Malware Analysis Report

2025-05-28 18:38

Sample ID 241109-zncd8s1mcz
Target VOCALOID6_Editor_6.4.3.exe
SHA256 479cba4433a90dd7e61f4906dedebe56db463a3117a7dd22734d36bedc2d6f15
Tags
defense_evasion discovery persistence phishing privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

479cba4433a90dd7e61f4906dedebe56db463a3117a7dd22734d36bedc2d6f15

Threat Level: Shows suspicious behavior

The file VOCALOID6_Editor_6.4.3.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery persistence phishing privilege_escalation

Executes dropped EXE

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Checks computer location settings

A potential corporate email address has been identified in the URL: [email protected]

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Enumerates connected drives

Indicator Removal: File Deletion

Blocklisted process makes network request

Drops desktop.ini file(s)

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 20:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 20:51

Reported

2024-11-09 21:03

Platform

win10ltsc2021-20241023-en

Max time kernel

501s

Max time network

525s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe"

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Authorizer\VOCALOID Authorizer.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ ISSetupPrerequisistes = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\VOCALOID6_Editor_6.4.3.exe\"" C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Y: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\E: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\G: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\N: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\S: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\J: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\E: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\S: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\U: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\J: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\O: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Q: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\W: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\M: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\P: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\U: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\R: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Y: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Z: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\X: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Z: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\W: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\X: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\B: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\H: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\L: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\R: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\L: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\T: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\H: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\N: C:\Windows\system32\MSIEXEC.EXE N/A

Indicator Removal: File Deletion

defense_evasion

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\1EF44126-6B9F-495F-AD83-6FD336B744E3\audio\c_073_hoh_weeyh-_c.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Explib\brrfr\Female\021.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\0A5FDCF0-7C6F-4203-A0D3-3857A0DB6F1B\audio\015_THUG LIFE.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\43030A17-4C13-4FFB-A05C-CB0518500153\43030A17-4C13-4FFB-A05C-CB0518500153.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\57de3e67-e0c9-443f-9411-9bf9c527fc4e\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\1c2bd613-ca3c-4cf5-b714-7f1ad5153aab\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\1d265bfc-9c8a-461c-a368-9957baab572e\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\2E771BD7-CDD5-4080-A67B-42E02478B81D\2E771BD7-CDD5-4080-A67B-42E02478B81D.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\ACB01AD3-2326-479B-8866-837AB1C2B3E7\ACB01AD3-2326-479B-8866-837AB1C2B3E7.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\0EE688DA-5EDB-440F-AA02-220FE34BC641\0EE688DA-5EDB-440F-AA02-220FE34BC641.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\58CC4BDE-3EA9-49B1-B08C-0D4AA898937A\58CC4BDE-3EA9-49B1-B08C-0D4AA898937A.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\6D607BBA-64F5-4BBF-BEB0-03C040C75FFF\audio\m2_voice_18.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\StylePreset\Editor\7cb5b174-7b49-4816-92d9-dde9a3ca4164.vsstyle C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\1debddd2-8827-44cb-b350-af839993ec85\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\44e8c824-1cf7-4581-85b4-e3734adabfbc\44e8c824-1cf7-4581-85b4-e3734adabfbc.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\FC3802AF-CCE6-44AF-B2B6-DADCDD8EC6AE\audio\m2_voice_73.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\MIDIEffect\Editor\SingingSkill\A8FA443C-B43E-48c6-93EC-CCCFE6473F1E.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\9D32F464-7C75-4BEF-87C9-DB6A2598A7BD\9D32F464-7C75-4BEF-87C9-DB6A2598A7BD.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\FEBF4502-E135-4A7C-8CF3-61B479D53C04\FEBF4502-E135-4A7C-8CF3-61B479D53C04.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\MIDIEffect\Editor\SingingSkill\75F04D2B-D8E4-44b8-939B-41CD101E08FD.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\234C9CEA-CC51-469E-A610-095BC0E6AD0D\audio\b_109_ei_ei_eieieieiei.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\CF737036-74A6-47D5-BB73-E460505FD4CE\CF737036-74A6-47D5-BB73-E460505FD4CE.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\MIDIEffect\Editor\SingingSkill\CF1A23FC-F73D-4c92-B5F8-AF062297732C.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VOCALOID6\Editor\AudioEffects\VComp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\35C28CFB-23E0-4BDA-845D-8EE40143E064\35C28CFB-23E0-4BDA-845D-8EE40143E064.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\523C62AE-2938-42CC-9037-07E8326322D4\523C62AE-2938-42CC-9037-07E8326322D4.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\6733f488-1572-4278-9dd9-dee0b26376a8\6733f488-1572-4278-9dd9-dee0b26376a8.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\BEC37AD4-7971-4FC0-9801-BCD668A63C30\BEC37AD4-7971-4FC0-9801-BCD668A63C30.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\F1E2B29C-EFAB-4241-A231-60FD0D9A3980\F1E2B29C-EFAB-4241-A231-60FD0D9A3980.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\71955791-8DFF-455C-8253-483ED2AABBE6\audio\1_051_Here_we_go_short.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\a5a70597-5a98-4cfa-b35d-6fc794b33bf9\audio\a5a70597-5a98-4cfa-b35d-6fc794b33bf9.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\59ac3603-c7a7-47c9-9295-2961e45b7004\59ac3603-c7a7-47c9-9295-2961e45b7004.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\65C61E3E-E249-43EE-86B6-3F1C4D03B652\audio\Count_up_2_a.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\e0deabb9-ca7a-409f-a72c-bc13021fc326\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\3815F720-DCE2-4441-B30D-62103E467D2B\3815F720-DCE2-4441-B30D-62103E467D2B.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\84da2971-3bf6-4740-b5c8-08a39f7c6860\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\a67d24f0-a0cc-4003-aa8a-3da311b22e7e\audio\a67d24f0-a0cc-4003-aa8a-3da311b22e7e.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\d91a6ff8-d24e-42e5-bb1c-3ad4d41167dd\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\072804d6-b5b1-4e8a-a88a-e5165265cb3e\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\395d5c82-a80f-464d-908e-d217b95ecd03\audio\395d5c82-a80f-464d-908e-d217b95ecd03.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\56282738-fd22-487f-b9b9-bc0aaf263644\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\A0267594-3CBB-47FC-A8BE-EF0DCD87CA27\A0267594-3CBB-47FC-A8BE-EF0DCD87CA27.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\7a19588e-3123-4426-8310-7ca63febcd67\7a19588e-3123-4426-8310-7ca63febcd67.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\7ecf101f-f87e-491c-8789-0289674ce2c3\audio\7ecf101f-f87e-491c-8789-0289674ce2c3.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\cf9b47df-1e19-4a27-8a35-7dba9bb518a2\audio\cf9b47df-1e19-4a27-8a35-7dba9bb518a2.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\ce5c1fba-e3e9-4865-b860-a65cf54dc1bd\property.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\019BC004-AF78-4632-97CF-1DB5F9653C02\019BC004-AF78-4632-97CF-1DB5F9653C02.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\075C41D8-EB36-408C-BBA5-1849B98C3E14\075C41D8-EB36-408C-BBA5-1849B98C3E14.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\3F019323-1611-455D-B9B6-69A5B19256E7\audio\c_024_laugh_d.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\9CEB02A3-F5E9-4028-A870-302CC4C7FC6B\audio\b_046_ah-ha_a.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\CE73D904-E2DF-49F4-A5F5-AFC1D401EE9F\audio\2_055_who_dat.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\dcfc6b5e-6a64-428d-9cd3-d64986d30a37\dcfc6b5e-6a64-428d-9cd3-d64986d30a37.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\FC6161C7-0E8F-463A-8C2E-5D84F37E999E\FC6161C7-0E8F-463A-8C2E-5D84F37E999E.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\2e194cb7-8f88-4fb8-82fd-c84106fa275d\audio\2e194cb7-8f88-4fb8-82fd-c84106fa275d.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\40CE75B2-7411-46FE-88FB-88C6DE669F92\40CE75B2-7411-46FE-88FB-88C6DE669F92.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\5581decb-e001-4ec6-bb4f-e3c2392628e1\5581decb-e001-4ec6-bb4f-e3c2392628e1.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\951E7476-636F-465E-A966-968F7BFFE441\audio\a_029_hou_hou.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\AA416B72-3DCE-471F-A7F9-73D5EF715245\AA416B72-3DCE-471F-A7F9-73D5EF715245.vsclip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\7BC9E8D1-7A86-48D0-8ECD-35087DB0AE7C\audio\023_JACKPOT 3.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\d5d2c8fa-965a-4e70-97d3-565f0cb047fb\audio\d5d2c8fa-965a-4e70-97d3-565f0cb047fb.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BL6CA7EYHKRGXLB7\setup.bmp C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\0B27E2D7-57D4-4A36-8724-8D4C16A1E8B2\audio\b_040_pululu_pululu.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\22F8D1FD-A1B2-4DC6-B41C-B11D78E1CC2F\audio\1_015_count_down_2.wav C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VOCALOID6\Media\Editor\6FC0A0FB-F55D-4921-A21E-F7D1342D3F7E\audio\b_029_wooh_b.wav C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e588c70.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI947D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\_93931A50_8680_48E0_883A_3562CB1329BE C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{0025DD72-A959-45B5-A0A3-7EFEB15A8050} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e588c86.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\1033.MST C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E31.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c70.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI83AF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI88B2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E60.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c87.mst C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e588c87.mst C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\_93931A50_8680_48E0_883A_3562CB1329BE C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\1033.MST C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c85.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c86.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{55A714B7-BB4F-4334-B825-EE3E3F7FDB05} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c5d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{D5D19E2F-7189-42FE-8103-92CD1FA457C2} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI976C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c89.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e588c5d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9084.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e588c6f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B4F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1840.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI331D.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000719b916909da5b040000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000719b91690000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900719b9169000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d719b9169000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000719b916900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\27DD5200959A5B540A3AE7EF1BA50805 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2E91D5D9817EF24183029DCF14A752C\VC_Runtime_Minimum C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Yamaha.VOCALOID.VST.VSTPluginController\CLSID C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3333F4827406A2540A767577CF322B53 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\27DD5200959A5B540A3AE7EF1BA50805\VC_Runtime_Additional C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\\packages\\vcRuntimeAdditional_amd64\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7B417A55F4BB43348B52EEE3F3F7BD50 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\ = "{8bdfe669-9705-4184-9368-db9ce581e0e7}" C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\Dependents\{8bdfe669-9705-4184-9368-db9ce581e0e7} C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\Version = "237272852" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\PackageCode = "1BE5B2DDE80EDC54D874D240756DB43A" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\\packages\\vcRuntimeAdditional_amd64\\" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vpr\VOCALOID6.vpr\ShellNew C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\Language = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\Version = "100925443" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\ProductIcon = "C:\\Windows\\Installer\\{55A714B7-BB4F-4334-B825-EE3E3F7FDB05}\\ARPPRODUCTICON.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532" C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\ProgID\ = "Yamaha.VOCALOID.VST.VSTPluginController" C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B417A55F4BB43348B52EEE3F3F7BD50\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2E91D5D9817EF24183029DCF14A752C C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\\packages\\vcRuntimeMinimum_amd64\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-870806430-2618236806-3023919190-1000\{04888212-B845-4313-BEF4-3DC5B86453AB} C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\InProcServer32\ = "C:\\Program Files\\VOCALOID6\\Editor\\VOCALOID6Plugin.comhost.dll" C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2E91D5D9817EF24183029DCF14A752C\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\Open C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\Open\command\command = 4600570078005400430055004b007e005a0039002e006800330037003800730054002400740024003e002e00640035004a0026006800530068004a003f006200560077005000430049005000470073006e002000220025003100220000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vpr\VOCALOID6.vpr C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003} C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{D5D19E2F-7189-42FE-8103-92CD1FA457C2}" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2E91D5D9817EF24183029DCF14A752C\Provider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{0025DD72-A959-45B5-A0A3-7EFEB15A8050}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\27DD5200959A5B540A3AE7EF1BA50805\Provider C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VOCALOID6\Authorizer\VOCALOID Authorizer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Authorizer\VOCALOID Authorizer.exe N/A
N/A N/A C:\Program Files\VOCALOID6\Authorizer\VOCALOID Authorizer.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4528 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe
PID 4528 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe
PID 4528 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe
PID 2560 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe C:\Windows\system32\MSIEXEC.EXE
PID 2560 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe C:\Windows\system32\MSIEXEC.EXE
PID 2992 wrote to memory of 4708 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 4708 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 4708 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4708 wrote to memory of 3952 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe
PID 4708 wrote to memory of 3952 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe
PID 4708 wrote to memory of 3952 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe
PID 3952 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe
PID 3952 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe
PID 3952 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe
PID 1980 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
PID 1980 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
PID 1980 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
PID 4964 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe
PID 4964 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe
PID 4964 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe
PID 2872 wrote to memory of 3076 N/A C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe
PID 2872 wrote to memory of 3076 N/A C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe
PID 2872 wrote to memory of 3076 N/A C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe
PID 3076 wrote to memory of 1656 N/A C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 3076 wrote to memory of 1656 N/A C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 3076 wrote to memory of 1656 N/A C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 1656 wrote to memory of 4968 N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 1656 wrote to memory of 4968 N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 1656 wrote to memory of 4968 N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 4968 wrote to memory of 3384 N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 4968 wrote to memory of 3384 N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 4968 wrote to memory of 3384 N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
PID 1980 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 1980 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 1980 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2560 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2560 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2560 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2592 wrote to memory of 5084 N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe
PID 2592 wrote to memory of 5084 N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe
PID 2592 wrote to memory of 5084 N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe
PID 5084 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe C:\Windows\system32\MSIEXEC.EXE
PID 5084 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe C:\Windows\system32\MSIEXEC.EXE
PID 2992 wrote to memory of 1548 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1548 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1548 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1548 wrote to memory of 4236 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe
PID 1548 wrote to memory of 4236 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe
PID 1548 wrote to memory of 4236 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe
PID 4236 wrote to memory of 2144 N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe
PID 4236 wrote to memory of 2144 N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe
PID 4236 wrote to memory of 2144 N/A C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe
PID 2144 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe C:\Windows\SysWOW64\cmd.exe
PID 2992 wrote to memory of 1868 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1868 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1868 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1904 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1904 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2992 wrote to memory of 1904 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1904 wrote to memory of 3636 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp
PID 1904 wrote to memory of 3636 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp
PID 1904 wrote to memory of 2164 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe

