-reporting.dll	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\lib-network-manager.dll	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\da\is-986P6.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-INHA2.tmp	audacity-win-3.2.5-x64.tmp
File opened for modification	C:\Program Files\Audacity\wxbase313u_vc_x64_custom.dll	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-8MTI8.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-S5NF5.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-32LLC.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-CNN21.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\bg\is-EE6ON.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Languages\lt\is-CEH87.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-N1CNL.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-OI3T7.tmp	audacity-win-3.6.4-64bit.tmp
File created	C:\Program Files\Audacity\is-2L2UD.tmp	audacity-win-3.2.5-x64.tmp
File created	C:\Program Files\Audacity\is-6373C.tmp	audacity-win-3.2.5-x64.tmp

Executes dropped EXE 9 IoCs

Processes:

audacity-win-3.2.5-x64.tmp_setup64.tmpaudacity.exeaudacity.exeaudacity-win-3.6.4-64bit.exeaudacity-win-3.6.4-64bit.tmp_setup64.tmpaudacity.execrashpad_handler.exe

pid	process
1916	audacity-win-3.2.5-x64.tmp
2572	_setup64.tmp
3620	audacity.exe
1720	audacity.exe
3268	audacity-win-3.6.4-64bit.exe
4640	audacity-win-3.6.4-64bit.tmp
1508	_setup64.tmp
1496	audacity.exe
3852	crashpad_handler.exe

Loads dropped DLL 64 IoCs

Processes:

audacity.exeaudacity.exe

pid	process
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
3620	audacity.exe
1720	audacity.exe
1720	audacity.exe
1720	audacity.exe
1720	audacity.exe
1720	audacity.exe
1720	audacity.exe
1720	audacity.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

audacity-win-3.2.5-x64.exeaudacity-win-3.2.5-x64.tmpaudacity-win-3.6.4-64bit.exeaudacity-win-3.6.4-64bit.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audacity-win-3.2.5-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audacity-win-3.2.5-x64.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audacity-win-3.6.4-64bit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audacity-win-3.6.4-64bit.tmp

Modifies registry class 35 IoCs

Processes:

audacity-win-3.2.5-x64.tmpaudacity.exeaudacity-win-3.6.4-64bit.tmpaudacity.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP3	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\shell	audacity.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open\command\ = "\"C:\\Program Files\\Audacity\\audacity.exe\" \"%1\""	audacity-win-3.6.4-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open	audacity-win-3.2.5-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\shell\open\command\ = "\"C:\\Program Files\\Audacity\\audacity.exe\" -u \"%1\""	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open	audacity-win-3.6.4-64bit.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\shell\open\command\ = "\"C:\\Program Files\\Audacity\\audacity.exe\" -u \"%1\""	audacity.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell	audacity-win-3.6.4-64bit.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\ = "URL:Audacity Protocol"	audacity.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\shell\open\command	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project	audacity-win-3.6.4-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open\command	audacity-win-3.6.4-64bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP\ = "Audacity.Project"	audacity-win-3.2.5-x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP3\ = "Audacity.Project"	audacity-win-3.2.5-x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\ = "Audacity Project File"	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\DefaultIcon	audacity.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\shell\open	audacity.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\DefaultIcon\ = "C:\\Program Files\\Audacity\\audacity.exe,1"	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP	audacity-win-3.6.4-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open\command	audacity-win-3.2.5-x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open\command\ = "\"C:\\Program Files\\Audacity\\audacity.exe\" \"%1\""	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity	audacity-win-3.2.5-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\DefaultIcon\ = "C:\\Program Files\\Audacity\\audacity.exe,1"	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\OpenWithList	audacity-win-3.2.5-x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP3	audacity-win-3.6.4-64bit.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\URL Protocol	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\OpenWithList\audacity.exe	audacity-win-3.2.5-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\ = "URL:Audacity Protocol"	audacity.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity\URL Protocol	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\OpenWithList\audacity.exe	audacity-win-3.6.4-64bit.tmp
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Audacity	audacity-win-3.6.4-64bit.tmp

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

audacity-win-3.2.5-x64.tmpaudacity-win-3.6.4-64bit.tmp

pid	process
1916	audacity-win-3.2.5-x64.tmp
1916	audacity-win-3.2.5-x64.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp
4640	audacity-win-3.6.4-64bit.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

audacity.exe

pid process

3620 audacity.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 116 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 116 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

audacity-win-3.2.5-x64.tmpaudacity-win-3.6.4-64bit.tmp

pid process

1916 audacity-win-3.2.5-x64.tmp
4640 audacity-win-3.6.4-64bit.tmp
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

audacity.exeaudacity.exeaudacity.exe

pid process

3620 audacity.exe
3620 audacity.exe
1720 audacity.exe
1496 audacity.exe
1496 audacity.exe

description	pid	process
Token: 33	116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	116	AUDIODG.EXE

