7563ae08ceec9911afee7bae2b02dadbd55fbacf26fc6b16905e35a1dc5eb6bc

Resubmissions

16/10/2023, 04:11

231016-ery27ade98 8

16/10/2023, 03:55

231016-egzwqsbd7t 7

Analysis

max time kernel
322s
max time network
322s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MorphVOX Pro/MorphVOXPro4_Install-1.exe
Size

5.0MB
MD5

ebca2cbf787e99185422ea3ee0a0d093
SHA1

9a79360866a3236b557d128ad8c1bf5c32c834ab
SHA256

f87c336c73ffda0ec174e225219a7d685d9ee6109a8e11d731aa2eaeaa7882eb
SHA512

92ac0569d6cdd391035795daa33652060e3b50f2af1178e404c35ac2035bd8a7bd33c45beb770b1119416a9984efc39fe072e95e74835df4e6ab0ed7a3954244
SSDEEP

98304:5hO/QhVAikVIm4aUXzhR0iA+S9ezQy7V+qkZJ0G5gqL7eGUJo5YvZWWw0t+h:542c+fXVR0iA+S8Qy7V+fJ0TMpVOg

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\SETB76.tmp	DrvInst.exe
File created	C:\Windows\system32\drivers\SETB76.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\ScreamingBAudio64.sys	DrvInst.exe

Executes dropped EXE 3 IoCs

pid	Process
2384	setup.exe
1916	SBAudioInstallx64.exe
1284	MorphVOXPro.exe

Loads dropped DLL 21 IoCs

pid	Process
1544	MorphVOXPro4_Install-1.exe
1544	MorphVOXPro4_Install-1.exe
1544	MorphVOXPro4_Install-1.exe
1544	MorphVOXPro4_Install-1.exe
2376	MsiExec.exe
2376	MsiExec.exe
1116	MsiExec.exe
1116	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1516	MsiExec.exe
1284	MorphVOXPro.exe
1284	MorphVOXPro.exe
1284	MorphVOXPro.exe

Blocklisted process makes network request 6 IoCs

flow	pid	Process
3	2760	msiexec.exe
5	2760	msiexec.exe
7	2760	msiexec.exe
11	2860	msiexec.exe
13	1516	MsiExec.exe
15	1516	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_8E2B44627F8CE0ED818B5AE857D9B5DC	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET734.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET734.tmp	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\sbaudio-x64.inf	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_7B21B1879692B91DD3F23589CB604185	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET732.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET733.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	SBAudioInstallx64.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_8E2B44627F8CE0ED818B5AE857D9B5DC	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET732.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET733.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_neutral_cede75ee029e14f7\sbaudio-x64.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	SBAudioInstallx64.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6	MsiExec.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SBAudio-x64.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_neutral_cede75ee029e14f7\sbaudio-x64.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	SBAudioInstallx64.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_7B21B1879692B91DD3F23589CB604185	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\ScreamingBAudio64.sys	DrvInst.exe