"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe"

C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe

C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6_Editor_6.4.3.exe /q"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}" /IS_temp

C:\Windows\system32\MSIEXEC.EXE

"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\VOCALOID6 Editor.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\1033.MST" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="VOCALOID6_Editor_6.4.3.exe" IS_RUNTIME_FILES_LOCATION="C:\Users\Admin\AppData\Local\Temp\{19DDA7C8-63FD-45D5-93E9-ABCFE2373239}"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6BCCEF01A2168203532771518C0343B5 C

C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe

"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe" /embed"{CFF9DFFC-71E6-49A8-B5D8-6F93800D853E}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\1033.MST\""

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\VOCALOID6_Editor_6.4.3.exe /q"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.4.3.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}" /embed"{CFF9DFFC-71E6-49A8-B5D8-6F93800D853E}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\1033.MST\"" /eprq /IS_temp

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe

"C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe" /q /norestart

C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe

"C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /q /norestart

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{80DEC3D1-8EBB-469E-9B87-A8AA4920944D} {2453F7C8-CDFE-41F1-BDBE-C84232703D39} 2872

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:4

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=964 -burn.embedded BurnPipe.{BC9A05D1-F02F-4E61-9F0B-C454C2C5F8B6} {41448DDD-C239-43D6-A12E-369913DAEB76} 3076

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=964 -burn.embedded BurnPipe.{BC9A05D1-F02F-4E61-9F0B-C454C2C5F8B6} {41448DDD-C239-43D6-A12E-369913DAEB76} 3076

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D8520DBC-0E4A-42F5-9B6C-0F4CD32EFAD8} {37FFDB2E-CEBB-46EE-8287-12D032ED9CFD} 4968

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe

"C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe"

C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe

C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6_Editor_6.4.3.exe /q"C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}" /IS_temp

C:\Windows\system32\MSIEXEC.EXE

"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\VOCALOID6 Editor.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\1033.MST" SETUPEXEDIR="C:\Users\Admin\Desktop" SETUPEXENAME="VOCALOID6_Editor_6.4.3.exe" IS_RUNTIME_FILES_LOCATION="C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D8239003F5B6DB9D915C1098338AF18D C

C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe

"C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe" /embed"{DF9C5469-D993-4986-992C-DD2941E4DD1D}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\1033.MST\""

C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe

C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\VOCALOID6_Editor_6.4.3.exe /q"C:\Users\Admin\Desktop\VOCALOID6_Editor_6.4.3.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}" /embed"{DF9C5469-D993-4986-992C-DD2941E4DD1D}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\1033.MST\"" /eprq /IS_temp

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 33C14F5A1395502410B7E3F9BCF86077

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A4631B44DC8B67B422D9FB67E806B524 E Global\MSI0000

C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp

C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ECAD3FBE-E458-46C1-A862-D47978974162}

C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp

C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{829826EE-24D6-4F23-A2A6-14A53E80E261}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8ADD5D5F-5E2D-4877-B06F-2B4F2C556CE1}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A4900A4-06AE-43C7-982A-8489E99D0053}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F28AB083-5A2F-42F5-8A53-FA1517E71F06}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49314C6F-6352-4F31-9952-48D4825BA61E}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6EB1C941-5B17-4777-AD02-4909F9C4D715}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98BDDF53-072E-491E-BB2F-7CC9B71F952B}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3F70FB79-663D-432C-A8DA-09B318850A9B}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98962519-0418-4AFD-9DC9-D09B03B05CD1}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D2B7D47D-CE5F-4C9C-87E3-74978F5679B2}

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_is89B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{039BA9E8-7F35-4A15-9D43-614891537D08}

C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe

"C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}"

C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe

"C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe"

C:\Program Files\VOCALOID6\Authorizer\VOCALOID Authorizer.exe

"C:\Program Files\VOCALOID6\Authorizer\VOCALOID Authorizer.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {978bda88-54c4-4071-8f13-81f80207cebc} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2300 -prefMapHandle 2068 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e03ceb6-a94f-44d2-b3d3-b2a0c27abb84} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c07008-1b4d-4822-9d74-e979141fa0a7} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 2740 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383e2cab-0853-403a-bbab-64c31df77a26} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4844 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4804 -prefMapHandle 4764 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26259d2-440e-4251-8095-d9dba0fc892c} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 3 -isForBrowser -prefsHandle 5412 -prefMapHandle 5380 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4eddf0b-c3e2-43c8-95b6-9ab2a62daab1} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5568 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2df943c4-87d0-447b-92a8-72dc21e71a22} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a7c3a57-1e5b-43a5-8747-12f6651f6aae} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -childID 6 -isForBrowser -prefsHandle 5584 -prefMapHandle 4632 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {addd75ea-59b7-48d9-9efa-d3d0a6b97488} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 7 -isForBrowser -prefsHandle 6272 -prefMapHandle 6268 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0bd378c-305b-4afd-8e1e-2be01adc33c5} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6408 -childID 8 -isForBrowser -prefsHandle 6256 -prefMapHandle 6252 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e635f3d-5acf-4221-a5a8-d2832edf105b} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6584 -childID 9 -isForBrowser -prefsHandle 6592 -prefMapHandle 6596 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5afc043f-3fc9-4559-a05d-d83a0c718ed5} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6816 -childID 10 -isForBrowser -prefsHandle 6888 -prefMapHandle 6832 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2376ee4-0619-4002-843d-f3ab9eede022} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6804 -childID 11 -isForBrowser -prefsHandle 6924 -prefMapHandle 6920 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce232bd0-2c8e-4383-bab5-9ceb155c6d0e} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 12 -isForBrowser -prefsHandle 6488 -prefMapHandle 6484 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cd31238-e38f-491b-b0e1-133d5e6fa80e} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6292 -parentBuildID 20240401114208 -prefsHandle 6212 -prefMapHandle 5712 -prefsLen 30575 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5184bd6a-d6ab-45a8-a596-d03dd1753b5f} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7128 -childID 13 -isForBrowser -prefsHandle 5572 -prefMapHandle 2696 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17490ce6-3f92-4c57-99e2-87b1894a336e} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7012 -childID 14 -isForBrowser -prefsHandle 7016 -prefMapHandle 2300 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c70e14e-bed4-4d02-bdc1-48cfc94abe31} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" tab