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

audacity-win-3.2.5-x64.exeaudacity-win-3.2.5-x64.tmpaudacity.exeaudacity-win-3.6.4-64bit.exeaudacity-win-3.6.4-64bit.tmpaudacity.exe

description	pid	process	target process
PID 2252 wrote to memory of 1916	2252	audacity-win-3.2.5-x64.exe	audacity-win-3.2.5-x64.tmp
PID 2252 wrote to memory of 1916	2252	audacity-win-3.2.5-x64.exe	audacity-win-3.2.5-x64.tmp
PID 2252 wrote to memory of 1916	2252	audacity-win-3.2.5-x64.exe	audacity-win-3.2.5-x64.tmp
PID 1916 wrote to memory of 2572	1916	audacity-win-3.2.5-x64.tmp	_setup64.tmp
PID 1916 wrote to memory of 2572	1916	audacity-win-3.2.5-x64.tmp	_setup64.tmp
PID 1916 wrote to memory of 3620	1916	audacity-win-3.2.5-x64.tmp	audacity.exe
PID 1916 wrote to memory of 3620	1916	audacity-win-3.2.5-x64.tmp	audacity.exe
PID 3620 wrote to memory of 1720	3620	audacity.exe	audacity.exe
PID 3620 wrote to memory of 1720	3620	audacity.exe	audacity.exe
PID 3620 wrote to memory of 3268	3620	audacity.exe	audacity-win-3.6.4-64bit.exe
PID 3620 wrote to memory of 3268	3620	audacity.exe	audacity-win-3.6.4-64bit.exe
PID 3620 wrote to memory of 3268	3620	audacity.exe	audacity-win-3.6.4-64bit.exe
PID 3268 wrote to memory of 4640	3268	audacity-win-3.6.4-64bit.exe	audacity-win-3.6.4-64bit.tmp
PID 3268 wrote to memory of 4640	3268	audacity-win-3.6.4-64bit.exe	audacity-win-3.6.4-64bit.tmp
PID 3268 wrote to memory of 4640	3268	audacity-win-3.6.4-64bit.exe	audacity-win-3.6.4-64bit.tmp
PID 4640 wrote to memory of 1508	4640	audacity-win-3.6.4-64bit.tmp	_setup64.tmp
PID 4640 wrote to memory of 1508	4640	audacity-win-3.6.4-64bit.tmp	_setup64.tmp
PID 4640 wrote to memory of 1496	4640	audacity-win-3.6.4-64bit.tmp	audacity.exe
PID 4640 wrote to memory of 1496	4640	audacity-win-3.6.4-64bit.tmp	audacity.exe
PID 1496 wrote to memory of 3852	1496	audacity.exe	crashpad_handler.exe
PID 1496 wrote to memory of 3852	1496	audacity.exe	crashpad_handler.exe

C:\Users\Admin\AppData\Local\Temp\audacity-win-3.2.5-x64.exe
"C:\Users\Admin\AppData\Local\Temp\audacity-win-3.2.5-x64.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\is-H2UPQ.tmp\audacity-win-3.2.5-x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-H2UPQ.tmp\audacity-win-3.2.5-x64.tmp" /SL5="$50216,13278255,956416,C:\Users\Admin\AppData\Local\Temp\audacity-win-3.2.5-x64.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\is-CHFLM.tmp\_isetup\_setup64.tmp
    helper 105 0x4C8
    3⤵
    - Executes dropped EXE
    PID:2572
- - C:\Program Files\Audacity\audacity.exe
    "C:\Program Files\Audacity\audacity.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Program Files\Audacity\audacity.exe
      "C:\Program Files\Audacity\audacity.exe" --host 51159
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1720
  - - C:\Users\Admin\Downloads\audacity-win-3.6.4-64bit.exe
      C:\Users\Admin\Downloads\audacity-win-3.6.4-64bit.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\is-8MT99.tmp\audacity-win-3.6.4-64bit.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-8MT99.tmp\audacity-win-3.6.4-64bit.tmp" /SL5="$7024E,15217096,969728,C:\Users\Admin\Downloads\audacity-win-3.6.4-64bit.exe"
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\is-7ASNB.tmp\_isetup\_setup64.tmp
        
        helper 105 0x4D4
        6⤵
        Executes dropped EXE
        
        PID:1508
      - C:\Program Files\Audacity\audacity.exe
        
        "C:\Program Files\Audacity\audacity.exe"
        6⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1496
        