Drops file in Program Files directory 30 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\morphoff.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\morphon.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\muteon.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\ScreamingBAudio64.sys	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\alias_audition.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sfx_audition.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sbaudio-x86.cat	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\EULA.rtf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBSSettings.xml	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sfx_prev.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.SpeechLib.DLL	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\alias_prev.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphSupport.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallHelper.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDSP.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverUninstall2.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sbaudio-x64.cat	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sfx_next.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\GoToSleep.wav	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\ScreamingBAudio.sys	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x86.inf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\muteoff.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\alias_next.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\OggVorbis.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.InstallState	MsiExec.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\setupact.log	DrvInst.exe
File opened for modification	C:\Windows\setuperr.log	DrvInst.exe
File created	C:\Windows\Installer\f77e092.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIE2F3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	SBAudioInstallx64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev2	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_C336E7162730B57D662F4A.exe	msiexec.exe
File created	C:\Windows\INF\oem2.PNF	DrvInst.exe
File created	C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_C336E7162730B57D662F4A.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\f77e090.ipi	msiexec.exe
File created	C:\Windows\Installer\f77e090.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_7849E9CC259521D32D7A6A.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	SBAudioInstallx64.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f77e08f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE246.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\f77e08f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE776.tmp	msiexec.exe
File created	C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_7849E9CC259521D32D7A6A.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEBCC.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_6FEFF9B68218417F98F549.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_6FEFF9B68218417F98F549.exe	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MorphVOXPro.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (Screaming Bee Audio\WaveInId = "0"	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (High Definition Audio\WaveOutId = "0"	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\Version = "7"	MorphVOXPro.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device\FilterData = 0200000000008000010000000000000030706933020000000000000013000000000000000000000030747933000000005801000068010000317479330000000058010000780100003274793300000000580100008801000033747933000000005801000098010000347479330000000058010000a8010000357479330000000058010000b8010000367479330000000058010000c8010000377479330000000058010000d8010000387479330000000058010000e8010000397479330000000058010000f80100003a7479330000000058010000080200003b7479330000000058010000180200003c7479330000000058010000280200003d7479330000000058010000380200003e7479330000000058010000480200003f7479330000000058010000580200004074793300000000580100006802000041747933000000005801000078020000427479330000000058010000880200006175647300001000800000aa00389b710100000000001000800000aa00389b710900000000001000800000aa00389b710300000000001000800000aa00389b714902000000001000800000aa00389b714002000000001000800000aa00389b714102000000001000800000aa00389b7103000000ea0c1000800000aa00389b7104000000ea0c1000800000aa00389b7105000000ea0c1000800000aa00389b7106000000ea0c1000800000aa00389b7108000000ea0c1000800000aa00389b7109000000ea0c1000800000aa00389b710a000000ea0c1000800000aa00389b710b000000ea0c1000800000aa00389b710c000000ea0c1000800000aa00389b710d000000ea0c1000800000aa00389b710800000000001000800000aa00389b719200000000001000800000aa00389b716401000000001000800000aa00389b71	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SBAudioInstallx64.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (High Definition Audio\ClassManagerFlags = "2"	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\GDIPlus	MorphVOXPro.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (High Definition Audio Device)\DSGuid = "{4019286B-154F-47CB-B9EF-9AD50E8FF700}"	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MsiExec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	MorphVOXPro.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device\DSGuid = "{00000000-0000-0000-0000-000000000000}"	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MorphVOXPro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MorphVOXPro.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|MorphDriverUninstall2.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F659B57D27D92946B5921D0078EEA1E\DefaultFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BD0827B3A65E8834EBD87072B5CBEEF6\9F659B57D27D92946B5921D0078EEA1E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lui4EFA.tmp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList\PackageName = "MorphVOXPro.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|Interop.SpeechLib.DLL	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|Interop.SpeechLib.DLL\Interop.SpeechLib,Version="5.0.0.0",Culture="neutral",PublicKeyToken="14A89F21EFE9C134",ProcessorArchitecture="MSIL" = 520058002a0070004d004a003d00680053003f003d007a002d0035002700680049004b00550071003e007b004a00210053004d007900470059005f005500350030005500350029005e0026006a007600770000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|MorphDriverInstallClass.dll\MorphDriverInstallClass,Version="3.1.4773.20201",Culture="neutral",PublicKeyToken="14A89F21EFE9C134",ProcessorArchitecture = 520058002a0070004d004a003d00680053003f003d007a002d0035002700680049004b00550071003e006c007b00620024005e007a00320076002d0056006c00770026003400290025006e0028006b00240000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\lui4EFA.tmp\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|MorphVOXPro.exe\MorphVOXPro,Version="4.4.7.26164",Culture="neutral",PublicKeyToken="14A89F21EFE9C134",ProcessorArchitecture="x86" = 520058002a0070004d004a003d00680053003f003d007a002d0035002700680049004b00550071003e007200690038006a0049006b00790076004f006a0077006d0045002600400024005f0057007600570000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|MorphDriverUninstall2.dll\MorphDriverUninstall2,Version="3.5.4773.20201",Culture="neutral",PublicKeyToken="14A89F21EFE9C134",ProcessorArchitecture="x8 = 520058002a0070004d004a003d00680053003f003d007a002d0035002700680049004b00550071003e0057006a004100450065002c006100610039007600770046006e004800300045006f0068005a00690000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F659B57D27D92946B5921D0078EEA1E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\PackageCode = "94D23059DB00A1647AF84394B23C6188"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\Version = "67371015"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\ProductIcon = "C:\\Windows\\Installer\\{75B956F9-D72D-4929-B695-120D70E8AEE1}\\_6FEFF9B68218417F98F549.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\ProductName = "MorphVOX Pro"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BD0827B3A65E8834EBD87072B5CBEEF6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|MorphVOXPro.exe	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|Interop.IWshRuntimeLibrary.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|Interop.IWshRuntimeLibrary.dll\Interop.IWshRuntimeLibrary,Version="1.0.0.0",Culture="neutral",PublicKeyToken="14A89F21EFE9C134",ProcessorArchitecture= = 520058002a0070004d004a003d00680053003f003d007a002d0035002700680049004b00550071003e0046006a0070004a00610077003700610075007200290060006d00510040005f007a0054004f00390000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|MorphDriverInstallClass.dll	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F659B57D27D92946B5921D0078EEA1E\InstanceType = "0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1544	MorphVOXPro4_Install-1.exe
2860	msiexec.exe
2860	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1284	MorphVOXPro.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2760	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2760	msiexec.exe
Token: SeRestorePrivilege	2860	msiexec.exe
Token: SeTakeOwnershipPrivilege	2860	msiexec.exe
Token: SeSecurityPrivilege	2860	msiexec.exe
Token: SeCreateTokenPrivilege	2760	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2760	msiexec.exe
Token: SeLockMemoryPrivilege	2760	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2760	msiexec.exe
Token: SeMachineAccountPrivilege	2760	msiexec.exe
Token: SeTcbPrivilege	2760	msiexec.exe
Token: SeSecurityPrivilege	2760	msiexec.exe
Token: SeTakeOwnershipPrivilege	2760	msiexec.exe
Token: SeLoadDriverPrivilege	2760	msiexec.exe
Token: SeSystemProfilePrivilege	2760	msiexec.exe
Token: SeSystemtimePrivilege	2760	msiexec.exe
Token: SeProfSingleProcessPrivilege	2760	msiexec.exe
Token: SeIncBasePriorityPrivilege	2760	msiexec.exe
Token: SeCreatePagefilePrivilege	2760	msiexec.exe
Token: SeCreatePermanentPrivilege	2760	msiexec.exe
Token: SeBackupPrivilege	2760	msiexec.exe
Token: SeRestorePrivilege	2760	msiexec.exe
Token: SeShutdownPrivilege	2760	msiexec.exe
Token: SeDebugPrivilege	2760	msiexec.exe
Token: SeAuditPrivilege	2760	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2760	msiexec.exe
Token: SeChangeNotifyPrivilege	2760	msiexec.exe
Token: SeRemoteShutdownPrivilege	2760	msiexec.exe
Token: SeUndockPrivilege	2760	msiexec.exe
Token: SeSyncAgentPrivilege	2760	msiexec.exe
Token: SeEnableDelegationPrivilege	2760	msiexec.exe
Token: SeManageVolumePrivilege	2760	msiexec.exe
Token: SeImpersonatePrivilege	2760	msiexec.exe
Token: SeCreateGlobalPrivilege	2760	msiexec.exe
Token: SeCreateTokenPrivilege	2760	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2760	msiexec.exe
Token: SeLockMemoryPrivilege	2760	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2760	msiexec.exe
Token: SeMachineAccountPrivilege	2760	msiexec.exe
Token: SeTcbPrivilege	2760	msiexec.exe
Token: SeSecurityPrivilege	2760	msiexec.exe
Token: SeTakeOwnershipPrivilege	2760	msiexec.exe
Token: SeLoadDriverPrivilege	2760	msiexec.exe
Token: SeSystemProfilePrivilege	2760	msiexec.exe
Token: SeSystemtimePrivilege	2760	msiexec.exe
Token: SeProfSingleProcessPrivilege	2760	msiexec.exe
Token: SeIncBasePriorityPrivilege	2760	msiexec.exe
Token: SeCreatePagefilePrivilege	2760	msiexec.exe
Token: SeCreatePermanentPrivilege	2760	msiexec.exe
Token: SeBackupPrivilege	2760	msiexec.exe
Token: SeRestorePrivilege	2760	msiexec.exe
Token: SeShutdownPrivilege	2760	msiexec.exe
Token: SeDebugPrivilege	2760	msiexec.exe
Token: SeAuditPrivilege	2760	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2760	msiexec.exe
Token: SeChangeNotifyPrivilege	2760	msiexec.exe
Token: SeRemoteShutdownPrivilege	2760	msiexec.exe
Token: SeUndockPrivilege	2760	msiexec.exe
Token: SeSyncAgentPrivilege	2760	msiexec.exe
Token: SeEnableDelegationPrivilege	2760	msiexec.exe
Token: SeManageVolumePrivilege	2760	msiexec.exe
Token: SeImpersonatePrivilege	2760	msiexec.exe
Token: SeCreateGlobalPrivilege	2760	msiexec.exe
Token: SeCreateTokenPrivilege	2760	msiexec.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2760	msiexec.exe
1284	MorphVOXPro.exe
1284	MorphVOXPro.exe
2760	msiexec.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1284	MorphVOXPro.exe
1284	MorphVOXPro.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1284	MorphVOXPro.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 1544 wrote to memory of 2384	1544	MorphVOXPro4_Install-1.exe	28
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2384 wrote to memory of 2760	2384	setup.exe	29
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 2376	2860	msiexec.exe	31
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1116	2860	msiexec.exe	37
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 2860 wrote to memory of 1516	2860	msiexec.exe	38
PID 1516 wrote to memory of 1916	1516	MsiExec.exe	40
PID 1516 wrote to memory of 1916	1516	MsiExec.exe	40
PID 1516 wrote to memory of 1916	1516	MsiExec.exe	40
PID 1516 wrote to memory of 1916	1516	MsiExec.exe	40
PID 1516 wrote to memory of 1284	1516	MsiExec.exe	44
PID 1516 wrote to memory of 1284	1516	MsiExec.exe	44
PID 1516 wrote to memory of 1284	1516	MsiExec.exe	44
PID 1516 wrote to memory of 1284	1516	MsiExec.exe	44
PID 1284 wrote to memory of 320	1284	MorphVOXPro.exe	48
PID 1284 wrote to memory of 320	1284	MorphVOXPro.exe	48
PID 1284 wrote to memory of 320	1284	MorphVOXPro.exe	48
PID 1284 wrote to memory of 320	1284	MorphVOXPro.exe	48
PID 320 wrote to memory of 2900	320	csc.exe	50
PID 320 wrote to memory of 2900	320	csc.exe	50
PID 320 wrote to memory of 2900	320	csc.exe	50
PID 320 wrote to memory of 2900	320	csc.exe	50
PID 1284 wrote to memory of 2716	1284	MorphVOXPro.exe	51
PID 1284 wrote to memory of 2716	1284	MorphVOXPro.exe	51
PID 1284 wrote to memory of 2716	1284	MorphVOXPro.exe	51
PID 1284 wrote to memory of 2716	1284	MorphVOXPro.exe	51
PID 2716 wrote to memory of 2744	2716	csc.exe	53
PID 2716 wrote to memory of 2744	2716	csc.exe	53
PID 2716 wrote to memory of 2744	2716	csc.exe	53
PID 2716 wrote to memory of 2744	2716	csc.exe	53
PID 1284 wrote to memory of 2512	1284	MorphVOXPro.exe	54
PID 1284 wrote to memory of 2512	1284	MorphVOXPro.exe	54
PID 1284 wrote to memory of 2512	1284	MorphVOXPro.exe	54
PID 1284 wrote to memory of 2512	1284	MorphVOXPro.exe	54
PID 2512 wrote to memory of 2668	2512	csc.exe	56