C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe

"C:\Program Files\VOCALOID6\Editor\VOCALOID6.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.69.228:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 api-net.vocaloid.com udp
JP 52.69.222.109:443 api-net.vocaloid.com tcp
US 8.8.8.8:53 109.222.69.52.in-addr.arpa udp
JP 52.69.222.109:443 api-net.vocaloid.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:54687 tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:54694 tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 65.204.21.100.in-addr.arpa udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
IT 92.122.225.225:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigl6ned.gvt1.com udp
GB 173.194.183.71:443 r2---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigl6ned.gvt1.com udp
GB 173.194.183.71:443 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.225.122.92.in-addr.arpa udp
US 8.8.8.8:53 71.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 elrincondelkitsuneneo2-0blogspot.com udp
US 8.8.8.8:53 www.elrincondelkitsuneneo2-0blogspot.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 elrincondelkitsuneneo2-0.blogspot.com udp
GB 142.250.200.1:80 elrincondelkitsuneneo2-0.blogspot.com tcp
GB 142.250.200.1:80 elrincondelkitsuneneo2-0.blogspot.com tcp
US 8.8.8.8:53 blogspot.l.googleusercontent.com udp
US 8.8.8.8:53 blogspot.l.googleusercontent.com udp
GB 142.250.200.1:443 blogspot.l.googleusercontent.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 142.250.200.1:443 blogspot.l.googleusercontent.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 vignette.wikia.nocookie.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 st.chatango.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
US 8.8.8.8:53 blogger.l.google.com udp
GB 142.250.200.9:443 www.blogger.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
DE 74.120.188.204:443 vignette.wikia.nocookie.net tcp
US 208.93.230.26:443 st.chatango.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 wikia.nocookie.net udp
GB 142.250.178.9:443 blogger.l.google.com tcp
GB 142.250.178.9:443 blogger.l.google.com tcp
US 8.8.8.8:53 st.chatango.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 blogger.l.google.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 st.chatango.com udp
US 8.8.8.8:53 wikia.nocookie.net udp
GB 142.250.200.9:443 www.blogger.com udp
GB 142.250.178.9:443 blogger.l.google.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:443 www.blogblog.com tcp
GB 142.250.178.9:443 www.blogblog.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 204.188.120.74.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.230.93.208.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 208.93.230.26:443 st.chatango.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 s80.chatango.com udp
US 8.8.8.8:53 ust.chatango.com udp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 s80.chatango.com udp
US 208.93.230.185:8081 s80.chatango.com tcp
US 8.8.8.8:53 ust.chatango.com udp
US 208.93.230.28:443 ust.chatango.com tcp
US 8.8.8.8:53 ust.chatango.com udp
US 8.8.8.8:53 s80.chatango.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 151.101.193.44:443 tls13.taboola.map.fastly.net tcp
US 8.8.8.8:53 185.230.93.208.in-addr.arpa udp
US 8.8.8.8:53 28.230.93.208.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 208.93.230.28:443 ust.chatango.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.150.117:443 www.mediafire.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.150.117:443 www.mediafire.com tcp
US 104.17.150.117:443 www.mediafire.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 142.250.178.14:443 translate.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 104.21.63.106:443 www.ezojs.com.cdn.cloudflare.net udp
GB 142.250.178.14:443 www3.l.google.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.19.208.227:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.17.150.117:443 static.mediafire.com tcp
US 104.17.150.117:443 static.mediafire.com tcp
US 104.17.150.117:443 static.mediafire.com tcp
US 104.17.150.117:443 static.mediafire.com tcp
US 104.17.150.117:443 static.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.17.150.117:443 static.mediafire.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 117.150.17.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.19.208.227:443 cdn.otnolatrnup.com udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.208.19.104.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 g.ezoic.net udp
US 104.17.150.117:443 static.mediafire.com udp
GB 142.250.187.234:443 translate.googleapis.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 go.ezodn.com udp
GB 142.250.187.234:443 translate.googleapis.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.19.208.227:443 otnolatrnup.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 104.19.208.227:443 otnolatrnup.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 216.58.213.10:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 216.58.213.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 104.21.87.79:443 g.ezodn.com tcp
US 172.67.41.60:443 btloader.com tcp
NL 18.239.18.99:443 cdn.amplitude.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
NL 18.239.18.78:443 tags.crwdcntrl.net tcp
IE 18.202.187.23:443 ad.crwdcntrl.net tcp
IE 52.31.95.82:443 ad.crwdcntrl.net tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 104.21.87.79:443 g.ezodn.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 172.67.142.121:443 g.ezodn.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 99.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 78.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.95.31.52.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 23.187.202.18.in-addr.arpa udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.21.87.79:443 bshr.ezodn.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 54.189.89.113:443 api.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 download2391.mediafire.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 download2391.mediafire.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 199.91.155.132:443 download2391.mediafire.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 download2391.mediafire.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 104.19.208.227:443 otnolatrnup.com tcp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 113.89.189.54.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 132.155.91.199.in-addr.arpa udp
US 104.19.208.227:443 otnolatrnup.com udp
BE 66.102.1.155:443 stats.g.doubleclick.net tcp
BE 66.102.1.155:443 stats.g.doubleclick.net udp
US 104.19.208.227:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 54.230.10.111:443 woreppercomming.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 155.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 www.chancial.com udp
US 104.21.79.34:443 www.chancial.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 8.8.8.8:53 www.chancial.com udp
US 104.21.79.34:443 www.chancial.com udp
DE 3.73.194.163:443 www.opera.com tcp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
GB 216.58.201.110:443 www.googleoptimize.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 216.58.201.110:443 www.googleoptimize.com udp
US 8.8.8.8:53 111.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 34.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 163.194.73.3.in-addr.arpa udp
US 8.8.8.8:53 15.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 api-net.vocaloid.com udp
JP 3.115.77.92:443 api-net.vocaloid.com tcp
US 8.8.8.8:53 92.77.115.3.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\_ISMSIDEL.INI

MD5 16c50c8ebc18cccbd561f680a07d5385
SHA1 dab3228940e2bc0475601900c621bfd4bc5f290d
SHA256 dd3a89f2b55ed0e755afff8fe5f91ba768a0215dea9bc57b1d53295c3679a516
SHA512 6bf1667462f94228788e78e3766e9a40d6ee4971c1da4ff706aae6535dbb9e643040d312300e74a1ee0228a918303788be94906ecee078399c321b668e5f7020

C:\Users\Admin\AppData\Local\Temp\~EAEE.tmp

MD5 ec97b7427c35617401ca270f130870b1
SHA1 8248dd777712e01ac7e7bfb0fb406cb9630997c5
SHA256 d2b9d38084443e8c9c23ec6e2ee37db0d1c8edbe36506620e47cbaba5a6f99c5
SHA512 ce249503f9ee36e5a8df819fb1690bdd3f6b50531f8901e566806ad327b89f94ef1ed62753331ee55588e86efc919e7a8e176265eb0ca367ecc374747b4554d2

C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\0x0409.ini

MD5 1196f20ca8bcaa637625e6a061d74c9e
SHA1 d0946b58676c9c6e57645dbcffc92c61eca3b274
SHA256 cdb316d7f9aa2d854eb28f7a333426a55cc65fa7d31b0bdf8ae108e611583d29
SHA512 75e0b3b98ad8269dc8f7048537ad2b458fa8b1dc54cf39df015306abd6701aa8357e08c7d1416d80150ccfd591376ba803249197abdf726e75d50f79d7370ef3

C:\Users\Admin\AppData\Local\Temp\iss2141.tmp

MD5 87e06c993985f4fb68be131a58e06976
SHA1 0658344d09b7b439eee868514eb17f832a722c79
SHA256 aa9ccb591b11d4d38d01f161a535fdffe8b4f72996efa60d4741919bdba7d8cf
SHA512 6ce15bc9ecbae149fe68c8afb4b00d6a6f90ede17f6003f311b09ac57b3bf3973ed230a1871ebdd4e38d5f5ccb6c6a3f5c1d2abff267bc3f39d1abc282b1d236

C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\1033.MST

MD5 86db75f9318da1eccd4ad321f0e34a54
SHA1 f9b539e1bb326fb2014083962f1f75cafa56bbc0
SHA256 bba143a9fe425b179f0f6904eda95f341fef985d28cbcdf9d5f47e9e6df22378
SHA512 1476f5f72efc6e07cd11b6189789ac2dbb89676d3e5edc8788d86c6af053b1a8867dd477d8517c298078d8a83b11f1eb69206a430db97869b55245172ddc8bf5

C:\Users\Admin\AppData\Local\Temp\MSI2E6E.tmp

MD5 a74e09608e2cff5885c99735ef8d7ddf
SHA1 77898bf942b9024727cc4da2e1148a809e967469
SHA256 17c6051e3a1a2000019ae0ef0b51d2896250f742eedfa45b98d570b9b42da6ae
SHA512 6fb770b579b8baba0a4685719ae384d3047ac796d7e03f11cfb77a607738be8fc0471809119b1c786d56a2eda8f47b25865e01dd8ae3235ff757248dbbbd32c5

C:\Users\Admin\AppData\Local\Temp\MSI4264.tmp

MD5 b1143a2201943febfca2595b00a86407
SHA1 094149e6743583008524d7e0ec4ceb0fc7f0746e
SHA256 f67ca8337a1ebed31f5b8008e43997f99e2a434d661d91d997fd95f718a33dc9
SHA512 52b8230e2ee323673c37bec00ee2365c779e909bf7114d74c962c52775255e9ddbd8507980acd1c706c1ed302638d90ec12758961725d8463c92249ad99f48d2