        C:\Program Files\Audacity\crashpad_handler.exe
        
        "C:\Program Files\Audacity\crashpad_handler.exe" "--crashreporter-path=C:\Program Files\Audacity\crashreporter.exe" --crashreporter-argument=-u=https://sentry.audacityteam.org/api/2/minidump/?sentry_key=37e6948db02f43ac856bf7edcbe9731d "--crashreporter-argument=-a=version=\"3.6.4\",sentry[release]=\"[email protected]\"" --database=C:\Users\Admin\AppData\Local\audacity\crashreports\ --metrics-dir=C:\Users\Admin\AppData\Local\audacity\crashreports\ --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ffd84c41e90,0x7ffd84c41ea8,0x7ffd84c41ec0
        7⤵
        Executes dropped EXE
        
        PID:3852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x2d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Audacity\Audacity.exe

Filesize
13.3MB

MD5
52d723a23f81059ef80e3a5ef7d5ea67

SHA1
ad32e7312d8a44e555f6c9f06864f8d261e83b9c

SHA256
1c24acfcafd4e59edc0d8fb0f504161381a4a29a3761817c4b20796f32320fb6

SHA512
d28f96618a15bfe7c9b791e2fef69b8f74bea2ba9e007a50cb0061f14552e2c54a87385c5d7271ce9fbf0f4113b416a3fe07e3f2e430a9953751318d4a225135

Download Submit
C:\Program Files\Audacity\Audacity.exe

Filesize
17.6MB

MD5
7164ff9558fb6569cb28338f121c67f8

SHA1
c32f87aa30de7e90279631c49a6c2ce293ba8444

SHA256
b4d2e903e0a0ad313425c0f8f304f8db78db9420b00659f631f88dc693e2c36b

SHA512
851768ffd747379ffb04a05135b0ebf57f783715adf021b22df6933df2ce174de8895479e3f9de48be57da8b8d9b0921e5d6feb9dd5d8befe70809cc676b7e97

Download Submit
C:\Program Files\Audacity\FirstTime.ini

Filesize
14B

MD5
95e15c085988c0b3a0435448b51e2198

SHA1
696863b3211762c9f2eeda7882e34e808eee95ab

SHA256
29e4d55e0c05be59bcbc7606a5bdfb3dfa54db83624323a72abec6800b8db97d

SHA512
edcad00dc92d3a8b2ce3707c38079570a43a93798d7bafd031cb99864f6f2ec2ac8feaea13b4830062ff9346fae1ea03bf680a55d0d379a63e47950cee11f143

Download Submit
C:\Program Files\Audacity\Languages\es\is-HG8GK.tmp

Filesize
356KB

MD5
5bd3e8c91d4c21b6dd6d2a04000b0f1d

SHA1
1216dee267146334351512ce18e41ec0d53cf6ee

SHA256
9b82f1deabc7f0ca7fc559cf714ae28d9b7da8769f51030d77b4f01ad32d00ef

SHA512
a565c34e2462f9a013d6f02e4cd89adae37d9d861e5c352c1fe09bdba2c37d04fd43fe86d34974e63c7184ae2e2952aaa74cc6464b023fcafb60be2734d6fea9

Download Submit
C:\Program Files\Audacity\Languages\es\is-HTSGV.tmp

Filesize
338KB

MD5
f6eb951e99ab2a3f2fc79e5be65adcc0

SHA1
a24542a938494de47cc95081f288d951b273ac4a

SHA256
af6be6ed519770b0e619e11869c7f5a3843dc3a6d2193cdb2ecede5298cd0cf4

SHA512
7d4b22051e6f0c890e673ed59f2e247d70cda38574e926bf1e5370fd84c2b61d95fc3270a393f0996b4021f8ed5daf94c7af10fb470e08b74f12bd29a43845e1

Download Submit
C:\Program Files\Audacity\lib-audio-devices.dll

Filesize
217KB

MD5
edacff7e3030f1ed31256cf6ce0bbd25

SHA1
114a5a2c629d8aa8ff2cce7f0d61c8069d52e5c6

SHA256
d5c17973de3c9cd35f1495a0d51b9492396b46eef100de6bac39f71ec8d0495a

SHA512
be233c9276da3ccb9635a569dc978bd822639f53414fcbc63964f1e75766fa4acffa216cc4c556aa50a769a2b8d60aaa7eca8d07e77a1da1591ecdb285e72b79

