bc441d1f765caff9920cf4abed934d4d6a47ea2cd04fcff10feb1e31e72bf1fb

Analysis

max time kernel
75s
max time network
55s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VoiceChanger64(1.75).exe
Size

1.2MB
MD5

1b878de11d52b864088a69825024027a
SHA1

8ebf732644d06846d74246a566dc4abf6eb87d96
SHA256

bc441d1f765caff9920cf4abed934d4d6a47ea2cd04fcff10feb1e31e72bf1fb
SHA512

bc3d8068fa9f915fce3e95eabca31be019cf4c47e041c6ba32ad2bb8145700faca909f820d5bf2a8515c1cfeeafecb5ea2815986630aa03b034704041a5c09ef
SSDEEP

24576:BQyASweb4q3yldOeHjRAW10/eeXkwj2i0BzvBGpMuTCj:CyAIsqCeeHSWc0wj2i0JBGquTCj

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

APOConfig.exeClownfishVoiceChanger.exeClownfishVoiceChanger.exe

pid process

1448 APOConfig.exe
1188 ClownfishVoiceChanger.exe
788 ClownfishVoiceChanger.exe

pid	process
1448	APOConfig.exe
1188	ClownfishVoiceChanger.exe
788	ClownfishVoiceChanger.exe

Loads dropped DLL 12 IoCs

Processes:

VoiceChanger64(1.75).exeregsvr32.exeregsvr32.exe

pid	process
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
900	regsvr32.exe
512	regsvr32.exe
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
2036	VoiceChanger64(1.75).exe
744

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ = "C:\\Program Files (x86)\\ClownfishVoiceChanger\\ClownfshAPO64.dll"	regsvr32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

ClownfishVoiceChanger.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Windows\CurrentVersion\Run	ClownfishVoiceChanger.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

VoiceChanger64(1.75).exe

description	ioc	process
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Radio.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Gunshot.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Ghost.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Denoise.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Ghost-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Normal.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Useless.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.bmp	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Rusty.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Robot2.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Radio-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Bicycle bell.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Duck.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\You guys suck.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Chorus.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone.bmp	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Hail to the king.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Robot.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Denoise-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Normal-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\uninstall.exe	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Metal.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Vocoder-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Church_Melody.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Ricochet.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Fire.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Melody.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\River.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Ghost.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Vocoder.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Gong.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Melody3.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Metal2.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Cave.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\You suck.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vst\howto.txt	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Boooooo.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Smoke weed everyday.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Cave-Off.ico	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Fanfare.mp3	VoiceChanger64(1.75).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Creepy.mp3	VoiceChanger64(1.75).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
\Program Files (x86)\ClownfishVoiceChanger\uninstall.exe	nsis_installer_1
\Program Files (x86)\ClownfishVoiceChanger\uninstall.exe	nsis_installer_2

Modifies registry class 19 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MinorVersion = "0"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MinInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MinOutputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxOutputConnections = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\FriendlyName = "ClownfishAPO"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\Flags = "15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\ = "ClownfishAPO"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\Copyright = "Developed in Shark Labs, Sofia, 2016-2023"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\NumAPOInterfaces = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ = "C:\\Program Files (x86)\\ClownfishVoiceChanger\\ClownfshAPO64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxInstances = "4294967295"	regsvr32.exe

Runs net.exe
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

VoiceChanger64(1.75).exe

pid process

2036 VoiceChanger64(1.75).exe
2036 VoiceChanger64(1.75).exe
2036 VoiceChanger64(1.75).exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

VoiceChanger64(1.75).exeAPOConfig.exe

description pid process

Token: SeDebugPrivilege 2036 VoiceChanger64(1.75).exe
Token: SeTakeOwnershipPrivilege 1448 APOConfig.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

VoiceChanger64(1.75).exeClownfishVoiceChanger.exe

pid process

2036 VoiceChanger64(1.75).exe
1188 ClownfishVoiceChanger.exe
1188 ClownfishVoiceChanger.exe
1188 ClownfishVoiceChanger.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

ClownfishVoiceChanger.exe

pid process

1188 ClownfishVoiceChanger.exe
1188 ClownfishVoiceChanger.exe
1188 ClownfishVoiceChanger.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

ClownfishVoiceChanger.exe

pid process

1188 ClownfishVoiceChanger.exe

description	pid	process
Token: SeDebugPrivilege	2036	VoiceChanger64(1.75).exe
Token: SeTakeOwnershipPrivilege	1448	APOConfig.exe

pid	process
1188	ClownfishVoiceChanger.exe
1188	ClownfishVoiceChanger.exe
1188	ClownfishVoiceChanger.exe

pid	process
1188	ClownfishVoiceChanger.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