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\_ISMSIDEL.INI

MD5 f9611e934451b13ce09936cce8ba2ca6
SHA1 713e1d66bba6ac2adc0a64c61877ce27a574bd96
SHA256 14cf241473779cb862564c04037d6f4c10a927076a1012041d20003bafb3c1a8
SHA512 a18dd47cfb96d51e45d890996ac4d5d6852a98ad835d2c66a8c7e53f6db896f3ed0ea7c0a6861e0a728d133a31778663fe8ba8e039ebe9a4ae8a9291c98b4bdc

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\_ISMSIDEL.INI

MD5 30de79b850bcc4183a4d34c9f9b4a018
SHA1 b454f6b97055de8e08ef7f26a4820088cdb05139
SHA256 71ead0c22c140ec7fe15ecfd0b5e62531d0ba8af78c242e61b14b3fa4fc38fcd
SHA512 ff00d8962101af0868e99b60012ace1de6dfa92aee243e4f8083e254c74e31375a7a202420c79ad1c6d2aafcbf52c14ede835f710317316350729dc543b2a7f6

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe

MD5 077f0abdc2a3881d5c6c774af821f787
SHA1 c483f66c48ba83e99c764d957729789317b09c6b
SHA256 917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888
SHA512 70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

C:\Windows\Temp\{C69E5C4F-CDCC-4D59-B46A-27435EF4980B}\.cr\VC_redist.x64.exe

MD5 35e545dac78234e4040a99cbb53000ac
SHA1 ae674cc167601bd94e12d7ae190156e2c8913dc5
SHA256 9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6
SHA512 bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\vcRuntimeMinimum_x64

MD5 a4075b745d8e506c48581c4a99ec78aa
SHA1 389e8b1dbeebdff749834b63ae06644c30feac84
SHA256 ee130110a29393dcbc7be1f26106d68b629afd2544b91e6caf3a50069a979b93
SHA512 0b980f397972bfc55e30c06e6e98e07b474e963832b76cdb48717e6772d0348f99c79d91ea0b4944fe0181ad5d6701d9527e2ee62c14123f1f232c1da977cada

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\cab5046A8AB272BF37297BB7928664C9503

MD5 c2df6cb9082ac285f6acfe56e3a4430a
SHA1 591e03bf436d448296798a4d80f6a39a00502595
SHA256 b8b4732a600b741e824ab749321e029a07390aa730ec59401964b38105d5fa11
SHA512 9f21b621fc871dd72de0c518174d1cbe41c8c93527269c3765b65edee870a8945ecc2700d49f5da8f6fab0aa3e4c2db422b505ffcbcb2c5a1ddf4b9cec0e8e13

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\vcRuntimeAdditional_x64

MD5 dd070483eda0af71a2e52b65867d7f5d
SHA1 2b182fc81d19ae8808e5b37d8e19c4dafeec8106
SHA256 1c450cacdbf38527c27eb2107a674cd9da30aaf93a36be3c5729293f6f586e07
SHA512 69e16ee172d923173e874b12037629201017698997e8ae7a6696aab1ad3222ae2359f90dea73a7487ca9ff6b7c01dc6c4c98b0153b6f1ada8b59d2cec029ec1a

C:\Windows\Temp\{E08BB302-D222-4C9D-B458-0B962CF366E3}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

MD5 46efc5476e6d948067b9ba2e822fd300
SHA1 d17c2bf232f308e53544b2a773e646d4b35e3171
SHA256 2de285c0fc328d30501cad8aa66a0ca9556ad5e30d03b198ebdbc422347db138
SHA512 58c9b43b0f93da00166f53fda324fcf78fb1696411e3c453b66e72143e774f68d377a0368b586fb3f3133db7775eb9ab7e109f89bb3c5e21ddd0b13eaa7bd64c

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241109205453_000_vcRuntimeMinimum_x64.log

MD5 0d5d986140e5a895e4dc7d32939c5829
SHA1 1e74a748d64b63afd2a2bdd57df1c94bff5980ca
SHA256 46ec1c7676ebbec33167a8edbf560111fe72072c9250ed311bdde0f154dcb9ba
SHA512 218d8bb1fc501c962772a9f2a360195f5a29f9a3f4d62d5129599d5e3bbb5b14401e732aa7c31dc92e5a4061b9610f49f484661919caa2504251c43fe1f74f13

C:\Config.Msi\e588c62.rbs

MD5 345bf0f30d0c87e7001e878c1bd4b140
SHA1 58808cf306286d3789f0f104264a2228b42360d4
SHA256 631916b43f972716983d3c18def9d20bd693d656e1e35a0c3aa72ba8e7b17380
SHA512 36cfdb3276b4e00b46d3bf4414905a870c9be24d340e01fae167d42d0a20564eb8cc5225aa45eb63ffeda107bdaf6499001a989198a0162c5163bac598ba5c2a

C:\Config.Msi\e588c6e.rbs

MD5 d6ae43c0e5d6d7eec94860c7124cfb75
SHA1 57826d48f7429ff1230ddd5b2411acfbe4d2b231
SHA256 8644c2fadd0ab20cce16ae7269f858b09532f7d97cc6f5df5966a4e411d9d600
SHA512 3595c34c7332a1a95961136590901b200eed694f83eb9e7fcc428d3a727300aaa827dd0315a46c3a2e1c5ceed12c5753314196868907d54a461a8caeec86a56f

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241109205453_001_vcRuntimeAdditional_x64.log

MD5 a932ca149e76765718021b8aaba8cef5
SHA1 499243b01e465b21c34b9d0ad232bcd8a9a0d895
SHA256 e9b84156fff1519027640bfeb39b8957a213f7884b61b22c5aba04c124937da1
SHA512 ccd25ff43a2007bdbfe93885c439e9ef4bf2bc554d874aa73bac433ff21287fc5bce7d3b8b6a06bc7a5bcdd62fc25c40d81ba2fc2f10a8020e646e9c4bd0ea71

C:\Config.Msi\e588c75.rbs

MD5 12f25a5841700cb7d72c628bd254b20d
SHA1 fdeeb4166f10e0cbe48ccbd46217cca44996fbab
SHA256 c89aff107d4bde996e254ef85af7619d63a982bc877880b1fd2926fff3fbd40f
SHA512 3b5c5d2c182c3842bee77c4af4e2a2160e602747f57bdfe917a576c300e7acc225f9c64d3549023b09ebb10f8e5ad084b2305375d50f56cd56862e746df64bab

C:\Config.Msi\e588c84.rbs

MD5 258483d10412ed7a00c71e81d1e11d66
SHA1 c00d9173dcc4e5401df0a3725609f5c987f32682
SHA256 0704b03e129157da11ff31ae5c4ef5ce03b463130b71989b698576919665e36c
SHA512 c5362e8fb608f43109904d3942e48b576e59621fe0dc372b3586eab8db8cc7d3509b70f111b4b9b690b45ef5bd618cdac5de5ec94d0b7a4e07f7305b1b0ad6bd

memory/3384-404-0x0000000000A00000-0x0000000000A77000-memory.dmp

memory/4968-441-0x0000000000A00000-0x0000000000A77000-memory.dmp

memory/1656-442-0x0000000000A00000-0x0000000000A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\_ISMSIDEL.INI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\Microsoft Visual C++ 2015-2022 Runtime Libraries (x64).prq

MD5 15bbd6d4f89b49685a02e8b3a7f0776b
SHA1 460db26b972bb8eeeb75147b82c92c1056e0cf79
SHA256 97076594c13a9afe98f8f8d820ee05a3c922fd11c449e1255633519b3d4778c0
SHA512 ed0e1d51b211334c1db7e102b39451611eb2fdd402e61348c0dfb192cb29de6c5bb7943046d5ad3b44ecbfcbfc19e57dc21acccbf4de139c261c3158f8075a23

C:\Users\Admin\AppData\Local\Temp\{BEC3EB41-E2C5-46D9-BC92-769D6C201165}\_ISMSIDEL.INI

MD5 c10f0c1c213324eb2d479d8617a58197
SHA1 5d830ffc7950e47de2a7f9efafca8425c37a382c
SHA256 06d38311dc59cf5a078491d01fe65e579b3c5d72764bf93e35ae24cd74a805be
SHA512 6b73dd20de1f288999bf2590f8cf095f5804ae2648ab85d136a919ffe0e0430180c91a46b2ad6192104ee8802d982f70bc0fcca87cd8189a5be3e04312d1a702

C:\Users\Admin\AppData\Local\Temp\{C6753CF8-DA87-4130-98D9-B0F4678F9140}\0x0411.ini

MD5 b807ce7552e96dc1928775956b9f422c
SHA1 d25122157365130bebae6497617d28cd86e8c638
SHA256 3f0778538202a35483c084fb0b109f693a9853f64d6452daa5c92ac75620aadc
SHA512 bb06ca5784e77ceb15331c5c6a9abad27364b1c5b800f229cd7b6d955fb120cbd7879c299508b606760f714b17a4a50aba333ccf6da7fb9bcd88b50772f64f6d

C:\Users\Admin\AppData\Local\Temp\{19DDA7C8-63FD-45D5-93E9-ABCFE2373239}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\IsConfig.ini

MD5 27ceb52c3c1531d46fe24d7bb5d01161
SHA1 a225b6596038b8c747ca408782db766ca3f847c4
SHA256 26106f9a06159e82d4799c3b8fd1434dc52074a7f859387062d3aad240013c2e
SHA512 502769d41657e1c55e05d5cf1d91eaedd50e791f550b74a9efddd563c1108ee239a7eb644adbd9e08b70fff59f04af0816e0aaa2fc7dc66eb877c76e04cf6386