Download Submit
C:\Program Files\Audacity\lib-audio-graph.dll

Filesize
105KB

MD5
e1c1a9c28be3b845df13802005695942

SHA1
73e73d5d47a72b4500f02eba615b6d6a7c0a33ee

SHA256
eecd3239042a63b90c8ce71ca7dd0b879075ce5db6ae81d3c3cd897d74adf074

SHA512
850dcae8d62301852586657f447ebe9909f5ba5669060127710eb661ae602c32ffc21ca391b03e0406332a72441b581cb4dbca7ecd81e56967c1cc411b9dbbd8

Download Submit
C:\Program Files\Audacity\lib-basic-ui.dll

Filesize
70KB

MD5
3879a946d0f7a9f4534c4854d9a1abd8

SHA1
844b98a256acc985207b77328ec416a636f86f15

SHA256
304381ddb4dd2cb960757c304ef14ecb6e3ffb9b03b746065f26a43ef762e6f2

SHA512
59e912717b54efbc4b5339a1a1323dab27b4fa5ec6877d7ce009077471bf7b5fb47cdf596f386cfdac3e4e0312b802437e51e1102b81c6c3b6c697520a2376b4

Download Submit
C:\Program Files\Audacity\lib-cloud-audiocom.dll

Filesize
237KB

MD5
72c616227819d3e817e6e943c85c6584

SHA1
aeb83e5b6d4a9b3c656d74fc94128ea61140106b

SHA256
e620bac6a2ecd6533c55e7d78dd1f70caaa74fe49413e63b7436480b4d672429

SHA512
ee880708591e0e7b8cec516b18061d61da025a5c25683d8448c43cd55ee0bed93de887df8cf89d042be2603ab96610d5d5ec0ab21bdbabbaf393773eccaa6945

Download Submit
C:\Program Files\Audacity\lib-cloud-upload.dll

Filesize
70KB

MD5
c479f85c59bbcec848e5b91810d93eee

SHA1
8fe129c25d13e91117283742feca0b0d8f730c99

SHA256
c088f6b21590096a85de8acc2c65df36c7a5e0249904545cb60f5a1b9fdd4f7a

SHA512
3d502041cc86a05a9aacbe6f62a0629d3a21ba7c499176cef1252593b46250a998c0e70ead4e4f0fa89bfe21b287926eef3ca9fc6553c9bae3db0b785cf6383c

Download Submit
C:\Program Files\Audacity\lib-components.dll

Filesize
127KB

MD5
fdcebc7952e7377d0943869e63c5624d

SHA1
a79b0147fbef861f6592454b2185274b7c21acae

SHA256
3c344546e944b734c790ff9719a638f694726674094c96281a5395e91586f98b

SHA512
7c7e2e9678279ac3bc9b24736ccf0a0a1044dd94bf76406195dfcc29cf6fbb4ea9e56e8cf234c3aa5cf5ceaa7a22b8ac308c2e120e30f7572eb6ac03e4ddf30f

Download Submit
C:\Program Files\Audacity\lib-exceptions.dll

Filesize
76KB

MD5
3ca386f21d50f8fced57ccc0dd3d3724

SHA1
7b7d6b9bf6d043ffe48cceeff14cd7460151115d

SHA256
6235cfba9233da19964444dc5a1fb6619f72d27ec0705c3a8c82ae2882b9ef4e

SHA512
fce2f81e42dca542039591ee3d66938fc19dc0b8f0519a8c4201dee9b8bc62b1f67bdf67913ed99a7bc34cc3586b7cc36236d8d9169b66c56208c3f40922016b

Download Submit
C:\Program Files\Audacity\lib-ffmpeg-support.dll

Filesize
312KB

MD5
3e9092755a311ab05ef31ff78efa447f

SHA1
b05bbc8c5094fc26a7ac1b19928bfb900fe2d921

SHA256
cf5a008259b182f2a1f0df82b222f519b8aaf9de0a93ef6e813fe4df9a2cecfc

SHA512
9a72cc2f2b85d9362f1a6ae9a8af25e73d56e82077a2e6cd348ca2c67c2c9fc3b88120c8902e09eb5ad297d8f905b503a604979dbb417c763b8647067aa0e2a6