VoiceChanger64(1.75).exenet.exenet.exenet.exenet.exeregsvr32.exe

description	pid	process	target process
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	net.exe
PID 1448 wrote to memory of 324	1448	net.exe	net1.exe
PID 1448 wrote to memory of 324	1448	net.exe	net1.exe
PID 1448 wrote to memory of 324	1448	net.exe	net1.exe
PID 1448 wrote to memory of 324	1448	net.exe	net1.exe
PID 2036 wrote to memory of 1104	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 1104	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 1104	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 1104	2036	VoiceChanger64(1.75).exe	net.exe
PID 1104 wrote to memory of 276	1104	net.exe	net1.exe
PID 1104 wrote to memory of 276	1104	net.exe	net1.exe
PID 1104 wrote to memory of 276	1104	net.exe	net1.exe
PID 1104 wrote to memory of 276	1104	net.exe	net1.exe
PID 2036 wrote to memory of 2000	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 2000	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 2000	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 2000	2036	VoiceChanger64(1.75).exe	net.exe
PID 2000 wrote to memory of 1604	2000	net.exe	net1.exe
PID 2000 wrote to memory of 1604	2000	net.exe	net1.exe
PID 2000 wrote to memory of 1604	2000	net.exe	net1.exe
PID 2000 wrote to memory of 1604	2000	net.exe	net1.exe
PID 2036 wrote to memory of 460	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 460	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 460	2036	VoiceChanger64(1.75).exe	net.exe
PID 2036 wrote to memory of 460	2036	VoiceChanger64(1.75).exe	net.exe
PID 460 wrote to memory of 1576	460	net.exe	net1.exe
PID 460 wrote to memory of 1576	460	net.exe	net1.exe
PID 460 wrote to memory of 1576	460	net.exe	net1.exe
PID 460 wrote to memory of 1576	460	net.exe	net1.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 2036 wrote to memory of 900	2036	VoiceChanger64(1.75).exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 900 wrote to memory of 512	900	regsvr32.exe	regsvr32.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	APOConfig.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	APOConfig.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	APOConfig.exe
PID 2036 wrote to memory of 1448	2036	VoiceChanger64(1.75).exe	APOConfig.exe

C:\Users\Admin\AppData\Local\Temp\VoiceChanger64(1.75).exe
"C:\Users\Admin\AppData\Local\Temp\VoiceChanger64(1.75).exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" stop Audiosrv
2⤵
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop Audiosrv
3⤵
PID:324

C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" stop AudioEndpointBuilder
2⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop AudioEndpointBuilder
3⤵
PID:276

C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" start Audiosrv
2⤵
- Suspicious use of WriteProcessMemory
PID:2000

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start Audiosrv
3⤵
PID:1604

C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" start AudioEndpointBuilder
2⤵
- Suspicious use of WriteProcessMemory
PID:460

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start AudioEndpointBuilder
3⤵
PID:1576

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:900

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll"
3⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:512

C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe
"C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328
1⤵
PID:792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x56c
1⤵
PID:852

C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
"C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1188

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
1⤵
PID:980

C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
"C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe"
1⤵
- Executes dropped EXE
PID:788

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe
Filesize
195KB

MD5
85afc274aa2978a79c395eb4caf7ace6

SHA1
b47e68592d5e029de64c5ac31dec3ee9b6c99b9e

SHA256
3b61e165ed461fc9f09f1580e9a75745a88f091b906535764764954a764f7712

SHA512
146de7f7eb6fb82509ef0ce717c6ac5e48e7e48e267e2f194e170f9b640611632c96f21c12c6a7a5009aae3d2ae1475dedce10291b37aece442195894b7ee3a0

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
Filesize
872KB

MD5
9c8404f0cd0b15d95b8b061f8f12eac8

SHA1
57d261f0f17a7f1d739ff301212eab056151b2e1

SHA256
c5ce6f973353d7a7b4ad75ec7e355dbbb0ad3d2cb6e5da06af42d2bb6e7c21b9

SHA512
d6bacb50436ef9044a1911936625a723c8f5ee6ef16e747b5382427b482be11f4b4a09c427327efc50a0c8168e36197efd975bf60c01e8b0d314a7054231b1e1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
Filesize
872KB

MD5
9c8404f0cd0b15d95b8b061f8f12eac8

SHA1
57d261f0f17a7f1d739ff301212eab056151b2e1

SHA256
c5ce6f973353d7a7b4ad75ec7e355dbbb0ad3d2cb6e5da06af42d2bb6e7c21b9

SHA512
d6bacb50436ef9044a1911936625a723c8f5ee6ef16e747b5382427b482be11f4b4a09c427327efc50a0c8168e36197efd975bf60c01e8b0d314a7054231b1e1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
Filesize
872KB

MD5
9c8404f0cd0b15d95b8b061f8f12eac8

SHA1
57d261f0f17a7f1d739ff301212eab056151b2e1

SHA256
c5ce6f973353d7a7b4ad75ec7e355dbbb0ad3d2cb6e5da06af42d2bb6e7c21b9

SHA512
d6bacb50436ef9044a1911936625a723c8f5ee6ef16e747b5382427b482be11f4b4a09c427327efc50a0c8168e36197efd975bf60c01e8b0d314a7054231b1e1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
Filesize
872KB