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\_ISMSIDEL.INI

MD5 de861c9b56feecaa02caf2777346bd6d
SHA1 c60c68daa2c39c2a9032470158bf0bb3ab83fa61
SHA256 99ab5a54b9b6021bc1d5b658578aba614dcb63072db4c826e6cb09230f01307c
SHA512 e5a653a82211102abfb671752ed42d309fd3d34b2d98bf4ec58addadba35c871e4118d995c90f1585a68b4f2321c88256f1864a17d917fc950b9ec78f866a417

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 ec9284a21806d3a947abe093a8f9ce06
SHA1 45ec0ab4060c2bfe5e81244c6947debb70fc3ac8
SHA256 8ccddff0de1d1193f4a36abf4d3a21ca0326345ae6d3da7e09f481433fbd8abc
SHA512 dc3a7fb501d9a06fbcddf32c801e6f48ba3cf0708b221bbeb2a2ba15aa556cb6f1fb73192a48765ead73b94e3e07975ff0765035d1aca4c268c65129d488b11f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_B0DC81B52DC0E20DB5F04AB84DEAAA9B

MD5 6d78c5cdd8e63ad8010797aa2017b238
SHA1 f2bd9c37dad68a8d47075d53cc8cbed4e3befbd1
SHA256 06956b410c188891a2312ad83f16eb816dbf4d0e9dc7c377f0b976dfb9ba8461
SHA512 53019709e0d90d7891bec5189dc0de539a3abee5cfb322d44b5034031da5a9749ad20ccb6ba4d08265190e86c1890d2752b4e0f655e05904792722928dbaf977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_B0DC81B52DC0E20DB5F04AB84DEAAA9B

MD5 cc232bc40c655f95cc943ef4420ee246
SHA1 c947e46d70037ab150c5e82343886fb4eaf98f32
SHA256 8a0b71e12388d6f2983df690427709be72e053baa3ab73b231fec8ca9c959f73
SHA512 f11c563755e0d86732ac7745bad3ec04c82004e181922177c45d434554bba3d4ad701ba8a5c0a0e829d705aca4cc6dbf8b90e89a982054204302fc595259e8b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 7a5523670eb6edef99a7e8c68a08f72f
SHA1 78dad216bdbe5eae1bc353a81163018b994d500a
SHA256 c2008c47d97a33763379c33a710ef7ebf95e1b8668382997a8eee5c7aa51cf59
SHA512 b40ac448bbc2d4ae3807c2efb799895cdb8e10dac2df5889ed19e2dafe1598abcfd379162f403861a322580ce83e55ea8ed7434855054d22cf01a31c5b7099ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 df89b2cd45f42d4853b7bf7b9a9041ad
SHA1 98df88c530fd10ea9b8e6cfe19269827ad7ef042
SHA256 89d6c16d01e342eeacae57a3b832fc5881573ff6f7a70b56599e0978d7c4b060
SHA512 a177265370bd51d190650752acf5ae0cc4e75088003f4e30d3a1dc1c4093b4a1b4fc3fdc1fbfd76caa0b108aef3062e9fb5b48e4f9a298153a812cbeef87e79f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 a49813a199dca7806e0d9e75afccf1ed
SHA1 509ff362730afd40ea482c760fb6a561af75e3f4
SHA256 fb0dc1baaa57ec867bd9332adec22afcf205192d60e923d63a152b9ee5379bd1
SHA512 686b7df717e7f247c682a072fd047d8acca25609d119a75e6ebdf750d66622e848aeee4605c7523c62611ca3184870bd5b6a3bb26d05ba259d6d89cd774e5706

C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\_ISMSIDEL.INI

MD5 1df0e6d5f9b81b23c0ffddec96ee0754
SHA1 57a18e936e10a3245370a238f6ca11e30c48a341
SHA256 ef9902764fc3cb8e51389f94a46a7b5d497d9ad844ca7f69d0a18b08b311b97a
SHA512 49a6e2212aec1b317a695d57f2b8b5315a110fb575822ad8ee8d8e8e3e22bc0e13c6c56c5a3b3d09a9c25abef7e4827b069dc955674ab0809b29015fb6b1565d

C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\Microsoft .NET 6.0 Desktop Runtime 6.0.12 (x64).prq

MD5 e5d0d5ee57b06b0835814933c4b0e68e
SHA1 b43a79b83e15903308b8fbe5229399eac3aa1414
SHA256 579b6ee029d04e11d9a363cde1f1e78177762b1896d3b4a0bd00b61e16c44c2f
SHA512 b0c65cfcc1d3e7d08f557b1770a19873c8fdad46f14000e074e5f50147ffb32dd5e6d55aa5671ef2f8408980a597c5377b736baf5cc02a8083e8c246c6ccee29

C:\Users\Admin\AppData\Local\Temp\{FC594BC6-A225-4026-95CB-E7E0065E7D8D}\_ISMSIDEL.INI

MD5 db9af7503f195df96593ac42d5519075
SHA1 1b487531bad10f77750b8a50aca48593379e5f56
SHA256 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13
SHA512 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

C:\Windows\Installer\MSI1B4F.tmp

MD5 5a962cc168e2b5c0a887f20e643d552f
SHA1 1a02355839b12d59217155c5b9e8110f0952dada
SHA256 10146c4322f9b1166921a93b4376338861f541709ea95d01c87524c34ffdf575
SHA512 6fd758e9d5d0791106d07d9ffa0e803db65e4abec650b0897c17cb4a68e3d746aee02cdd493a016371942a15f7fc815ecd2f0c01d80ee2a06fc10b27860c3b9d

C:\Users\Admin\AppData\Local\Temp\wac1BC8.tmp

MD5 a73f181849d157bfa4c802a54be7bf06
SHA1 d87302abad182b74864b0a0bd886a311acbfc024
SHA256 037f8de004e6e6bfcbc9b719a6a9198c4397e4561cc0107108e00233f94886d0
SHA512 43b03dd2dc743324461dc16a12199eabaa19099626e5a54294ec76549084c05f8ce24f6e22b6e8c7871c5eb4ecf4449e8a4e36f0371f3c4772bc6a7d8fd30975

C:\Users\Admin\AppData\Local\Temp\~1BB7.tmp

MD5 2807da86b059ad9ad2730247ff01ac64
SHA1 495a14f22b19fd9ddf3477d08aaee965c64e8332
SHA256 80bb11953b31ceff5b9efff5cfdff3d5d64be54a7a69c8202065c410d880ff9b
SHA512 b4da4999cc9e4e18995c2609eedfcc33f877116f1cc746796a57a70e7e867d2d6e195a0983808b531e74d7c454daac6315ebadaa1ebbd46c50630c6a99772b9a

C:\Program Files\Common Files\VOCALOID6\Media\Editor\18909f6c-ec11-4ee4-b879-2a7e81e6adb2\18909f6c-ec11-4ee4-b879-2a7e81e6adb2.vsclip

MD5 3127bf31e4188cf1caa4840c416c660d
SHA1 52621bfea13d865a1be95666c66ffa8ad01cab7f
SHA256 e867af097da6986e5c1e09274ea145230cc51e06569f3f4ffe992d2c5b19dd46
SHA512 0b7869dd147eb40ed1bc4d9f4ae4bf96d3bbbea76990d1f499830aaf7530ac19198dea3ccd1653d15a7af4a1ca72a6a5a912723e4d8057d5ca458c9213723cc6

C:\Program Files\Common Files\VOCALOID6\Media\Editor\1e9f9466-8e9b-451e-99f2-7be6166c6905\1e9f9466-8e9b-451e-99f2-7be6166c6905.vsclip

MD5 bc1755db28846936428133f2a1dfac51
SHA1 0aa3ee6e354441318689a835cc6dd1a409841b91
SHA256 ef1f7163da8e4f2d08d022f4d1b84a487eeff01b3f9c402aced70b7bfc48ef0a
SHA512 1bfde0be277202c705e9ce4f4c60c816fe7f641f58e53a3b561c3aa39cdbbf5f8c37b6ac0eb76776dcf2cd874aa45181a085aac65724628adf8bb998cc69e1b4

C:\Program Files\Common Files\VOCALOID6\Media\Editor\481df1b5-9569-4d06-8355-3b0976f6d4f8\481df1b5-9569-4d06-8355-3b0976f6d4f8.vsclip

MD5 beca7f74e8c9d7e43ba936d9327654d9
SHA1 2c5c32b8e3612d0090a47270461ae53798d50dec
SHA256 a27f1525fd3886248de2d2c211982437f2ddf6726f45c17191f06c2911b23690
SHA512 656fb8aad68dc4efec9e5116044dce0edb535ce2286247ef9abd801a8c91b23b97442289f79b601b1b4922da8c1790695463aba7e06eb0ddb59572f4a9a83c1c

C:\Program Files\Common Files\VOCALOID6\Media\Editor\4e9e8d7a-38ee-4af8-b9c0-8b3ebc7e91e4\4e9e8d7a-38ee-4af8-b9c0-8b3ebc7e91e4.vsclip

MD5 ed69ed3a5c5a8ccc3e1000a5aa2fa7e4
SHA1 8d9f0c8135af96d6483ded36d72732b168288cb9
SHA256 6360210e2a8bbbe504444379e3f5f09fc9cade69e099e42219aa52a8130724d5
SHA512 460c3cfb1051d88a60e16db92530fb191f99ac34f2bb4781d698783314f657bb58489a34265ce01ac3a729ed591f64b2cf5ea8beda34d9bafc07273eb7fb24a0

C:\Program Files\Common Files\VOCALOID6\Media\Editor\52aea056-bd3e-4720-b250-7928595a6300\52aea056-bd3e-4720-b250-7928595a6300.vsclip

MD5 59c43d9bff06c935ffed11381e7490d2
SHA1 461bc0732b091bb253d0b2bd4b63121a13935b62
SHA256 266dac91dd012c4f89b15ffa2f89c1717f6128f46a4eca3ad6e5a93ce2486353
SHA512 f85ce60adca328a9d424e2934fe10a4c3ffcf8ff1343ff8e521e90406cc2dd1c95e813c872eb906dc8c43a0fc8e8eb80050b791900c3e25f6afd33c4eefe8e38

C:\Program Files\Common Files\VOCALOID6\Media\Editor\588a3384-0982-4002-992c-4eb425f48992\588a3384-0982-4002-992c-4eb425f48992.vsclip