Download Submit
C:\Program Files\Audacity\lib-files.dll

Filesize
160KB

MD5
25e7146d078683f3cdfa433754725267

SHA1
f0bcd2d09f14079bf5432c45a7cb9be00baaaece

SHA256
94f008c45f831b596f3f63fbe6b8a8599143d13b37378af3f1106020a495afe5

SHA512
dfae4b3cf5da9c0a74b6d9530fb42b1fc64983a13c8c3578d236ad6ef3aac70af2cc3792f3c3dbfce34398809c21ed87237c65937d7c4b08c73880000db6627b

Download Submit
C:\Program Files\Audacity\lib-graphics.dll

Filesize
77KB

MD5
02da9e291f7d79186a19b619817ca55f

SHA1
9af88227224107077d24acdb077c008a4df2a001

SHA256
8298ae72ba8ee795ad1f7e00868f7d80cefc54b2ecdd779fea13670e1f7c587c

SHA512
5a40c1cf5042329bfd2da15dbefeb47622caf79f54609de12cf98a4c3bf5824d1a6e2294b7edfb32bcc47b528c1eef70c58b8e8311457dd9318ad14bfcd8bb05

Download Submit
C:\Program Files\Audacity\lib-math.dll

Filesize
346KB

MD5
ca1b2129c1942f4be224511f2dc229cd

SHA1
dfdfcd1ff0b9ce808c2cd5b04153fcb3ee68c195

SHA256
373acfe12864ae3bcc5c025835cb8db7d70263350e88cc5c3f2ac4f9aa64cd5a

SHA512
65b3877f17ffea0a5c308b12cd3bbdb411b6f25fe6a7a96f0cdc12335604fa2993a14a6854ee5b6ab1b58712bf6bdd3cd2d2892783d8eb85bfc23c183313fc7f

Download Submit
C:\Program Files\Audacity\lib-module-manager.dll

Filesize
329KB

MD5
b07c2b80b3ceba1bca460696c0383031

SHA1
69159001d769fd5a48513bfa810c9ddee2ad37fd

SHA256
128044ca6a2586c2bd8d321ae0997fb65fbaa4778bc8251174d91289784be590

SHA512
c207040db322addf91aacf89865ef6a3e6e3affd0b7914cce7f6b29d30464cf07b05719a814b3f0784e7afeb650a4510a2982f5c813696f371f2ec9eed6e82fd

Download Submit
C:\Program Files\Audacity\lib-network-manager.dll

Filesize
220KB

MD5
4b473143bab36070222142722da6dbaf

SHA1
246a9b622b6d29fdeded4e59c4d5b4d74c7927c2

SHA256
dbbad24e8a3f74fedf7f141574569eea20ec1a39a78258111cf784620a986eac

SHA512
1fda48c2e9bc26d31fdf17a8b43c02c84339875c0e5588a2759a5fb623f1c68131ebd7c63b6537938f0ae40756cd8f4f121ee89a8582dbe7c2b25b26d1b394e6

Download Submit
C:\Program Files\Audacity\lib-preferences.dll

Filesize
208KB

MD5
db694002f55b7bba34acfaeac27636dd

SHA1
fd2f852fc0f17084e2fc2382a07fcad21ba3a371

SHA256
e187bee03fdc11214c9d2d8232c92e617580b188422d12e2f39ac8bbaf9d2c02

SHA512
d0d9d075c9e8fcf9ce755db6caec95dc49b3a6311108054a5b7b5b3a572f384ef2fa9b1ef9ddd41841e604c5cad2fe106b182fbbe38750d1a01c7fa8d751e877

Download Submit
C:\Program Files\Audacity\lib-project-history.dll

Filesize
128KB

MD5
724408ec82b58eb6d2ed837fd9d54675

SHA1
892a70562ef004d4a7cfcfc3b6b06f9fd9943838

SHA256
0f1c6fea77f134a349cae3032ea76e429abf86aec8ef418101284f1dc648c6bf

SHA512
540a13904d5c15381bbe8c1ff31fd8eb61283c1f506a00028b39a00e2cd14b09ab69cfc96ec85e6105f189cb46bd798efda9702ae5ff1f96054eecfd12a0a4db

Download Submit
C:\Program Files\Audacity\lib-project-rate.dll

Filesize
103KB

MD5
61ba7629cdde1d772343bcc141b9bbee

SHA1
5d404743fa9b51cba9090f0666643da8baa10bbe

SHA256
8f44ede6a382bff832a4fd92a08211b8d28d880cfca86f0864adfb75bbd54d4d

SHA512
d2bfeede27d3af34de4e55cfa0e8dabb9f623b7f3b4a7d8c5ceb3db59f09905c0eb2ad5b2783e863806225e1df6a34ebfecbcc5e5fe34432a44be372dcd1bba7