MD5
9c8404f0cd0b15d95b8b061f8f12eac8

SHA1
57d261f0f17a7f1d739ff301212eab056151b2e1

SHA256
c5ce6f973353d7a7b4ad75ec7e355dbbb0ad3d2cb6e5da06af42d2bb6e7c21b9

SHA512
d6bacb50436ef9044a1911936625a723c8f5ee6ef16e747b5382427b482be11f4b4a09c427327efc50a0c8168e36197efd975bf60c01e8b0d314a7054231b1e1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
Filesize
350KB

MD5
7044cc292eafd1af0dfd36c5829c9724

SHA1
e9f8b5f00e016f854363f68f53325c2927654916

SHA256
1d9ec187b9c7c3504f7301d0660ff2ff46b181a06f8940de50a6c2190d24eac3

SHA512
af8946d7f6a12589e4e341542cd31c22267f7d0176a7ef42f281db7dfa68c6b70307df2a7233dbe6032758b1ddf699d4212d0c6a04e6846340d21dd02d679279

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien-Off.ico
Filesize
16KB

MD5
3f7b046b32d33fa1db6d801326c84c92

SHA1
f267a3236f46e5160fbda29bfc0e628ab24f2d35

SHA256
9d68b4ce0995e03fa5a623c36ac00d2641697f9c2120b2d4acc24b371037a729

SHA512
e5e1f723e41c9f4ee324883b7d2746f89b8333b17172b1dcd05e8e070caa200e184d12382140986a0ab852312878e9c1d9e6253accc558af246f69f4598ae347

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien.ico
Filesize
16KB

MD5
b4912b4e5ac58c1da8deb5834e3c366b

SHA1
4d3470a065095f6498e45f7303a8630063eb658c

SHA256
99d1d4618d0ac84f70b30334c94208c617c76f8f1604f665f8dc5c424e638f4d

SHA512
aaa10258b02e41eb13e45ad5746ef5dce249020a973a83e2532bc2d20de0cba6d92d3f4bb3716f871b9eb4db633863763a087769054f9b832cd308b1e7865139

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari-Off.ico
Filesize
16KB

MD5
6f984a4938ba524ba9657d3c63845790

SHA1
0b1789655b8139fa9975aea26860674a5b4fd4de

SHA256
6df6a6464c72af219094cf3787cf0d1f858e2fd3b6c5cc213deecabd911769af

SHA512
f7c403fbf0e3436eae86e141078db563ca7b75ee157eaac4bfd239c5a42227680598a3cf76e4f30760232f71dc3b4fffe7a5bab8d6106854be9eabc7c43298b4

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari.ico
Filesize
16KB

MD5
b5c428102274914255a1c7f4876e2dcd

SHA1
03c76804698ac954d950b6a7dc334fa9ae6db45d

SHA256
3874c8be3dc907e0f26b658fec2a551e9651933a819bc15bf9f93b578e8b5284

SHA512
daabe89489aa3f6089e05a2d96f149211d4b4338d19e68497b5531d45a8580979dea303b95bdd93f14a349c743e18e120eedabcad7a472b9dd8032f5db42aeee

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Cave-Off.ico
Filesize
16KB

MD5
fc40dfade66ab7cf24962bca246834c0

SHA1
9f5c5dae7824afd92ae3dacc9bd72f814bb5e776

SHA256
671d371f7b2f07fc7b1e8ea9f0ab1bdf2a9055e79f3c859b19b6f579fc17987f

SHA512
e0bcd0d37c1b1a4db6dec33d9b3f6471612a7e266349b744bc1e3664e908cb737304af77f3d6f91c7e44ed561b86ff4e686625301fbef4a24919df765d105efc

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Cave.ico
Filesize
16KB

MD5
f8b303268883f3500b9723c5f82843d2

SHA1
805cd035ae00e0fb37f3afbac9cffdd5c3b12014

SHA256
716cc28267dcdafd13ca183d11fd74394f7e55063874d5c19a088ec40e225590

SHA512
0d4b0873c42ff4da2b908bb458c59adba5765c48c4b2168ff7749fa58bd637b483001615532ca4a4158b9e43ac6881ccf4f372d9faf29f136bd473741a975e9a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Chorus-Off.ico
Filesize
16KB

MD5
87eafaceec081d8d2bad823ec42d8372

SHA1
515545777b7805a4ff74bfcdee79d9237a11c669

SHA256
e472affc0a16978628ae05ddff151eb0e4fe2892989e55d3bc3e2715d9679448

SHA512
6957e54e9fd29ec607821ad451727cc76ab04e8ffb99b6b0fea8dcc821b4e579beb4ec4f7cad1f9e90fb638601a3752720931be1a0e3e287b5a12ac3e3d472d1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Chorus.ico
Filesize
16KB