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MorphVOX Pro\MorphVOXPro4_Install-1.exe
"C:\Users\Admin\AppData\Local\Temp\MorphVOX Pro\MorphVOXPro4_Install-1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\MorphVOXPro.msi"
    3⤵
    - Blocklisted process makes network request
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:2760

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1C1B99C1E16E60C00EC774A15152DF81 C
  2⤵
  - Loads dropped DLL
  PID:2376
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 86E991FCDC89855729DC5FE9A453F4BA
  2⤵
  - Loads dropped DLL
  PID:1116
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F8C4D7D9275E42A817C147224338F18D M Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Blocklisted process makes network request
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe
    "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe" i "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf" "*ScreamingBAudio"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Modifies data under HKEY_USERS
    PID:1916
- - C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
    "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies data under HKEY_USERS
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nxcn4sil.cmdline"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:320
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7521.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7511.tmp"
        5⤵
        
        PID:2900
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\twltriok.cmdline"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES81AF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC81AE.tmp"
        5⤵
        
        PID:2744
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lxpvvxl1.cmdline"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES83C1.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC83C0.tmp"
        5⤵
        
        PID:2668
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\b-d-aibp.cmdline"
      4⤵
      PID:972
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES873A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC872A.tmp"
        5⤵
        
        PID:2484
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gehazuy6.cmdline"
      4⤵
      PID:2672
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8AE2.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8AE1.tmp"
        5⤵
        