MD5 3c9d0a8fce0a304bced39eab2a5a28ee
SHA1 3c50f28d90ee461912486077e6b742381ee9efac
SHA256 a2826a7fa411f4a0d7a331fb11efca601d619c57ae769e5388a3ffde5e442728
SHA512 d9ff8aa3d671da148805b72821686e40eeb2c65b4fdc2f9a9b86519c86a8c4189ade6a09e0ad841c4bbe14d17b3c046075633c2eb75073ce0ef2219f62a5bd64

C:\Program Files\Common Files\VOCALOID6\Media\Editor\8694f31a-b087-483e-adfe-29e28aee6ac0\8694f31a-b087-483e-adfe-29e28aee6ac0.vsclip

MD5 57cffcba5df553665d6e900ce85302b6
SHA1 cb002080c3ee879c8724c34aa4f44baf32ff5678
SHA256 3ad6dede1e4deb4a478c3983890f29739bea1e9cc2fc0309598a28f8e3851cdf
SHA512 44799c64dbe15b5f99098188e66e56f8188424948431e642aea8a6ae4a7c24d1605ce49b9a711145eb1f13cf84ca94084dfb8b4a1d810735d8650116aaa20c53

C:\Program Files\Common Files\VOCALOID6\Media\Editor\8822c71b-47a6-4318-a032-e57a1b740cb2\8822c71b-47a6-4318-a032-e57a1b740cb2.vsclip

MD5 1e2fe51f28326c28b9582f476b41643d
SHA1 cc2760abb825744f0da7e6dc3d2a6ce7b0ab921f
SHA256 cf75ce306ccec78630596503204ad6a8513a07bb40344d4e12941a944eacc463
SHA512 4041f11af4ee284bde436a9de8272523d411f735a47298a5c6d8f1ad27c8bedea0b496b1a00815df606048894e71498429113735341202c4abdf48c0575fbf12

C:\Program Files\Common Files\VOCALOID6\Media\Editor\9ef77e48-7b5b-4e09-b4ff-dde83ca44729\9ef77e48-7b5b-4e09-b4ff-dde83ca44729.vsclip

MD5 65a2b413c89b52b9be68910bb393b7d1
SHA1 7f6d44c5ace284e205d149465d262527507e0b0f
SHA256 1f1e29a3006cdb03a1285861f2facd3dcf798f929ec7b2adf5088e0d510773df
SHA512 57bd0d19c89430336639d2bf759693f217ff8f9f2789f0bdf3d5201b521c6161c927100c57dd5378d97c9622f2c2233f124c4f00b8b8a1c49b63a92d82dc3f11

C:\Program Files\Common Files\VOCALOID6\Media\Editor\a5a70597-5a98-4cfa-b35d-6fc794b33bf9\a5a70597-5a98-4cfa-b35d-6fc794b33bf9.vsclip

MD5 4778a49dc00b734af56e8cb20fb9ac64
SHA1 2badf94e0d5166f2d35bb03c6a7f82b24d300f37
SHA256 ee6b448d7c6642840f9f017783d0b442faed6f56eebbd8a3e79e71f2c74a0d85
SHA512 693141d97cb6ad88923d2bfb5acc3907e78ed2c304416d28cce562f5e8b9737b78856b1add12d7f737c3a82f9c80a99696213f4ac6eede79061c8ff8607445d2

C:\Program Files\Common Files\VOCALOID6\Media\Editor\a9427b36-005d-414a-8748-a131db2c3abb\a9427b36-005d-414a-8748-a131db2c3abb.vsclip

MD5 af99e9b05767ee8dfaf4afe4ef670b19
SHA1 3cc95490df3351982a37e27111c77685413025fd
SHA256 f76a83882ebfa4dca2e2f2c760fcea092acd65be378053833759b323a63dd375
SHA512 bb78e98e50d331d10a0fcec9926a7ce7c094a2b2da1f427e42bf2fc71cbbf395d2c31630a49b9cccbe2e253723986fa20e1229ad404f4762126a3c8aa3e6208e

C:\Program Files\Common Files\VOCALOID6\Media\Editor\b48609c6-784e-4e04-8132-cdc17687b765\b48609c6-784e-4e04-8132-cdc17687b765.vsclip

MD5 1bef83375ff519096f4db83954a14b64
SHA1 ac29603230e294a87ed1daa63967def206bd3b16
SHA256 57443c51d0f4083bce712ff10b7db3fa50624c6dbf2508bba8f47deaaa75cdf0
SHA512 49a07ee3def07f7c873dbede8a0ec88d9bad69fd318dde88bcb234c12d54829afd7e2d29212d59e7d9070cb57faab5862eb37e180b9d9cfbe394011b14e6d7df

C:\Program Files\Common Files\VOCALOID6\Media\Editor\bccfaace-0c86-4628-be69-37a66d78e296\bccfaace-0c86-4628-be69-37a66d78e296.vsclip

MD5 c61fc0759796506c29fd04c9f4c93fd2
SHA1 c6c7b4b8cd928a28255135f2c5ebe704b3ba7f24
SHA256 e1737a734302e23111d73b1e6c27ff175cdd845ca6de501b3b602be019896e97
SHA512 7df5fef783da19c2adacdf33d55fa1fb84f716f1c28210ff68d16601e2dbfd2cf34035fa22c6cbbc3eefa8ec8228ab8286165d5ed15e56de42719d46e651eebb

C:\Program Files\Common Files\VOCALOID6\Media\Editor\ce5c1fba-e3e9-4865-b860-a65cf54dc1bd\ce5c1fba-e3e9-4865-b860-a65cf54dc1bd.vsclip

MD5 0fe0fb34ffeef16450ce540eefd7dcc1
SHA1 c47e2ed92ee3d17a06af9cc12b271166942f0687
SHA256 32f17b4f1edbf1e23e5f8ceced915218ad47c451b4aac453584049714dd8b2f5
SHA512 0e220d02d61b3222141b2f191c952eec20ead90fe9695e66091e698b4c9c6aa1420d24f41fa76323d4a467932b051843acb0fec44f1c0edd3baa17041e41ef18

C:\Program Files\Common Files\VOCALOID6\Media\Editor\e2849f6f-8de0-4762-8c59-dbd78c61022d\e2849f6f-8de0-4762-8c59-dbd78c61022d.vsclip

MD5 9e651c10042948e5f287f145570c9ed8
SHA1 860fff704e5f2bfa4a6a91c2e619634a5ac7906a
SHA256 b9857e23821dd017275ad0d803be8c7954bf23fa2c283f8995fbeb4fda667b19
SHA512 3671ea1aaae467c2bb7137319be89e69254b24db156fe42b57416252c8bb54411f23385a50e617ed2aa588b258c5cf6c09975beea3ae3c378a64cec979de709c

C:\Program Files\Common Files\VOCALOID6\Media\Editor\fe81ea40-d60e-4e6c-804a-52a719725b0f\fe81ea40-d60e-4e6c-804a-52a719725b0f.vsclip

MD5 0ddcb20699241cadd7cde0e8f2c5957a
SHA1 0659636f0caa48000c9313c17adf38420f6f181b
SHA256 8cc71bda44b635bf97d68a6ff6f4bbf638aafdc5fdfc59c57cbfa61aeef4d525
SHA512 a752cb1e13acd8298f7f413b9fe715cf9a691023e47030ab4c264b695328ecb66f1c6b64aa4f9fccbc081f6cfa53cd6fb9c14c6567c5a50202104146f0ac64ff

C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BKGHF6Y5PHTN4KD6\setup.bmp

MD5 8329424b323f4501efe48ead6208cdf4
SHA1 ccabb9aa3ffaa24497d7026d452da4e7e5630015
SHA256 1b9b732dfc9f9bdd85477626871f87498e18a8069347130b73a239f7c5ab7a33
SHA512 c6860e2780f4d40271e6bc7ceba97b59d8b6edf249d0350605521b212f5b0882d74a5ef933e8f867969adbb877674ff245121aa2f920b24902dc53b6f4fa9334

C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BLECA76YHKRGXLB7\setup.bmp

MD5 d58164d41e9c65beab935509be355c64
SHA1 04e01693ad939e2cfb287eb1d1f074c7e5ed7cfa
SHA256 7e3161aaa6fafb13cc4965ba75c9eb93c6eaf39fc18c7d351a9d5b386144d88e
SHA512 0ec7e24e0e557b521f8acf8ca825e2284e5520765be47ae6ff32a27ed7b134479abe1ecdac626a76aaa31916aef3f9b48987d890769a852c0a160320a66d4cfb

C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BLGHFDK5P3TN4LBC\setup.bmp

MD5 275a1391944531c65ed1092a31e6d7e4
SHA1 32cb644690b2ad8dec076a3d630e1d50b1ba42c7
SHA256 cd4d159b44b47d3d5d41543d1ff2ace84941cd7c61c8ddfffad2e939dffb5101
SHA512 7c4bc8c85255aff74629937e52349dcefbcb4ab6cbaed9d4270199136038a989eaafe4f18e1c3dd176409ceafa4a553387bb1f6f532364f5b5948d6391f7dee7

C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BLLN57S9CKYTPLCB\setup.bmp

MD5 004701e6ddadbf073080e275187db638
SHA1 b3dc7a665ef868b779359fb17101e448005d2a60
SHA256 480565bb3f64b242e1c7ad4c67e2bb5c099ba92f268ba3708eccb55026ca1a24
SHA512 4bde31a198055466fa1bdf24aa10b3dd2776cee973e3a57ff2545b592f8aa6b13cd0cb76a28761f1d6b4057f8121e9c5d35ffff1ac9d9a5c8931b2080eaedcb5

C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BMLBDERXM4YF2MBE\setup.bmp

MD5 a49a37068286ea3d949a00d8454686a5
SHA1 f912cb2ab0150bc8f0bff9f8c045f6c6d66200be
SHA256 2f14ac01fdf2b234f371e63c1660870ea6f03afe6efbb96b4887951c6745a7b0
SHA512 1d09056f08c9cf3603392171e15fc2f7b0219daf0986a0f7ddac9e15a11440837276c4861e9ab9b01ac472a9b478b94ffe096874c0964e55b320f3431f0ca1a6