MD5
afefd408c6dff3dbb1217c497aacd33d

SHA1
ba1439c6d07e450b16ee1326d648ded9d3c8aec3

SHA256
b6e3c53bb48c2898ea96955a8df633c78035cf071842e84e31a6b265f86ed49a

SHA512
205c5c0d9b1b0f4f5e844c5abee168e7d3b64da0914b70f5470d7635f68f1d2bd5eee2343017a0c4961c2c78bd4ca2f70cd5594ef99b0ba91ce5250e0f3a4ca5

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall-Off.ico
Filesize
16KB

MD5
822ce582243adb560d3a6f5b87884cf6

SHA1
92fb5a5a4a81293cabba2b9e55fa03f0c51f0d1d

SHA256
2b04ea3f81189ce4a22abe6eb620dc65cf6bd44a2f152303096e3013068778ee

SHA512
27208641135e35d100de11b2de6d7f808d35ede3cfad8630b7cbd366e0a750aeb634392f4905bb9c65f9477927e3ea6447bedbe59447ec24cf511cce16eb2b50

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall.ico
Filesize
16KB

MD5
b8a844f428b535a1dfc17aac4a247041

SHA1
c6ff6d1ddfaedf589cc0e541f159ca6e97b4d907

SHA256
e1bca0ca6c4acc6b946d9486dea1ae89a8fa36715fc80f3a70d70d60689f0bff

SHA512
52655bfc21a68ca6e00dd21e2f5123707a7e0f51d318f86c6b33bd4ccd3d0a36f9f01123eeeaa23f48d232617919f88ff68b9b082852c0137bd27d32f2b9fd4a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone-Off.ico
Filesize
16KB

MD5
252a8304468aa4d67cdc654959f72ac5

SHA1
4cdabf4f34cd8a27991ee08d7d0d366ce1060723

SHA256
e899579042c65ee392700daf59d07252d9a4241fd70cc56a00075d2be5ce5609

SHA512
78854112f576c3ab88a43d1ded442361d32a4f3a5ccfe72f1317b6c0bc0b697cb6f492f5c18053667466eeb37f278c2aac9b54079ff04302c9a2862f704807ec

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone.ico
Filesize
16KB

MD5
818e9c0e411979071778221ef3e64ecb

SHA1
6e9f0e72c0d0dd8d4c6208cc65ce643464c2fc60

SHA256
d5e17286741825c832a92ff8eca5aa1a11a3873cf825e76d549a06d7527cf437

SHA512
1cc1202620add273cd1e6eedd4cd01b01457725e2ff798107959f6c4f9dea9aafc068ed8a77e366b01ce2fa4bd92a8c6e8a52d86f5209eacb17924a25f7b3b1a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Denoise-Off.ico
Filesize
16KB

MD5
858d2eb360c027803b72b32c17039911

SHA1
09918012226a356e715c7524cca18ec5a600f237

SHA256
bb153cd62ed62a09586261d70751c51d97df9fb767b877c00f0b8b2a881e9af6

SHA512
87e4999018393823615f616a9aef03d0328cbb43efe9c16f9769bd2a315a43907d6fcaa7a62ae054fc0ad426c05f5fb7db24bd3dd470cd4615721f1b62751e74

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Denoise.ico
Filesize
16KB

MD5
8eb0b7285d65d173888513d0aa958889

SHA1
15544cd856122a8db4b4da8a8bb95edcfa59dfc6

SHA256
7e2fdc9d5c24d1603c5e2a8df1451e69fad62a680bea9de6260a56ae460788bc

SHA512
55f11314875ff9b8a4f65e005228fc41a637257f8808f1a62b33084d01ea8f3e8fddb0497a578f90060bd486636e0a49aa471a385cbe40d4993c084a3cc03e76

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Ghost-Off.ico
Filesize
16KB

MD5
643d096436c385792760aef98a89db20

SHA1
0813ffab627cf8ab07bfdb62e7a9bc0a204e605c

SHA256
bad408756d828fc4e22c57a121a75a8f9614991e83e97921610186216defcb9f

SHA512
4b954efb23200777ed9134daefc3d7ea76cd66c7ed18dcde769fb4df80e007c7dd5cd103409b5902c4b349958b193cd1a6b0f0ae35c4952a81f8c4a26bee23c3

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Ghost.ico
Filesize
16KB

MD5
c6d7ff48826361fb32b8009e0f627266

SHA1
9b48a55738a712a7b7cb666457125436962c73e9

SHA256
1802ac52cf0e1b406467b21680caf06d992311a242f4d6fc279d8b16c2f1ddb0

SHA512
5b6402c6a259aa22a4d1740986f8468a312ed5bd96020f64ea29c9a017e309ea7c1d3ab2c5a5e53fac3bbd4acffd5a3a2231a4af62640b759fe9bcc9adf25715

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.bmp
Filesize
822B

MD5
971940a0d1831de2f7108b117102d9fd

SHA1
072eed33f8dec4e3318be35ef3232dbd6ed7b85c

SHA256
56014e25ab2a2e1ae0b3cdc5fbd899cb9571e89f97c0a1a6b66f3cfa9d93a525

SHA512
a615e5cc1251d1c6f4c09ca5803488d54439b3c793d362e621a308eb892592e719f070b67e7c049d74453f11b066bed254ee27144faddd12f043eb89f7eee9a4