        PID:2392

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:580

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B0" "0000000000000300"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2108

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{4b1cad5f-9638-2e64-6ab7-85207d3c7b05}\sbaudio-x64.inf" "9" "6892a7cef" "0000000000000270" "WinSta0\Default" "0000000000000554" "208" "c:\program files (x86)\screaming bee\morphvox pro"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2516

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem2.inf" "sbaudio-x64.inf:SBAudio.NTAMD64:SBEE_Audio:2.0.3.0:screamingb\audio&ver2:*screamingbaudio" "6892a7cef" "0000000000000270" "00000000000005B8" "00000000000003B0"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5c0
1⤵
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f77e091.rbs

Filesize
15KB

MD5
6d49db56f64ff5b74ca78dcababb3c75

SHA1
d0fdf7c8cfdde70a813a0b8813e7bf055f85483c

SHA256
43a00b832dc9e7ca03703213c0fd7943b2f5aafdc4efee635da50aedcd0f95fd

SHA512
d7d7688391cad73aafd8e8b20de78d0dccfd889d07e4e3f75de96ee7cfb4643aa1e90094925e3c48c14222d5fc7da9f40a584d0ed93be8f9bc539938c07cdd6a

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll

Filesize
53KB

MD5
94890b280164e74bacac5f0cca722957

SHA1
6f3821343e06174a5ca1ad1ca87007d04582c0ba

SHA256
61bc5b6cb3f3653cf36790cdb1caa6112716ce8062f595cfc4ced655c0ac5e75

SHA512
8231e18b065507a330856bc4ee9646bc927803c585ce552f71ef2394131e119062cdbc91427527b5a5e92cd9fd400beb30c5c7cb9e88cdd7b50d2d3664413c8a

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDSP.dll

Filesize
5.2MB

MD5
7543713986985305bd85b51f581eb9d0

SHA1
dd103c43b85747f291acf1debe06a99de6e66d36

SHA256
c23f25d246fe3f90c0146bd02a8ef1ccdcdda820116082f74b654b6186b213fa

SHA512
4da3fdbe6e91bdc4a0290191101a313abfda1e69e67b0b9c4f3fff1f0111653f36dbeb8837c8bb5ebf85e21f82ab3f6163efcb27222cea9ef91365efbfdde378

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll

Filesize
15KB

MD5
519b4f471c0bb28822046a25fbecf11c

SHA1
f50a819238fb8b1fbdda35b0b1779c8b6c968b4b

SHA256
b53dfc187630d89c441a118caeb3fbe2033867bc449afba7ecd5264bacefbfca

SHA512
490710fe5f78e5880a1d1c20c1a1bc1e13bfce43f790496970ae8a4fb255de4c53239646ae3aa60557681f9f4db8bf9809d49a34b9e63c705d66c66bbf117261

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallHelper.dll

Filesize
71KB

MD5
8086e91ac39c8adc715ae994bc93d935

SHA1
b1cd005c395596045c4bb7d18a13ce2f993fe3bd

SHA256
b676bd71846db1b2167cb2bcf0a9294561cca3c67562551d1a6b42b5dc7d799e

SHA512
6da05f011e8b0b121a9fffec80ab5da9360470ecb585c33362e5a214a801e7044dbd43b11e0966530de2b0d879b758e34bbea3fa7d3638b77ab140fb4ee265fc

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphSupport.dll

Filesize
558KB

MD5
c1c691392b1947ad091b127faea8a929

SHA1
d90ec473d0d2fdfdf6b76357919c55717a118375

SHA256
8fdf97c99d51f4c98f5f565840b3f9e9221679d06790a1c4d44d6b4be1318284

SHA512
8900a24119d08d5349b7ba0f4ba3b7bc30e172dce23d8380d47867e96a2f3becd3187c1471f050e3e90c9277affa878386a6eb61251f65a34d85195b65ceeb07

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe

Filesize
5.4MB

MD5
181dd9ea62063a3d42b5351f7a8fdb3c

SHA1
7c66088b6126f1e61ea857fec6b9740588052f74

SHA256
adeba1cc67207203a7753d41f6e303669fe1346c6836e515c180c8e89a298a0d

SHA512
9a5701c3772ef1e279a309750ad347618bc2d222d5353fad10a12d9618ab351c73bfb0d6ab4b92f776dda1629eabf182128a6903a5d3364ebb15b14053927e4f

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe

Filesize
5.4MB

MD5
181dd9ea62063a3d42b5351f7a8fdb3c

SHA1
7c66088b6126f1e61ea857fec6b9740588052f74

SHA256
adeba1cc67207203a7753d41f6e303669fe1346c6836e515c180c8e89a298a0d

SHA512
9a5701c3772ef1e279a309750ad347618bc2d222d5353fad10a12d9618ab351c73bfb0d6ab4b92f776dda1629eabf182128a6903a5d3364ebb15b14053927e4f

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe

Filesize
5.4MB

MD5
181dd9ea62063a3d42b5351f7a8fdb3c

SHA1
7c66088b6126f1e61ea857fec6b9740588052f74

SHA256
adeba1cc67207203a7753d41f6e303669fe1346c6836e515c180c8e89a298a0d

SHA512
9a5701c3772ef1e279a309750ad347618bc2d222d5353fad10a12d9618ab351c73bfb0d6ab4b92f776dda1629eabf182128a6903a5d3364ebb15b14053927e4f

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\OggVorbis.dll

Filesize
1.2MB

MD5
344af6d30b5cc7c835cc885afde870b6

SHA1
a538b020fda01b4cfcf206bddfa14db9029dba4d

SHA256
75dbcc6239e7fdf373b15d8323baf751faeb0b2eb628f20eab6ab63fd8f3fb5c

SHA512
9a375d8555a5c6adaf4e25bc9c96f99f56e8a6232036d00f490642e9a93df217604409145ec0499883661d054055f10689ecf9014a203c731f5704f14af28f4b