Download Submit
C:\Program Files\Audacity\lib-project.dll

Filesize
121KB

MD5
f138a44bef8e21ffae416b6ce3d60bbf

SHA1
bfdb598acf2f2418a607c96290b647b33983bb0e

SHA256
8217bfb46f11c2e91976dd765999321699f4c666e2c0f468e6635f0a0a3bff11

SHA512
dcac03afa96d6285dd83db770e5770f0f8bc224dcbddb01a617236052c9ade95ccadef6a9e0b4b29bcf416beba2a68e88100ef07f284765083fcebfc3d21c176

Download Submit
C:\Program Files\Audacity\lib-registries.dll

Filesize
130KB

MD5
9e9484531b01a49d0f5d72b25357b830

SHA1
89f62e9df47507a6a175852b7e8786a870b7cdde

SHA256
8ef0460de81630cb9cd9c4f00acebc109d965c13b79242330e0db43ac829e159

SHA512
e8c6c0b1ad64df1afddc940e36ec3cba29f1d43c28d69c76dc95b0d4e4c446852a6bc48a2ebdebb70306670f3111e2f8ef13718862f16b289ea0fe167e1a2d12

Download Submit
C:\Program Files\Audacity\lib-sample-track.dll

Filesize
152KB

MD5
f88ac51cc32487e73091abdd2a612a78

SHA1
ba54a60e71e8a0f6e0b0472c7bc8ebe46cfe38ff

SHA256
db723617240b245a1e75b41d21ba0aa6aef0bc7acc91ec019547532a86e20aa4

SHA512
226553034040f0dd694b75ef37d75da37700c60e53a39902e017ea687973236f00b5dedf03791b6cfd283434729878704573f6a56a55518b4dac42a114f350fd

Download Submit
C:\Program Files\Audacity\lib-screen-geometry.dll

Filesize
154KB

MD5
f845fb7da54850c3b31005d824d82c88

SHA1
b4f1c5ed87cbb62604ba395bc8b36581d3b66d52

SHA256
59177e2d73264392eb517e9f9b920e82b004ebd03d0150379bda6cd8d0473126

SHA512
8d8fc4b30751a64db12d3fc2a729cfc5aaeb35797f75e90c2ca07b71c222022062593f255e4fda658b5d2dc69da8809f36da63970dbb756270f9c86a8b3f1137

Download Submit
C:\Program Files\Audacity\lib-sentry-reporting.dll

Filesize
232KB

MD5
0f9d021be73f97b297eac1e05ecfb90c

SHA1
c00fba6ab029de26586de291c7615d33a77ef56d

SHA256
f7beaf45631a8d0f6f42330858feb2aadebfe833b5bc6718aeda5651c9bfc0fa

SHA512
8b556b746aef64e773c0fa9e30c0ec12c7f10c7bdf7513fc3dcdf7cfcefe2fbce3171c04c61d40dc3ca705997b097879f71059ee91bec2590562e1cf147d1391

Download Submit
C:\Program Files\Audacity\lib-string-utils.dll

Filesize
128KB

MD5
aa0ec1d3b7c7fb6e04a7671ed78d484a

SHA1
7c6fc0858576350e2c29660f927d32d15ada90f2

SHA256
135a8874dbfcba0a0a4e02386f78cc35a70e5dbd9ba1b0abc35c387d10666ace

SHA512
81cdaf8c3b4ed5fa9c2f6e3e801d9aa1d6efb975068ff1f96c7e83283555311aece3df445e486709750db0fb644acc07ffa63fdde8db5808c1185ba77fd24398

Download Submit
C:\Program Files\Audacity\lib-strings.dll

Filesize
143KB

MD5
61b5db5a9ca547cec9b327a79f8a28e2

SHA1
82376299989ef42dcd7c5175f0e8f4f238a87842

SHA256
b272dd8beb5fb7b446da2ae4d31fc4bd04b427436b4e2e9f68c81d5d69a34bd1

SHA512
9f3841f84b8b7839ff00c006030baae7492d7e4c1a9142a885daff4078c06ee7572fbdaca96ec77820ca1f3eb24caaec093ca18e4ab3c774767929b4af7e01d1