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.ico
Filesize
4KB

MD5
7a4eae69fa8bbcecd7d1c5c26cbf0f57

SHA1
d4bc72f9954fa58f624718d68dcfa8df4ef43867

SHA256
0c39e36374122bec7f62f2008971630aab77acb842a8227414aa8efd41b875db

SHA512
a1edd33ffbb0cc97952dffbaf87cd813cf6f80fb4a1c27dfbf1e642c8b2ea17076af84fcb674a737fcd9ed7f5d62ae604a777ca10900a01fda7a85cbee5628be

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone.bmp
Filesize
822B

MD5
3ee0b594a2590956d5e495bab976e7a7

SHA1
97a4de0930f7acbfcd1ac8363abfd7255b111971

SHA256
a60621c95d5c0198b2b2f88614716832a46d4923b3ed8023bf136f5e3b4cdf75

SHA512
ce43ae253eb5b777b0eb8d5f3d1d99485e7af1747dc93e2564fc42433ba3a0550f489e8d19d73d615446af53c81d5ed617c838f127b24a7b055b1174d62ae487

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone.ico
Filesize
4KB

MD5
ac87badf42c18d9b85e9927553934a22

SHA1
12c52083ceec0b8e02c7df852cd866ae902c5355

SHA256
a8992375ccda029017fb09cf9f404bb7c7364f6b226dd3c082ad30cfb0897e1f

SHA512
cd8541c9f9b76b0223e9b323fe0dc8b4d24b18779e876c558fc4d512a2e3807b813941d0033dd32f3b3e7941522b7e2c28e27e25a05a8186b6222065ab666062

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast-Off.ico
Filesize
16KB

MD5
fbf41565033ad19d2248a78cc799f2f5

SHA1
4c60e313038a57b86f2239c50ec7ccc99127ee88

SHA256
9d5d274595493a116342d0773e33743f2c8b08dc4c5857fce3467b993428fd2e

SHA512
3973cddef018e61ac8c25b5bd4af32ecaf12c2281dc452bca7c120a92ac769ab5ce45b123f26a679291a194a8292880affdd86ba35916792a0bcbc3d456530c2

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast.ico
Filesize
16KB

MD5
4c38f648467f86b0b76cb3bb9913270a

SHA1
1c7abe04aed779f9932f1d518e65e6a24657cf56

SHA256
253a04575aabec843f6f4ab9d0fdd874d526f7a0f8c45922bd7bfa9242f2bac9

SHA512
a16efffddb1813f1fe599b3d7b93b13886640a4b18eaa6e08597c36c0a51aa376fd2587b4842ed3728b56bcfdd7bd1888424cc0f8655b9f83d29579907d76625

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Normal-Off.ico
Filesize
16KB

MD5
68dfefeae93b257db46fcaf0f101c8c6

SHA1
a4c9c364878bbf4192c222be65d0303ad6d13afd

SHA256
e108093b0a2897652c3646c58be076fa0f6fea8099858429d4430cefeb2370ff

SHA512
e59c53ba2ac469f37ba6f39359d9f62418fc255876820cc0cbc75c6559abd7487c01fd6cb15c54e91622fa7bab5e040dd21b5ffac0d005f66bdc88c0dda62f3e

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Normal.ico
Filesize
16KB

MD5
6e4004a72a3fea06f4ddedf1a349c54d

SHA1
683937023167f7571dd67398f2bbecde2c7f7cca

SHA256
8176921000f89a71e8719ed20b77ffb380f87bbfe5a59f073c841c61d9a877b8

SHA512
b1bbda78d27d727fc768d56065773d70918e0f15d8860011de0aba007562ea6985268978858568f631e695f8a4729393c342c0c944280e3e94fe5fe000dc455a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow-Off.ico
Filesize
16KB

MD5
9212061a50c0a464fc9a23ba2b642402

SHA1
38e063b9d901855295ba27468d386fb19c264610

SHA256
76f2e1f2dcb7ef4a532d3ed539e8e5eea900ecfd24b84da91b6d7a6201453aaf

SHA512
25591857a02bb78bbe1f7e2ae621920cbae65d2ff270d1549acf3aae2a4d59970bf9c9364b9b543dac63fd8d97f0e18708e1f71bdcf76a22c3d9af73c8d34800

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow.ico
Filesize
16KB

MD5
a3b4f287362f6128ee9c1647af52b0a5

SHA1
de1c96252d1b867089704bb4ad617ff169575fc4

SHA256
06cae75f238e989d3df868fcaa8529c614c3804fd57c6a7fa26f83fa892d26e3

SHA512
0b8541b43f6eb688abe8607c9adb76987238bd724d3b64ebdb46b661deb143765e6a425943b1ec80e09d6e8584859fb639078e3d7bebd72c23c39131d51d8fc1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby-Off.ico
Filesize
16KB