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf

Filesize
3KB

MD5
24b34f2a52988e4e4a60120647353cfa

SHA1
3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

SHA256
8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

SHA512
901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe

Filesize
55KB

MD5
f6fe452fca855571d55c0540c2210cc7

SHA1
e9ceef78724e91c764324268e0f41beab18a39d6

SHA256
2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

SHA512
9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

Download Submit
C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe

Filesize
55KB

MD5
f6fe452fca855571d55c0540c2210cc7

SHA1
e9ceef78724e91c764324268e0f41beab18a39d6

SHA256
2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

SHA512
9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\555e2cb11fa3f42f12811330601ff659_3406f593-57ce-4523-be0b-a609f93fe971

Filesize
1KB

MD5
70b3521d122a78d9ccd956d177332550

SHA1
060cc165903b9c15a1e12d4c75be989836ec831d

SHA256
4d51076a8859217fb65edd5fd0f5ccddd215069af98c41fa8ce188c1ae67ef09

SHA512
ebd44eb58e3ec75bea9b23137fa94ee321aedf3f605b9f07308d709caa330c0613953c37c729922ea312b29b97eb6863613d7d175ccedcb00272ea7545d32fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_8E2B44627F8CE0ED818B5AE857D9B5DC

Filesize
1KB

MD5
6b8f8a2494d768182e0d076d6bee42e8

SHA1
19c5791fe0fc2cf2fe6046463a20f5af100d11a3

SHA256
f465096aef6dd91cf3fd9f5d7ea0e263b4cfd707bf64903a467b9ed5232575e0

SHA512
e6200a4af8405980d54fca7cdcc36ae768eb424128aa6438e51464269fcf5c7ee5cdbc869552f62abbae0fff4b0ad78e595d33e426e39f562042249579129d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F

Filesize
834B

MD5
18c2fa5d39d52b19ed5039a2b424356f

SHA1
701d8ef4ac1de535832a460054aa2062b2b529cf

SHA256
37ab388c3485190f09dd2b71fb5d988121ef5566c2237432ccb55cedd301e118

SHA512
7b2ac466728ab3eb292f69d390edfd6b66ad48a99a6af60a18fd333ee15f96bf99d351803a82b347a7c5642a598b4ecc1a9b6a39dc130f4218cf05b87c7fa247

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_8E2B44627F8CE0ED818B5AE857D9B5DC

Filesize
404B

MD5
b7436edc907443954f297c5355395716

SHA1
da9b6ae87bbd1f40dd88091fb751b4b537f0c5ea

SHA256
ab5916c83e1b1bc7afe86c1a453404b440fbafae3ef2a63cf100db95eaaef7a6

SHA512
fd3ed7dba7f103f422c557f7c440be0eaaae9fa53bf03b8a6db1ac81cde21d233e8dab1b7f2429643b92936d4a686c0b74a76765f7223b8aa9629fd34ebd26b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6

Filesize
404B

MD5
6c49ae2cdf30df49f3d5c291e7eba6a6

SHA1
2cee3f55f0b0ef4ddd03e12718a67ce44fb89391

SHA256
8f5ce624b7c06b8f6c5811102b2460b0e349db59e6b8a00b04597390e8b1960d

SHA512
f35390fa668dc4fb70c21604a900941c287150d5ec4ea89b58de43353bfba4607d40a4b5d441b63db80efe7a89f56515413cc305e494ec71f111496c12e670b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F

Filesize
188B

MD5
88be75ec34b76eeaaa8330b503bc2736

SHA1
3d08b1fa3d3c088d10ef8708c1e06b18d2e49ffc

SHA256
dfcb0d94b16e4990435b3ed76b79a943e0c263f954f4e2ed6aac9aef7ab1e2d6

SHA512
b7ebbe0fe423adcaebb01ecfaab5f3003984c1766147829c543d65b1ddd9bf6b94f4d4c747af3e28e1de2de7ef1e48ead7352cf436d466a0ebf764324db76813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7153d513d6bcc6aad480b645be29c46c

SHA1
c6106bf6bc39fa8e74c1e87a35b373e26e17c2f8

SHA256
2cfdb27f7a88a392e3e8ffbff9bdc4f6e347cf42f472dbd95370c92bafc7a082

SHA512
1d01817f936603f73bcde5dfc5762cfa688a55bc75fc1db33a3635d61809f7ccf0267574ecf46ec10505ae423f8b7de503170776c6f309b0051cd1272b226730

Download Submit
C:\Users\Admin\AppData\Local\Temp\CFGE2E0.tmp

Filesize
123B

MD5
17af548f88a3199aa8a63a72201f470f

SHA1
4e64bb20a2f54d778ed684aa21abebad63a5c2c0

SHA256
a558dbe555749cd3bdd62060fdbba72720c4f4a186d5870b977ed2acf9721d9e

SHA512
08bdbc75f5fd4d9ec85c53253e4030ce7245b20ecc95e032835609c7c43a07d6c9e7776f48c5494a788a543240c0649a9f1a34a0e514ebc4dda5730953647338

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5AA0.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI60B0.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI617C.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B10.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\MorphVOXPro.msi

Filesize
5.2MB

MD5
5115801e9c7f581bf5efc38d2786b1c6

SHA1
26cba11df65c80fdeacf1fac153e6623095f0242

SHA256
0f829c1ea837039cef75874721b7e8538daaa69a4d1730717ea65c6823c2618d

SHA512
0a0565cabb778044abfc1020961cc13ab16deb602c240dbb80e7b5148f85235d1d17b1b9e060872a2e9907d922cfd6db96a20eae39dc66ea39472c4f46dd837e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4B1CA~1\ScreamingBAudio64.sys

Filesize
38KB

MD5
8b56bdce6a303dde63d63440d1cf9ad1

SHA1
c51b124eea04b6388b313bd3494891cff5b394cf

SHA256
66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

SHA512
e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4b1cad5f-9638-2e64-6ab7-85207d3c7b05}\SBAudio-x64.cat