Download Submit
C:\Program Files\Audacity\lib-theme-resources.dll

Filesize
2.2MB

MD5
7cc4be6e764d4044f1343b4ff3d52507

SHA1
565eab161bd418661c7243e601dbc72fe2b7fe0d

SHA256
196d4f5845add8884c202a1140ace25608b708b972b80427838b5bbe1ff4c5a3

SHA512
e61034bf81d23eb8e5b72747801e250dadaf4d2e405cfe429fd862c333125dc099e46e5fd4c850c5f61e74a6baaf375fd5798a16bf66dcf4a105e0b4b1089bd5

Download Submit
C:\Program Files\Audacity\lib-theme.dll

Filesize
432KB

MD5
804a965befeee7e2ee3494e5786479f6

SHA1
eea1342cdc520ce82584b70ed38fb32016c6cf7c

SHA256
366eda8b99c56bfaead3acb3e2d55250e04c21170a111ee15b38dd5b241f91d7

SHA512
18f059437c259661bcfdd7e911bb85de4c50caf0c82ac0cb0d1fe313377392b0fac38e22ef08db43ace99b8f17dff9e3847fa0fd715cc7b97a668a2f8c02f287

Download Submit
C:\Program Files\Audacity\lib-track.dll

Filesize
323KB

MD5
1516b9ee9a6f6fbe15828960edb8ec3f

SHA1
65ae0b59fe7a62f6c820d0133c9d5422620bc63f

SHA256
8b3d47d60afc5f01ce780ae36277636490abae9423768d9a3e679ba77f43fc8b

SHA512
1ad5def7bc8789bb6bac48722c1142a6ade69e85b0559ab646d3a4c7f90bf65af1db0c9f39323a5ab0afb595a85032640c96afa17ecc25e59b0a21d7f362f2ac

Download Submit
C:\Program Files\Audacity\lib-transactions.dll

Filesize
70KB

MD5
bf5ac00b3fc8a479627a666d15b6627b

SHA1
6139634ff5f9c3177624c19fed46149b67a4f5be

SHA256
ba8266e9858d9c623099241be1d394676c17834d1545d81dd7d712f8b04cedb7

SHA512
7fe91fea49b73ff7c3fd62fac21500af3c516d7fd9777ee5bb62e4ef6d930a3c4ab699fa0c9c807f787e527b463c083dadc0455baf0842d0d86f507325ea58b6

Download Submit
C:\Program Files\Audacity\lib-url-schemes.dll

Filesize
91KB

MD5
b6352ce4164152b2fef8ced68369406e

SHA1
1c699f00083bb7ac78b08a5d26cd803b3780ecea

SHA256
88b697eb669da204dc6f0c961fe472e7aeb0b1aa08c959174be2e7665013e5e1

SHA512
110b79a118052c6caaaaf32382c503cb336651b5a7a1b8537c6fc3c179a00bb7dbcb0046866b6ac25697c60b4f20198f350dc8c5ed185d6a943a6dcbf3335ec7

Download Submit
C:\Program Files\Audacity\lib-xml.dll

Filesize
173KB

MD5
dcb2ea82b4469a98b359e0dd3de7ef91

SHA1
fca41991a775149919742b13dd824ed58ddb867c

SHA256
05c832ea0f204adc3ab5d4ac047bcb4fb905af0628accd91804f97940b1da40b

SHA512
1ec981e1e7eba3eb10441a42afba90ce23a743632d1e326ccd25ff0c8f2721d1a6dc98f88bffab0140cd32195805ee562970c4b73027a99a64646ed23cc34613

Download Submit
C:\Program Files\Audacity\unins000.exe

Filesize
3.3MB

MD5
bf7e8d05830359bbade2d1278512efd1

SHA1
a1d9d187473b2f3a32700c2a302af554cc46538e

SHA256
0898f0aea210a630102a7b37445454f1e15f79af9c3a550436c8f18240b0058a

SHA512
ef972a12c97a4f27d47e540bf80615dd4c86cc519d96a680758468e801a59592b9b50f1a101dc52fac057b4a4e4a38d5e88eaea92edec16a64d44cbc3dde648b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHFLM.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H2UPQ.tmp\audacity-win-3.2.5-x64.tmp

Filesize
3.2MB

MD5
41d3b6f8ac76b925eff1336366951143

SHA1
b900bcfdbe890a677a63f156224ede7573041405

SHA256
e002a44d461883d8634f8920b5d3d27e69841b75df9eb08f95d092780149265e

SHA512
fd4dc29afb487fa8de6169f834c693578482e107cd32cc3041a33adde3696c9fc713316d156089f0b37f7e723cc0808c67745c06f3122b001b05daf5ea473b9e