MD5
f1df374917d3f8f9ed76f195a95fc69e

SHA1
a0011da872fc603b91b64333db8431b1215dd357

SHA256
8656ab19d7393e74a6e486dfa7c99f6ece46b1a479c6459356d8b9a2493c5af6

SHA512
f18ad61d77b902113a50361cab2eb549b636fadfaa49b64cd0bb8815d79494e1bf27393d2b3737d77c103c58bf2f323b601b508ca24f873bb1864dc7ea11ff67

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby.ico
Filesize
16KB

MD5
e3fd1405f464a7a805d81082f68e7e9f

SHA1
351b37806e40734e5808929cd25fbe5fe4620f1f

SHA256
1b4852f4cdac1a50f802b0590cd615cb41b0dc4cbb2760abfbc7998edc0529e1

SHA512
e41b022af71f7f7f5a5b42fc75867db4236ef94b15cdf333495da7eab90d89ea5071110ec28b562132f7ab0bafd692fa70d9889c62d736dd1b7e931b05bf6c44

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female-Off.ico
Filesize
16KB

MD5
93adf3488c6445baaf58722b824cef92

SHA1
493dbddffdd665be4bbff73710ed6be48f8b5fc5

SHA256
9e14fa6d74fcfa6aff3f7d8f7dd3b56af1487d759059e5905ab5020f3b231345

SHA512
b6fe5dcb7d7c81cb26d0720339466707084ca3d29f6558fc74fecc0f9f6043040e2b6bbccbeb66fd772305be92ed95a9eed703ad2f3adcae8edb55a2c5e0bc25

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female.ico
Filesize
16KB

MD5
9df98607c8c803b39f1f31e1865bbe65

SHA1
1bd4eb1bc6eaaa3036f45bae64c0d091c158f3ff

SHA256
161de208a3aec64dccd1351be3f0cfb31f4fa144a6fcb6776437613bc36d6074

SHA512
b89b772fef928cbc0990331f4d30bd21cfd519fd45b0fe02114bf8da41134e205dd43ea1dc7ee0744233008183c132f4745eb2fe27712ad7f0928dbadccd7997

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium-Off.ico
Filesize
16KB

MD5
7594baf2728dfdc8f8c55456f5f5f932

SHA1
bc8d54bf277dff6a3f73b3d7643bf43db403d2fa

SHA256
2c639ac60a864b592ec054da4a07d11bb4d6cdb1066ea698cef5d3e59b71704d

SHA512
7392ef4431edf3e316f1f2bfa37ce58ba4987f26af9f9023dc7e820473890be5fcee27a8c8536cc4a627ae49040f480bf0d9ab2d751808b0e7f10b7f931f856b

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium.ico
Filesize
16KB

MD5
14d45e43dfe60e6a24bb73dee4f617e3

SHA1
4f2ba51c9c0e3eb0b83fa3401ed2fa737cf67e3c

SHA256
57c4be5d556f6b4c787586728f75edf5f2f29fe405eb362ec400ea7d19159cee

SHA512
ae50ede1a98eec82ee53aa82f7be4e1fd994ed41d321ec6274f423b0bd19ad9d595d3f9f20c498490af5dd26a7783936016a8795e1b96acf64758588d6279f98

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male-Off.ico
Filesize
16KB

MD5
ec5bf36ef0d5a9d98b174eae13e053d6

SHA1
c060e8aa6aff84662e25794a86b7e29c15bfbf32

SHA256
3743770e30f2e35187794c0f765d3313ffca4257d5f54579ec6f49c799a113d5

SHA512
9e230ed7ab209ea98ca53a7a639b0ca2f8df3046c8964bb2956d207b5a677c92c01e3b79cd87ddc1d386006b33cbec67250cac28beadb525ac80c971df3427cf

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male.ico
Filesize
16KB

MD5
4f722d42b679c3137e0ec5d0380b5c2e

SHA1
30f9554ac568321f10ac08346ec5fd9094fc65f5

SHA256
69c3129ac103c9b5c7bf0203d79911a195c52f849b8cb51ea2a72a22ae0e5db3

SHA512
b64d35d1f14449a0b3ce2097324a577101e576d0151ee938cd76124392e75bf6bf650aea3a2654a2436be47d8b93c46d0353eeb048fcc730057a3285c2f5d2a6

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual-Off.ico
Filesize
16KB

MD5
a46db4094f28a4548446e255b3b8f6c5

SHA1
b4fbc2baee8d82b38cc4b3af4f76f83acda1cdae

SHA256
3eca94615a2ca4f29cdc0a3104fd84b6b01dc19415381c32e31edcc1073cfcb9

SHA512
a398d136284b7692a6159a2373f52f5658170b3219c08d9f8156b2b612e4b103bd3eab21d6a01b7750fb35995572f7ae1fe41c358819d8c388a660cba406ef50