Filesize
7KB

MD5
54edf263c49e02cd6b6794d7a8d312be

SHA1
30ccf63aa2b614263a4c38f9bfdba812d6d85996

SHA256
c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

SHA512
3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4b1cad5f-9638-2e64-6ab7-85207d3c7b05}\sbaudio-x64.inf

Filesize
3KB

MD5
24b34f2a52988e4e4a60120647353cfa

SHA1
3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

SHA256
8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

SHA512
901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

Download Submit
C:\Windows\INF\oem2.inf

Filesize
3KB

MD5
24b34f2a52988e4e4a60120647353cfa

SHA1
3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

SHA256
8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

SHA512
901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

Download Submit
C:\Windows\Installer\MSIE246.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
C:\Windows\Installer\MSIE246.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
C:\Windows\Installer\MSIE2F3.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
C:\Windows\Installer\MSIEBCC.tmp

Filesize
60KB

MD5
46b24723e5126a6f7a3a7d6facee18a7

SHA1
1cbcaa27406d66115814231977b970a805726a2c

SHA256
d14b73d7a21be2a97dcea3e6a997fc846406bf2c699370acd769aa7f097aaec2

SHA512
f3ad9a1ae3f55058bfc256441d62b4110b38e1f2b3328e09ad47805f1c312cdf67b313e5f5a67d19fa128e0082d08dd79f1fff6ea3fc49bf544b733a827b626d

Download Submit
C:\Windows\Installer\f77e08f.msi

Filesize
5.2MB

MD5
5115801e9c7f581bf5efc38d2786b1c6

SHA1
26cba11df65c80fdeacf1fac153e6623095f0242

SHA256
0f829c1ea837039cef75874721b7e8538daaa69a4d1730717ea65c6823c2618d

SHA512
0a0565cabb778044abfc1020961cc13ab16deb602c240dbb80e7b5148f85235d1d17b1b9e060872a2e9907d922cfd6db96a20eae39dc66ea39472c4f46dd837e

Download Submit
C:\Windows\Installer\{75B956F9-D72D-4929-B695-120D70E8AEE1}\_7849E9CC259521D32D7A6A.exe

Filesize
102KB

MD5
b011a4a55df9c8d2f8113445c059ee0e

SHA1
e6e733724a3c3c45093feaaa9d0578a41b0b0d2b

SHA256
b0f73ec2b4eedc632cb1a314edcd855bf0ba50cdedae138746a606934a20eb0f

SHA512
df1dfb1edcc0f95ea819cc6dfe0da47e2294f249ad5a1a9cc7fc4520e35a6abf92b3b41681c44267373839fe2e36cbcd98474ec4b6cdaa31040f455ea3d0eadc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_7B21B1879692B91DD3F23589CB604185

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_8E2B44627F8CE0ED818B5AE857D9B5DC

Filesize
1KB

MD5
6b8f8a2494d768182e0d076d6bee42e8

SHA1
19c5791fe0fc2cf2fe6046463a20f5af100d11a3

SHA256
f465096aef6dd91cf3fd9f5d7ea0e263b4cfd707bf64903a467b9ed5232575e0

SHA512
e6200a4af8405980d54fca7cdcc36ae768eb424128aa6438e51464269fcf5c7ee5cdbc869552f62abbae0fff4b0ad78e595d33e426e39f562042249579129d02

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F

Filesize
834B

MD5
18c2fa5d39d52b19ed5039a2b424356f

SHA1
701d8ef4ac1de535832a460054aa2062b2b529cf

SHA256
37ab388c3485190f09dd2b71fb5d988121ef5566c2237432ccb55cedd301e118

SHA512
7b2ac466728ab3eb292f69d390edfd6b66ad48a99a6af60a18fd333ee15f96bf99d351803a82b347a7c5642a598b4ecc1a9b6a39dc130f4218cf05b87c7fa247

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_8E2B44627F8CE0ED818B5AE857D9B5DC

Filesize
404B

MD5
91b20d90291cb283af35d3a814ac9ba2

SHA1
1f96d7b567564473d7895ab5cba74c52408ef6a1

SHA256
72d901b3aca0b7b3fa9989285cdbacb9ee7b27ae807afc6d795ed2bc25a3737f

SHA512
038674cd00ebff2840cdb3237497a3f8ae7cade8e8226099400bdca7298ac5df0248aeab43d39fee7312692d8b7241a17d082584080be2fd275def6beadb09f5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6

Filesize
404B

MD5
3b072c82bdb76e1dbe45f709ce4f9304

SHA1
f4db51b6a92404635a90475c34522e0cf9ce3ba2

SHA256
f3678424127a50b9be99f54fa06c7222e0382816cd91503d180d180982c0509a

SHA512
49e353cf4e0cc0ea2017f646e3bb95ff2abaee7671bce170aba12690c623fdda7f327df2d79e3864d1efe5442e8b8a19efa51798ef1b494349f0d943349c05e3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F

Filesize
188B

MD5
a6c57b3f4b344ca71c8fd0e57deaec4e

SHA1
7ea7306ad27071a397192b196effd88638fd3913

SHA256
b9d40d1002bad78af24e68e20e9222d09528c980ea48abe14aec5f6ce2641fe9

SHA512
cd34c7a2baf2f12a0d010e885843e5a3c7aaee83e730ec14f9621753f1170ddd61fa23ebe36ab14140af7b3a08f1f64741f8ac915943fceb8dd5f21b06d817e7

Download Submit
C:\Windows\System32\DRIVER~1\FILERE~1\SBAUDI~1.INF\ScreamingBAudio64.sys

Filesize
38KB

MD5
8b56bdce6a303dde63d63440d1cf9ad1

SHA1
c51b124eea04b6388b313bd3494891cff5b394cf

SHA256
66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

SHA512
e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

Download Submit
C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_neutral_cede75ee029e14f7\SBAudio-x64.cat