C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.comhost.dll

MD5 f3d14669bd7b3d79876ebf0768f03c81
SHA1 a09e79bbc26c604dc68f0bbbb1d3fd8d20359295
SHA256 7b85dd2296a70317435c99e2f8a55df723acffcac8a1f68707123b6a3824d6c9
SHA512 795cef2ae781a649157a25dffac05a4355073ad8713cff934621978dfbe22e62a2ca83549970304637ac8920a927860cb84527a9a8a93799250f6cde9b14367b

C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.runtimeconfig.json

MD5 5d6ab666fb94e136578929a9e2469705
SHA1 59117c4e2c67fbcad255633f37a720a9ddb68351
SHA256 9e72299350f7636bc7be5437b9ab52c244105a019f1be081562289d98bb83c9a
SHA512 c5da9d0c31ae491ac908e1d69f0afc3496219637e290ffabf568e2505f3211d7c195293e8e27a7396d3f152a71e3b0047b8f8867cd90912c4d9935536577a613

C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.deps.json

MD5 8823069006cf56947d2a999b29938e92
SHA1 2dab5e900db0a68fe97b6f3b93558d3d06c94521
SHA256 a54f62cd648ee07eef34c7750859989bf8982f3aea9afadca82e8dbc60b04477
SHA512 f9ff7daf5bc62eeeba6fe75e286403e20472fa5731140481ef9231f210a8bb360084afa7092fc6ffbc55c04f2fcea997812978a79d34279578cfdd5a01c23c72

C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.dll

MD5 09fbc05b9d7c42c91b727c5815829bbc
SHA1 8dc87b964d2f2bf7075c5a46a0289a0c5c33f1a1
SHA256 1b386e82573ccac4d8515914f768dbd958c052218d28521b85899f1d33f33fe8
SHA512 d027905472c76013e58697fbdbb1b91fbba8c53dac9f13510308195aa6a8264626fd9946ef5f89c139eaf7ec236dc3ee18f270bfaf1a8f85fbaadc40608a63f2

C:\Config.Msi\e588c88.rbs

MD5 478b756c5afd6fc038ad97e61c75cf40
SHA1 1f240ec84fea3e8140f5f35645266e020eda7c33
SHA256 c51921fbfdbe7750e23fb8cb407ff2e529fc6c784eea43177836a3c5df632862
SHA512 98ed560af212387137e347ddef4bacdb94bb1b362ac8952c0bc36a3395cd74dd2de47490c4e4edd3cfcaccb66489900dc717c8c841b56e693f3b6c721f0796ec

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\setup.inx

MD5 c448079a17cbe0af0cecf91e6adae5aa
SHA1 032b3720068d2e8eb684cf546a0df4050f021864
SHA256 171205328575475d696c6356cd59833354e69faf8e5cd2a5eef5a26ac4db997c
SHA512 15ddd3f0ba0d64a72b8feb25c19ce52f228ca255d3db3a9d5800479f225afee0bd44374b168fc7322dbba80a998950c6c1c6d8ce6793c6cf9f8683d3e9f231ae

memory/1868-4753-0x0000000010000000-0x0000000010114000-memory.dmp

memory/1868-4754-0x00000000037E0000-0x00000000039A7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\ISBEWI64.exe

MD5 2a0d9637e4fceea99b8aa0cdab99c28a
SHA1 dce5168f073af70881d01d200855c80c6e9be06b
SHA256 9e182cc5bb1220a0ae5c762d3b4318a2dafacd417acca345caf0a40b21ab6855
SHA512 1bf916cacf379a7887a88085a18afdf7408b7a5d3e3d781417ad533462789ec6b91d8b87b1e7a706238fc4a7705d0d4a584ccb2679888474fc1c436fad74232d

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\String1041.txt

MD5 24c0a17c634e318e9aa5f44f1c4048fe
SHA1 afb33802e17e2293d9e3b7ff2033874ca67f93e3
SHA256 940eadde099f3a55f0e695f8f13cf120be23fb5a3e302bdeb84a4c251f0fe682
SHA512 bbf3edd5f61c4f76ea339840d6c17b58a921b2949f34417f435610f7a734f0f2d462940928fd67b7267f0d65947ebe66072c1e419bf17cda9cab57d4dd778f9a

C:\Users\Admin\AppData\Local\Temp\{C7428C06-A23D-4D73-89CD-E1BC6A64E472}\_ISMSIDEL.INI

MD5 b2e62dcf9960e373ed4b63cccf007cb1
SHA1 30e63902c017c5c44b6914d084066431a088df8c
SHA256 97aaf3e5a05f02dcb869ba08ec1f04a2cc640185df287ff6a1e11fa475c943d7
SHA512 9bac76350b6aa4a834d034cd29d59ec6ab1015898cb483253a2183970ac206f7354fd536b22195bff0dd7a5b5cddf7f9f45dfd523006287025cec06dd906ebd9

C:\Users\Admin\AppData\Local\Temp\{069D7AA3-B365-4936-A0E1-479B4E848FF0}\{4CE7E8AD-A48D-489E-941A-56BD3DBC2206}\_isres_0x0411.dll

MD5 37db2870a9d805d9fa4ea31a4e77d052
SHA1 9195ac4533883060140562bc16a6f3a893b62284
SHA256 6f51213f632870229bbc1c918eb7a624da4800878d83b91194cc5272592c89e7
SHA512 adc5107f50cc52a58bcf7cfab05921b7d69ea58828e527af6a9570700cad9ed4252d822bdcc259ddd708fc25985180d83451c9a8a41caff675afc95398137b3f

C:\Users\Admin\AppData\Local\Temp\WPF\5u0cb3ms.10s

MD5 543b04bfb67633730f13fb35e0a3c2ab
SHA1 d7b6aaab090af0b83e762b66b4b4e47b52d347cc
SHA256 617b1c88354b85da8dee16d33dd9b8ffeb177cfa22d0b0d38c0f62c8cd9e5b4f
SHA512 2bffcce327c999fcb871c9303911e3399c17e5765e1a9ad859f94e10b90699fa1184ed45cd93d1601426ff53de4d330dcbe5d01e87f850e844c60c6a250c6e82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 c598e338aa29cc9f2b774f370d6b7e95
SHA1 38c2b27d975ac55f1bc008bcd956f8e5ce4068d2
SHA256 03b82bc47891670954ddb53cb6422b187549563b22ce0bf05287896819b3b507
SHA512 8f814a665221683a703fc0f9027cc94781883f6f96abb726531e3bc1f8b74d06d7f3b4dd6cfc9731699662d29fa98bd3079a211d9fa268a2c50f5d4bec3e285b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\7e652842-5701-4685-9f92-600ab092c363

MD5 3a9a921cd889e74f6d306f803e53477c
SHA1 8600d9d682660af3b7cfa2e7c8152c618b68f396
SHA256 5ee01a35bba76f6375b828e5dc78f9eb02b4c9e0448fe200d1dcdfde2e4d5c14
SHA512 8dd2a66b77d3bdb980542a53e17d7e38c3ee1e64eee127f949f6e3d96b71b1da958f08de7565c8285a81d96339b239410c934d09a9795ba35f5563c1b00670cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\adc23a7e-1227-4f23-b324-91809c5bc01c

MD5 c8810bcca7d8ea922ee557fa331daa64
SHA1 588d4bfc11a9cf36022facb657add173d2c01efc
SHA256 6286da0787db7b7b22bd76cbca6f4a274fe0ae3f84ea72d8a4c31450d87a9bc2
SHA512 fafec12cd3ff76684d813989ae3175790399931845d3261a0244a21f5433e90c4abab0f3b33afc16b48f1ee2938d1abb125dbeb1d5bc7c3b985e2f775f87c722

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\4837093c-6407-457e-a527-e7f6ad759199

MD5 bd07bd0ea0803f5994e9284d7fa735b3
SHA1 00b417e1f7b12ea6815c6d52e8dae261867adab9
SHA256 015eb4e289217caa96b4d6e0934ce0e94c72aef946dc0209d80732c6e93f141e
SHA512 fda28d065d793aa10081eaa6a12f56e4f4b1eb0b4592c59a4367b7c145792e3efee15911cdb90f88e5bc86760c33be0f0dfdc9e610ea0a577e6a1b4494d8cbf7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 4c29bba40f109320ca497abbc8f44eaa
SHA1 370d51029470ccd3105dc453c75102dcea6b672f
SHA256 3957f784ecf5e4cd37a5d69398a92fcbd9957c039d263b305cac8d40338faf23
SHA512 29ffbd1292fd42ff8c5cafb05fc48982b49b0583634b2338dbcee9acd8c2b96444c0491a81339f5687c363ac3f363a6ff1a21bab4da37f834f3370e7e09e2bf5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\activity-stream.discovery_stream.json

MD5 4f6b6db8fd2a2d9774753d096190813e
SHA1 5a7d4fc1766df59d24b5ce3bdf0df07691527431
SHA256 46c17e3352785b700ac6440864feca4a0d5dcfbc3ef375c0a63fe28af516d108
SHA512 123514fd5ff2a9cba514b8add843c40e60cac38b130a6f6b29f9fdf57c7b9f2095f3b6a8341e0f42c661308f456ec280dc99026f2783c1f0744126c8730dfd2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs.js

MD5 43ab25f57d2851b62428d42efd8cbab3
SHA1 ad6e52ad21bb0487b40c0346f69129bc007fe056
SHA256 db8ebbe485b7c2e43fdd6fe9fa4893895e3a611a45f3683edb719181a6d52979
SHA512 a3ff90dfb6706356f546a59a731c310ffbc69308d5cb9647b503a7e7b1ba3ae16d54dbfaeb3a7537a5f9778642dc523ffa427b74d2e8bb965e4ed0e17f0768d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