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual.ico
Filesize
16KB

MD5
cd5e5ffbece346671f78bf2add304a73

SHA1
cae262814cede831b21a8d2756778d408ae55511

SHA256
d872545106e8e899c1e340e992e7a22cefcbe62eb1aada04fd2089d629043716

SHA512
d26873abcfc65e7899c6ecc4be47f342a5280e733afe03ab528c5743022a91e0c292823afa699d8044480fb78c0f4ff41cecaf8e0c2ca09d99a5f58fa10f2638

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Radio-Off.ico
Filesize
16KB

MD5
d86fedd0bd1d19b0dcd1ba34f29d08d9

SHA1
0887b15268146436037262b9eea36a29edc535df

SHA256
3dd0c14f58f5e386a5351067444709b2ffe4c5af7076abc301c642d75f9bd49d

SHA512
52cfabb25ce0de3f7ff23163de2fcd9e5fcd749d84f1427307955aae3eff74f163ce7d2339a7501321da2142fcd48efe4e7b432742bbd35ef07271e7b258d994

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Radio.ico
Filesize
16KB

MD5
f2214783b072e29992dddf5702b80df8

SHA1
f5cf7b5a1ab07350a6cc8329ff59090b0008c60c

SHA256
383986e6129a7fa4659787bf5159a03f9b2e0f1ecd8e90d018a326d4f80523b1

SHA512
ef1afd460324f30e57b9eb25ab0b44ff217052c4d965a1f6617bb3be761f9646e60fa74ab454c269e22808b24f18af8d546c8b4be7142d07440d8990d3e694f3

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot-Off.ico
Filesize
16KB

MD5
49f703b6b44a50cb8446e93ddb5e3e6b

SHA1
f63de1e09be9bbc2e465ed91d0a41cf2878be5c5

SHA256
16a4d7c4bb8e9985454f48b5694dcc5e915681b6900ecd0dcfd30970617195b3

SHA512
3608583c4866d3096f3b311a661fbed96cb817a01f296421ec35b665647d4f28ee21b19004a3e75f5e1237d6fc3ae1ed1a5848262786ace9e9071394efb3a9df

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot.ico
Filesize
16KB

MD5
dc21021665efc0d91a3c023349e0088d

SHA1
a9db1ccf0293442e171af55dff9b305da26ed551

SHA256
f4b31cc68ab44252953dfd7ba9ed190904a2855a187c5eb9b2d1865af6b4925a

SHA512
3d797a568390992805f5a0ad3d247afce0fca4a399c439cd68f2496c4b49491fb216554fe940512c984371083771f73136ec013921bd5184dbc276676a269b16

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence-Off.ico
Filesize
16KB

MD5
15b678e256892c094819e9adee6931c0

SHA1
af96f5f1f0ba441cb27fc92ec84bcf64ace578a9

SHA256
a5a127fafc661c60ab71a91a3af1e75757dc8f769814886ec1385be491d0bee5

SHA512
4d0f5cc19ace20534c2b88325cb7f1482e444b14628eb2c5d02ba2d89c1f53d4a14033b23f714fab6f5fbe9d2e5d286bdd8d9735b0f343cb156e287506c2998f

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence.ico
Filesize
16KB

MD5
d182f6d36f07ce8c87ab7c3a5b63c660

SHA1
ccb3953c3de04823f64674069b8fd8fdf2d47290

SHA256
174cf35498ac34dbc791179f2eae97421df96566788d10774cd119da236b86c7

SHA512
849e074ab63223361664fff2a667d13e89de642a877e8c7baf28f3a8580f5cfe32754a750d9fb46cda290daba3cd8887ab6e9824dbca2597d01555e0968724b6

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Vocoder-Off.ico
Filesize
16KB

MD5
956d2f04d6c2a1d56c7650c3371137c9

SHA1
1f9eb18797a0bbe781f23f562d3fb03d8dae0a2b

SHA256
0382305edaf7ce50bc7846a83b7bc5164861e457cb7f306b663c3e8f06b25a7f

SHA512
5fcda40274733c52e808b7e246bcc2992b66d377d14ba36626cb0b6434fb966a57429a3384d41b9f000a6f5e9ef0d15e3a62223d80db123790b4b9047a1481a1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Vocoder.ico
Filesize
16KB

MD5
6ea776011dcb4d8f94b5ac28b002f754

SHA1
1fec375d48c434b2c478fe8253c9ba78ab79dcac

SHA256
5f3e34cb9bf37640f7d6f60fcb847b3a26a7d68cc8df4cf54803203d8a93e516

SHA512
c2e4ff69322bcce6ab4c6a095cdd5adf2be3e37238b494bcf5d8821c8427a0f4b12262deb028c297d33b57e11de76a7027f9c27b6dd34f289cd79da68bf76425

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\KillProcDLL.dll
Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\LockedList.dll
Filesize
27KB