Filesize
7KB

MD5
54edf263c49e02cd6b6794d7a8d312be

SHA1
30ccf63aa2b614263a4c38f9bfdba812d6d85996

SHA256
c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

SHA512
3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

Download Submit
C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_neutral_cede75ee029e14f7\sbaudio-x64.PNF

Filesize
12KB

MD5
d5d39a21365db9383e3d001504c87923

SHA1
0950271e734dd13cb7d5311b4bb62d43cebc969c

SHA256
e24639aad01d3b3371ea5ab196b010e7c4aeaf597f35d9176440e7d9af645563

SHA512
b0d6eb8b6ed46c4e675df6143bbd28ee2bc0e937afdac6f6e6a936c6411378600fdb908cd3e0f5854f1b13d6d3b03e0ea9153e6238284ca34e46bb4aa397c500

Download Submit
C:\Windows\System32\DriverStore\INFCACHE.1

Filesize
1.4MB

MD5
7a35f5d061c1d23f83590016de8f9273

SHA1
0ff1b8372fac92f9ac712255d4a85e4354cf59c6

SHA256
3016eb4fe6613d08468da82b5a55f10ed67e859c1801b3a0d202753452eb2cbd

SHA512
e70810311d96892c3fb9dfe264e98b8a62c1f767195d4ea2c7a2f9afa785367935de6a1bdc478b82dd9ff0dd1aebc7a6279fdd8122e862f1f3f28f34eaef1f6c

Download Submit
C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET732.tmp

Filesize
38KB

MD5
8b56bdce6a303dde63d63440d1cf9ad1

SHA1
c51b124eea04b6388b313bd3494891cff5b394cf

SHA256
66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

SHA512
e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

Download Submit
C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET733.tmp

Filesize
7KB

MD5
54edf263c49e02cd6b6794d7a8d312be

SHA1
30ccf63aa2b614263a4c38f9bfdba812d6d85996

SHA256
c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

SHA512
3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

Download Submit
C:\Windows\System32\DriverStore\Temp\{6e9fa42d-392a-4917-c5fa-5d5cadf53e03}\SET734.tmp

Filesize
3KB

MD5
24b34f2a52988e4e4a60120647353cfa

SHA1
3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

SHA256
8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

SHA512
901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

Download Submit
\??\c:\PROGRA~2\SCREAM~1\MORPHV~1\ScreamingBAudio64.sys

Filesize
38KB

MD5
8b56bdce6a303dde63d63440d1cf9ad1

SHA1
c51b124eea04b6388b313bd3494891cff5b394cf

SHA256
66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

SHA512
e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

Download Submit
\??\c:\program files (x86)\screaming bee\morphvox pro\SBAudio-x64.cat

Filesize
7KB

MD5
54edf263c49e02cd6b6794d7a8d312be

SHA1
30ccf63aa2b614263a4c38f9bfdba812d6d85996

SHA256
c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

SHA512
3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll

Filesize
53KB

MD5
94890b280164e74bacac5f0cca722957

SHA1
6f3821343e06174a5ca1ad1ca87007d04582c0ba

SHA256
61bc5b6cb3f3653cf36790cdb1caa6112716ce8062f595cfc4ced655c0ac5e75

SHA512
8231e18b065507a330856bc4ee9646bc927803c585ce552f71ef2394131e119062cdbc91427527b5a5e92cd9fd400beb30c5c7cb9e88cdd7b50d2d3664413c8a

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll

Filesize
53KB

MD5
94890b280164e74bacac5f0cca722957

SHA1
6f3821343e06174a5ca1ad1ca87007d04582c0ba

SHA256
61bc5b6cb3f3653cf36790cdb1caa6112716ce8062f595cfc4ced655c0ac5e75

SHA512
8231e18b065507a330856bc4ee9646bc927803c585ce552f71ef2394131e119062cdbc91427527b5a5e92cd9fd400beb30c5c7cb9e88cdd7b50d2d3664413c8a

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll

Filesize
53KB

MD5
94890b280164e74bacac5f0cca722957

SHA1
6f3821343e06174a5ca1ad1ca87007d04582c0ba

SHA256
61bc5b6cb3f3653cf36790cdb1caa6112716ce8062f595cfc4ced655c0ac5e75

SHA512
8231e18b065507a330856bc4ee9646bc927803c585ce552f71ef2394131e119062cdbc91427527b5a5e92cd9fd400beb30c5c7cb9e88cdd7b50d2d3664413c8a

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDSP.dll

Filesize
5.2MB

MD5
7543713986985305bd85b51f581eb9d0

SHA1
dd103c43b85747f291acf1debe06a99de6e66d36

SHA256
c23f25d246fe3f90c0146bd02a8ef1ccdcdda820116082f74b654b6186b213fa

SHA512
4da3fdbe6e91bdc4a0290191101a313abfda1e69e67b0b9c4f3fff1f0111653f36dbeb8837c8bb5ebf85e21f82ab3f6163efcb27222cea9ef91365efbfdde378

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll

Filesize
15KB

MD5
519b4f471c0bb28822046a25fbecf11c

SHA1
f50a819238fb8b1fbdda35b0b1779c8b6c968b4b

SHA256
b53dfc187630d89c441a118caeb3fbe2033867bc449afba7ecd5264bacefbfca

SHA512
490710fe5f78e5880a1d1c20c1a1bc1e13bfce43f790496970ae8a4fb255de4c53239646ae3aa60557681f9f4db8bf9809d49a34b9e63c705d66c66bbf117261