MD5 a325ea2eb10d04d90e627349e7bfac22
SHA1 fd3d1fe6a10c66bf3e91bbab3b213e0963060d91
SHA256 436e4f8c8f7137de675a4ae9e378f8de999150b96be85d2c616eb7f61668316d
SHA512 87f2c50f0ea59ef6043f886bba50b2e84115941c63f6fdcc8ee98288312a4d0b805c114441630eba5fc1ecb13f2f821b9e35c9bc616a33233d82e65540529d2e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs.js

MD5 6ec9ce2a246271aac230d1f6dd062962
SHA1 b579ad24235f7d4d016d29169106d58ec3304c37
SHA256 37fde7fc2ac9c7308c92a4bf31eef978dfa1993225f31a365044ec8c4d490d08
SHA512 9b04474a530c855defea7a7edbfc1c0a0d1374bd570b2516af6d6aea640cfb44fa304959b2f868e8d9bf3be19f5e8cfeacd93c0761b9586d1c0122f59e8d0c10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

MD5 9937a2c99470fbcf7ca71c5eabaeee7b
SHA1 1a300bb84ea74448e41e4d71437569f183fd9f03
SHA256 186c3478d792509771c505be1f76aa1d01f1915286c5c19dfeb151182598e2c3
SHA512 b091885c208f6a5ef066c742ce3b07f193f0db77fd2dfb73f4f53a1b70e59a53f31eff6f5f7a908a2198da0d23acb5fa3cc308445859bad0415020740c33f277

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

MD5 0c32c73c0110e7c2bd093bee0a0e671d
SHA1 ec07a512136fb0de29abee316cfc1be5d409cd6f
SHA256 116809bdf946b827333e3983653b9c782664ee84a2562c6a256e5a924928ea6e
SHA512 16246b36d95ea33a4220361fc1c29670b06b49f7070eac5be87f2785c2f41c3b50366d4434caa82c84deba7536250adf328fbf7b0d79454467de5840f94e327a

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 7bbbf03060b9c139b2e59de9dd6b6c57
SHA1 c92f031c336998c2824352e42f4e3e442e1ac866
SHA256 e87262dcc27a00cfd597d970d61e5284b276f8d3484ce8b17075e4d966ded8fe
SHA512 e618851db019876aa64a46dd79bbfe35c1842cc7f1a3feee609031ef6b4a6e0b6795b8e26839d59e3ef924634a62c5c47e774a93ef0bc75da75135e1109d329f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 faed0f350448e527b606e03852bb5788
SHA1 3417b2d5319e097e6968d0ab2f576e57eaa85d52
SHA256 bd382d2946d56238c3faeb8e7aae6ae8aa363c119e4053bf9500e182c27871d5
SHA512 9de50d17ba1b17fbe55ba5dec3d04d24b276bdbff8db5dbabb887311b5ca05ca5d0019d43324dd99e7adeef3364d5b62d9a850dad55e51d5d8c295a180b962d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 cafc2729fa7549e8ae6659d08f01eede
SHA1 1a7c68c05c6b70b4a862b5f82985c52fdbd1230f
SHA256 fed7e37bfd77fb733913001fae6e4830fba9e8e1b9bc7714f6a3b6822ebc107c
SHA512 bc5764a99ef2bfa8cf23692f8955b0ca8b3896a13e9e6dc306adebb82235871e4cca3208d6363fc9a93d8eb083896140900e3011eef800321153a5f6223196b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 2940ee84856bc8cf9b7ce0e0b3b24f6c
SHA1 c1e072aa12df164db76672f0b3cb1cc0509c9b1c
SHA256 a20395c4a606841c83f1b662b3d9d868679388e079ff8beda3fd530bda94bf69
SHA512 eaad79ea4822f1a3d3fda534722773f754202a8ea51813a474d4838cacb13da5f1856b7f7e98b08161ad4ef1c423d0dcc08fb1d3c755aa9429d15cf85d10dacd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 fa047415ef5d45ad1c7097a416668a4d
SHA1 4665389ef8c9e1f971a2ea8350254bfabf2c761a
SHA256 5dc45a2a729c162d61b625a315c28e614815a713c2410c7398388fd144fe90f6
SHA512 1b4992cf093e13f2e423ec633b4a60a102a3e700cc77cd7d788e90c725bae72857f78aead912acdc6ff6540ab94331306390881a556458c669e11de305f3ac6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 f9977310591372d79e0a22b23029746d
SHA1 cba68fe310492ed448482a7cc7c514533ba04f1a
SHA256 959c77b50209ad00d12ec1f3da6153746f894a7979ed1984e5f126bc009c125b
SHA512 bc34e79c45e9223cd47de0b1a28f1bc16038cc8e494eaf409095336ce4153cd7b659f72a65097f98ab9291b447abfecd04d6c5ccc8d0ef6012cd8f054913698f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\2031fda4-d956-4796-86ff-84af35e2b351

MD5 7100449746c2c9bba418c58cfdb9b535
SHA1 dd2afd552e6321dcf4e9f0810498fc1c59e85779
SHA256 93c9a7a6f0c45e082b9b4da949db7f8457c44a82b060513b6310d82fb357f8c5
SHA512 316a69cca6bf0d52a40908ac74a1799722b1fcd8d028b036ab9ac1e0ad772036af573693da3b65e97858f97f8d819fb2199950737a13d4965068475083e397db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\750de38c-264d-4f55-92c2-fe944a4c12d9

MD5 5a5435a23633c72ab4043e02e6aec4eb
SHA1 d8aaae6c4b97700897b5cac29ddd6ec4dd8b4d24
SHA256 6490488ba07fd9df923774321f6783d0f331294ae3d5750c3683f8e917d7b6cb
SHA512 1e2c88b0469db0fc5fc9c6e441e259ef44a16d463b7707f20a81b6ba6dee38f97e05c9fc8ee7cb9a386117dfc2d96aa09edf3f05162aa3d3fbeeae6fc624dc72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 976729d795c8fbbfe2e29935a356a1f3
SHA1 4a9a422c95136081b1e20213e23a51bfd93fc676
SHA256 f6cead04742469327a3cdfd10e14089345a619e07943eb086e5a5ff7b1d601e2
SHA512 3af489b81725af19072b6b5a0344d44f0cc265e52e638da968367766ee4accd07562ddc8651ba716babd339e2c38d72722bd8e48ed20192ef00c225a05b8b710

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\f88877c7-1d64-43a9-8949-b763a2bc5b52

MD5 77206952636aeef01535006e8f5df9a0
SHA1 b2617479322c1d83d61f6844d90814ab3fd4f73c
SHA256 321f97cbbcf742b02a73ee5741e3560d6d34ee283e0e064d1de0373f80e5f74b
SHA512 39d7da269015bdeedf20272d76ad74a4e1925f8aa7f07b80bdf0fcb72798021764e53ce906e0b17fdfe718875475e918f09669e27c6dd1bdfa1e462c5bc7eeea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

MD5 6057bda27b66f0f21382a2cb1747588e
SHA1 f37b9eb832de1a1b69afe684db7ce8c04f8ba5ec
SHA256 9a88e92a371dc2fff39d49a2eaa157d1e1366f684df773c41cf5c73ccbd6aabb
SHA512 062428e029e30a311a18b83d7b2927082671b448395ba1f6e19a15a115c5339fd2691aea9b2d075fb97fe88116d49eec0b8c152793d808b725592a59a071e208

C:\Users\Admin\AppData\Local\Temp\WPF\uo1afnl4.xzv

MD5 7081f28a729f0a4aa39ea2a8f9dda87b
SHA1 51816028fa12de0d5fd370fb220cd152eece343b
SHA256 5f28008bb039a8a0f16cc5d62639dae84e6ff9783837b3e794690c1de7e99987
SHA512 e16608d9df7c5d016bea6c645a175d312739c7c4c16227698381f59e3dd4ae37e0e31077868f28b7c72320b213fbb0963fecce5b936abeb2f98c19c8683e73f8

C:\Users\Admin\AppData\Local\Temp\WPF\ccx32r5d.35s

MD5 9320010e4e1c9de31b2d1491a6c94cc7
SHA1 054a09738fed44b298930d494b18d95c9319b92c
SHA256 956e5d94ab0d27334e4cb95051c66bf2bb808232c181f0a24494ae0f63402806
SHA512 01f5d8b52b93b2b104332d753b02a66f0bac542d69bc317ee23cf9625fb937fe510ef8f3bccd6f5cd17b5496eec9622816e51d4ce10c73ab44dc11f1508279f8

C:\Users\Admin\AppData\Local\Temp\WPF\b5ca4b55.2wn

MD5 62441397ca4712edac4d214ab65b5348
SHA1 0164c6ea7c2a197b8ea12e4b1d8d4fabc83f198f
SHA256 c910b8c17cb79b418263b2e5690ef8b1eb1978f21566428ec274ba76af860f35
SHA512 96e11655536d7c68cd702e7f4bc25d6e6517ccc677b5fc909b67ebc72d555bf63434bd3e62b449d8d9b3f146c6ca622939af7da8ff72ec11b0353a5f057d7c90

C:\Users\Admin\AppData\Local\Temp\WPF\bwsq2ryr.xvj

MD5 6f4d64c49c763f81d7135d5e70f99eef
SHA1 8276679da6a318caa6e523c7adc457d86b14472c
SHA256 23b6cde59e4ba300301e0887f0bfe620c9d333277427cb44b39483129f5e1220
SHA512 9473ad956c4936e26d07a8e69f3b3684e606b2c45ee370cfa582fe6dd7b968f86d57c3da870ec62ab1956e5d2deed6f96ade64fe946bd7d4a4df4ad0e4b86747

C:\Users\Admin\AppData\Roaming\VOCALOID6\Settings\preferences_standalone.json

MD5 74c14b984b9366cddeb44262f5abaa8e
SHA1 ee66276fc7f380684505df3c024ca4de40fc79c3
SHA256 474d5f75caa61b2f7d6ab1a6bab2f52561ca3dfd3ec5eccd8e629609a63e0713
SHA512 2a7d46b4592e3aee1ecb57053663f789f8192a0ff10861942aebbdbb85f1812fe933265db689221a8f8b778ca941812d624916502809bb62e05d12bd46b3931b