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg

Filesize
5KB

MD5
72ddcffc4d333a1038d4ae54fef204b6

SHA1
b2c6de72fcadc8e1f46a572503fc879afd2ab3db

SHA256
f2b9bd4fabb6f67f7a7159a69e04fc86c9e838e8f0cc7f9b6e5326f64ab77606

SHA512
734fbabcd306ef4b75d3718b6339f9c74eb589d96577d301f26d8d71caabdfd6be0901e3a0ae6a93f040dd58886724c55af2963f47699882179a218d52cf2cec

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg

Filesize
2KB

MD5
f6b24bbaea64a27cff056140b922255d

SHA1
98dedb56d79e815c1af6e6ab47683fb9c5665317

SHA256
75062de5615f8967b844998e859468bcebd60682df8f922c38648aca7838efa5

SHA512
2854cec63d5a99bcb2e7b97ab3dba1fa78e5fe7f0999a90db0ffe7fe48c0aa50d1a056c2b3c12a13da6faf002bb1b6bed09088b347ffb45476df477a89631464

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg

Filesize
2KB

MD5
e1d6d6ea422bf1b0af785a26015aef95

SHA1
42a5c7517a7c94acda56889bc27ebbee5f2a5538

SHA256
98b412a8b7bee7f072cbc66ecc0f9dd0df495fd8815e9455c4b940a45e1eaca6

SHA512
880a30fc415fd223d77004d99c07ed182b8317ee076f4250f5f463034fce7c7562d755a8251df6eff86d8910196d9ac2fee9fee7e0aab14a6a5a0c2313d294a7

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg

Filesize
5KB

MD5
8f603c39bc41a69603410844cfe0afef

SHA1
962ceb893bf674585b23c4008856c0d2a4548fdc

SHA256
1e094a2f22a40d18cfbb9ec9f24358559f653d5c3c121982639e8eb65df417b2

SHA512
1add59bc4df0dd82a788d32a4d1730f842a738f02bf01a264ba15a0bf3144b658f0b1bafeb7a37c8de38277bb54732ac1f7def9fc9a5b09b9c86391432a48130

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\pluginregistry.cfg

Filesize
40KB

MD5
f6788f7e5595b6c250da002ce1d274d9

SHA1
5515853c24b55cdb6af9b5a2a2609d2a2f0a2ceb

SHA256
f8d0e1a6b25b9a0fe87410943f245be0c987bc91d19864d4adb1147b977a1032

SHA512
c43ed0a1d862c3158debbc808641f26316819a0f67f1bc5d4c891a9719767859835088b656afca09bf67fa32f07dab13c9599250ea04fd4238deb7ba91d37f93

Download Submit
memory/1496-1215-0x00007FFD83B60000-0x00007FFD845FF000-memory.dmp

Filesize
10.6MB

Download
memory/1496-1216-0x00007FF6FB3B0000-0x00007FF6FC13D000-memory.dmp

Filesize
13.6MB

Download
memory/1720-513-0x00007FF605EB0000-0x00007FF6070FF000-memory.dmp

Filesize
18.3MB

Download
memory/1720-514-0x00007FFD83AC0000-0x00007FFD845F9000-memory.dmp

Filesize
11.2MB

Download
memory/1916-431-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1916-508-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1916-6-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1916-10-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1916-12-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1916-14-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2252-0-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2252-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2252-509-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2252-8-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3268-578-0x0000000000A00000-0x0000000000AFB000-memory.dmp

Filesize
1004KB

Download
memory/3268-1285-0x0000000000A00000-0x0000000000AFB000-memory.dmp

Filesize
1004KB

Download
memory/3268-567-0x0000000000A00000-0x0000000000AFB000-memory.dmp

Filesize
1004KB

Download
memory/3620-495-0x00007FFD83AC0000-0x00007FFD845F9000-memory.dmp

Filesize
11.2MB

Download
memory/3620-494-0x00007FF605EB0000-0x00007FF6070FF000-memory.dmp

Filesize
18.3MB

Download
memory/4640-640-0x0000000000540000-0x000000000089A000-memory.dmp

Filesize
3.4MB

Download
memory/4640-592-0x0000000000540000-0x000000000089A000-memory.dmp

Filesize
3.4MB

Download
memory/4640-584-0x0000000000540000-0x000000000089A000-memory.dmp

Filesize
3.4MB

Download
memory/4640-1269-0x0000000000540000-0x000000000089A000-memory.dmp

Filesize
3.4MB

Download
memory/4640-579-0x0000000000540000-0x000000000089A000-memory.dmp

Filesize
3.4MB

Download