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll

Filesize
15KB

MD5
519b4f471c0bb28822046a25fbecf11c

SHA1
f50a819238fb8b1fbdda35b0b1779c8b6c968b4b

SHA256
b53dfc187630d89c441a118caeb3fbe2033867bc449afba7ecd5264bacefbfca

SHA512
490710fe5f78e5880a1d1c20c1a1bc1e13bfce43f790496970ae8a4fb255de4c53239646ae3aa60557681f9f4db8bf9809d49a34b9e63c705d66c66bbf117261

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll

Filesize
15KB

MD5
519b4f471c0bb28822046a25fbecf11c

SHA1
f50a819238fb8b1fbdda35b0b1779c8b6c968b4b

SHA256
b53dfc187630d89c441a118caeb3fbe2033867bc449afba7ecd5264bacefbfca

SHA512
490710fe5f78e5880a1d1c20c1a1bc1e13bfce43f790496970ae8a4fb255de4c53239646ae3aa60557681f9f4db8bf9809d49a34b9e63c705d66c66bbf117261

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallHelper.dll

Filesize
71KB

MD5
8086e91ac39c8adc715ae994bc93d935

SHA1
b1cd005c395596045c4bb7d18a13ce2f993fe3bd

SHA256
b676bd71846db1b2167cb2bcf0a9294561cca3c67562551d1a6b42b5dc7d799e

SHA512
6da05f011e8b0b121a9fffec80ab5da9360470ecb585c33362e5a214a801e7044dbd43b11e0966530de2b0d879b758e34bbea3fa7d3638b77ab140fb4ee265fc

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphSupport.dll

Filesize
558KB

MD5
c1c691392b1947ad091b127faea8a929

SHA1
d90ec473d0d2fdfdf6b76357919c55717a118375

SHA256
8fdf97c99d51f4c98f5f565840b3f9e9221679d06790a1c4d44d6b4be1318284

SHA512
8900a24119d08d5349b7ba0f4ba3b7bc30e172dce23d8380d47867e96a2f3becd3187c1471f050e3e90c9277affa878386a6eb61251f65a34d85195b65ceeb07

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\OggVorbis.dll

Filesize
1.2MB

MD5
344af6d30b5cc7c835cc885afde870b6

SHA1
a538b020fda01b4cfcf206bddfa14db9029dba4d

SHA256
75dbcc6239e7fdf373b15d8323baf751faeb0b2eb628f20eab6ab63fd8f3fb5c

SHA512
9a375d8555a5c6adaf4e25bc9c96f99f56e8a6232036d00f490642e9a93df217604409145ec0499883661d054055f10689ecf9014a203c731f5704f14af28f4b

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe

Filesize
55KB

MD5
f6fe452fca855571d55c0540c2210cc7

SHA1
e9ceef78724e91c764324268e0f41beab18a39d6

SHA256
2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

SHA512
9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

Download Submit
\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe

Filesize
55KB

MD5
f6fe452fca855571d55c0540c2210cc7

SHA1
e9ceef78724e91c764324268e0f41beab18a39d6

SHA256
2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

SHA512
9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

Download Submit
\Users\Admin\AppData\Local\Temp\MSI60B0.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
\Users\Admin\AppData\Local\Temp\MSI617C.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
\Users\Admin\AppData\Local\Temp\lui4EFA.tmp\setup.exe

Filesize
462KB

MD5
9fce2d296eca20422595cb2ebb285e4e

SHA1
60055dc602cc8b6ae362e8aa094c63b35b2f77e6

SHA256
4f07042af9dfdb0a6273173beea3ab4cc9147c13546efcf86ea74cdb864117fd

SHA512
70ad54053a897f70cec5beed14bf95bee44a3937814bfbe9a1fcfae5e6f40ceb5b8552bc28d8e143e4a515bdd5be1f46befb3627305e3526b35ed4fb0ae36b37

Download Submit
\Windows\Installer\MSIE246.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
\Windows\Installer\MSIE2F3.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
\Windows\Installer\MSIEBCC.tmp

Filesize
60KB

MD5
46b24723e5126a6f7a3a7d6facee18a7

SHA1
1cbcaa27406d66115814231977b970a805726a2c

SHA256
d14b73d7a21be2a97dcea3e6a997fc846406bf2c699370acd769aa7f097aaec2

SHA512
f3ad9a1ae3f55058bfc256441d62b4110b38e1f2b3328e09ad47805f1c312cdf67b313e5f5a67d19fa128e0082d08dd79f1fff6ea3fc49bf544b733a827b626d

Download Submit
memory/320-328-0x00000000003C0000-0x0000000000400000-memory.dmp

Filesize
256KB

Download
memory/972-382-0x00000000020A0000-0x00000000020E0000-memory.dmp

Filesize
256KB

Download
memory/1284-434-0x00000000089D0000-0x0000000008AD0000-memory.dmp

Filesize
1024KB

Download
memory/1284-435-0x00000000089D0000-0x0000000008AD0000-memory.dmp

Filesize
1024KB

Download
memory/1284-307-0x0000000002330000-0x0000000002370000-memory.dmp

Filesize
256KB

Download
memory/1284-309-0x0000000002330000-0x0000000002370000-memory.dmp

Filesize
256KB

Download
memory/1284-284-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1284-285-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1284-316-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1284-320-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1284-321-0x0000000002330000-0x0000000002370000-memory.dmp

Filesize
256KB

Download
memory/1284-322-0x0000000002330000-0x0000000002370000-memory.dmp

Filesize
256KB

Download
memory/1284-286-0x0000000002330000-0x0000000002370000-memory.dmp

Filesize
256KB

Download
memory/1284-308-0x0000000002330000-0x0000000002370000-memory.dmp

Filesize
256KB

Download
memory/1516-306-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1516-169-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1516-281-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/2512-357-0x00000000004C0000-0x0000000000500000-memory.dmp

Filesize
256KB

Download
memory/2672-428-0x0000000000340000-0x0000000000380000-memory.dmp

Filesize
256KB

Download
memory/2716-339-0x0000000000500000-0x0000000000540000-memory.dmp

Filesize
256KB

Download