MD5
a1ac202541aeb73245d9caedca1c9577

SHA1
d30dc312d5394f5cde418560bb2e0b6e46f4f7d6

SHA256
7f150baffafedd777ae27ad7d9782f4e804653068053102e55c8438230e65868

SHA512
73e641317b7c16f4f3f8c2786897bac8891065b7f877af3c0892ba222ea4737679096cd9241e0225b85ceb8a1a3d6b9b7016ed016f83ca3d05a2aa33d6cc5913

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\System.dll
Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\modern-wizard.bmp
Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\nsDialogs.dll
Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe
Filesize
195KB

MD5
85afc274aa2978a79c395eb4caf7ace6

SHA1
b47e68592d5e029de64c5ac31dec3ee9b6c99b9e

SHA256
3b61e165ed461fc9f09f1580e9a75745a88f091b906535764764954a764f7712

SHA512
146de7f7eb6fb82509ef0ce717c6ac5e48e7e48e267e2f194e170f9b640611632c96f21c12c6a7a5009aae3d2ae1475dedce10291b37aece442195894b7ee3a0

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
Filesize
872KB

MD5
9c8404f0cd0b15d95b8b061f8f12eac8

SHA1
57d261f0f17a7f1d739ff301212eab056151b2e1

SHA256
c5ce6f973353d7a7b4ad75ec7e355dbbb0ad3d2cb6e5da06af42d2bb6e7c21b9

SHA512
d6bacb50436ef9044a1911936625a723c8f5ee6ef16e747b5382427b482be11f4b4a09c427327efc50a0c8168e36197efd975bf60c01e8b0d314a7054231b1e1

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
Filesize
872KB

MD5
9c8404f0cd0b15d95b8b061f8f12eac8

SHA1
57d261f0f17a7f1d739ff301212eab056151b2e1

SHA256
c5ce6f973353d7a7b4ad75ec7e355dbbb0ad3d2cb6e5da06af42d2bb6e7c21b9

SHA512
d6bacb50436ef9044a1911936625a723c8f5ee6ef16e747b5382427b482be11f4b4a09c427327efc50a0c8168e36197efd975bf60c01e8b0d314a7054231b1e1

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
Filesize
350KB

MD5
7044cc292eafd1af0dfd36c5829c9724

SHA1
e9f8b5f00e016f854363f68f53325c2927654916

SHA256
1d9ec187b9c7c3504f7301d0660ff2ff46b181a06f8940de50a6c2190d24eac3

SHA512
af8946d7f6a12589e4e341542cd31c22267f7d0176a7ef42f281db7dfa68c6b70307df2a7233dbe6032758b1ddf699d4212d0c6a04e6846340d21dd02d679279

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
Filesize
350KB

MD5
7044cc292eafd1af0dfd36c5829c9724

SHA1
e9f8b5f00e016f854363f68f53325c2927654916

SHA256
1d9ec187b9c7c3504f7301d0660ff2ff46b181a06f8940de50a6c2190d24eac3

SHA512
af8946d7f6a12589e4e341542cd31c22267f7d0176a7ef42f281db7dfa68c6b70307df2a7233dbe6032758b1ddf699d4212d0c6a04e6846340d21dd02d679279

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
Filesize
350KB

MD5
7044cc292eafd1af0dfd36c5829c9724

SHA1
e9f8b5f00e016f854363f68f53325c2927654916

SHA256
1d9ec187b9c7c3504f7301d0660ff2ff46b181a06f8940de50a6c2190d24eac3

SHA512
af8946d7f6a12589e4e341542cd31c22267f7d0176a7ef42f281db7dfa68c6b70307df2a7233dbe6032758b1ddf699d4212d0c6a04e6846340d21dd02d679279

Download Submit
\Program Files (x86)\ClownfishVoiceChanger\uninstall.exe
Filesize
78KB

MD5
866d5daf70d5ab338f5d5053591ff01f

SHA1
36bbd27045ed1188fc86273868724473c74e5ef3

SHA256
03e7d71a04bf9183c9e1538dcf00b7ae89ea91fcabba7b119e3b96be502872c2

SHA512
82e3d56d49dd7a4585c637ca4887a5bfe5747f65943aa9e5106a2a1bb62d68f305651c3adca3f131131ef16e7392a502beb46088478d1f95ee0a9daef2fe4f88

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\KillProcDLL.dll
Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\LockedList.dll
Filesize
27KB

MD5
a1ac202541aeb73245d9caedca1c9577

SHA1
d30dc312d5394f5cde418560bb2e0b6e46f4f7d6

SHA256
7f150baffafedd777ae27ad7d9782f4e804653068053102e55c8438230e65868

SHA512
73e641317b7c16f4f3f8c2786897bac8891065b7f877af3c0892ba222ea4737679096cd9241e0225b85ceb8a1a3d6b9b7016ed016f83ca3d05a2aa33d6cc5913

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\System.dll
Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\System.dll
Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1E7.tmp\nsDialogs.dll
Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2036-82-0x0000000004170000-0x0000000004173000-memory.dmp

Filesize
12KB

Download