hxxps://adobe-after-effects[.]download-windows[.]org/adobe-after-effects-x64

Resubmissions

06/04/2024, 14:19

240406-rnb5gacb8x 1

06/04/2024, 13:32

240406-qsyzcsca74 1

06/04/2024, 12:23

240406-pkz11sab5v 8

Analysis

max time kernel
1800s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://adobe-after-effects.download-windows.org/adobe-after-effects-x64

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\ScreamingBAudio64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\SETF43E.tmp	DrvInst.exe
File created	C:\Windows\system32\drivers\SETF43E.tmp	DrvInst.exe

Executes dropped EXE 3 IoCs

pid	Process
3716	SBDriverInstaller.exe
4032	SBAudioInstallx64.exe
4336	MorphVOXPro.exe

Loads dropped DLL 64 IoCs

pid	Process
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
4712	MsiExec.exe
4712	MsiExec.exe
4252	MsiExec.exe
4252	MsiExec.exe
4252	MsiExec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
3384	MsiExec.exe
3384	MsiExec.exe
764	MsiExec.exe
764	MsiExec.exe
764	MsiExec.exe
764	MsiExec.exe
764	MsiExec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
2336	MsiExec.exe
2336	MsiExec.exe
4816	MsiExec.exe
4816	MsiExec.exe
4816	MsiExec.exe
4816	MsiExec.exe
4816	MsiExec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
3580	MsiExec.exe
3580	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
4180	MsiExec.exe
4180	MsiExec.exe
2544	MsiExec.exe
2544	MsiExec.exe
2544	MsiExec.exe
2544	MsiExec.exe
2544	MsiExec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
2356	MsiExec.exe
2356	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
2740	MsiExec.exe
2740	MsiExec.exe
1980	MsiExec.exe
1980	MsiExec.exe
1980	MsiExec.exe
1980	MsiExec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_cede75ee029e14f7\sbaudio-x64.PNF	SBAudioInstallx64.exe
File created	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SETF1FC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_cede75ee029e14f7\ScreamingBAudio64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_cede75ee029e14f7\sbaudio-x64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SETF20E.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\sbaudio-x64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\ScreamingBAudio64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SETF1FD.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SETF20E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\sbaudio-x64.inf_amd64_cede75ee029e14f7\SBAudio-x64.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SETF1FC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SETF1FD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3b5f5be0-1df5-4547-8dff-79afa6022a2b}\SBAudio-x64.cat	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Screaming Bee\Batch Converter Plug-In\InstallHelper.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\VST Plugins\surrounddelay.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Modern War Sounds\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sfx_audition.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Voice Splicer Plug-In\InstallHelper.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\Workspace Templates\Gigglebot.mvvst	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Galactic Voices\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\ScreamingBAudio64.sys	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\Workspace Templates\Droid.mvvst	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Farm Animal Sounds\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Sci-Fi Sound Pack\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\Workspace Templates\Echo.mvvst	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Sci-Fi Voice Pack\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Furry Voices for Second Life\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Sci-Fi 2 Sound Pack\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Ancient Weapon Sounds\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Sci-Fi 2 Sound Pack\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Text-To-VoIP Plug-in\sapi.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Spooky Sounds\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Creatures of Darkness\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Male Voice Pack\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\File Streamer Plug-In\Plugin-FileStreamer.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\EULA.rtf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Workplace Backgrounds\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Batch Converter Plug-In\Plugin-BatchConverter.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Fantasy Voice Pack\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Furry Voices for Second Life\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\AppData\Skins\DefaultSkinPro.sbskin	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Translator Fun Voice Pack\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Female Voice Pack\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Batch Converter Plug-In\InstallHelper.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Galactic Voices\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDSP.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\File Streamer Plug-In\InstallHelper.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Text-To-VoIP Plug-in\InstallHelper.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Voice Splicer Plug-In\ReadMe.rtf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Voice Splicer Plug-In\InstallHelper.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\Plugin-EffectsRack.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\AppData\Presets\Default.sbpreset	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Deep Space Voices\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\File Streamer Plug-In\EULA.rtf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.SpeechLib.DLL	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\AppData\Sound Effects\Miscellaneous.sbfx	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\ScreamingBAudio.sys	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\sbaudio-x86.cat	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\VST Plugins\VSpectShift.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Modern War Sounds\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\morphoff.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Text-To-VoIP Plug-in\Plugin-TextToVoIP.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Text-To-VoIP Plug-in\Interop.SpeechLib.DLL	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Effects Rack\InstallHelper.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\Male Voice Pack\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBAudio-x86.inf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Creatures of Darkness\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\sfx_prev.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Comic Sound Pack\MorphVOXCheck.InstallState	MsiExec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\muteon.ogg	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Blue Satin Skin\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBDriverInstaller.exe	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Batch Converter Plug-In\EULA.rtf	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\Special Effects Voices\MorphVOXCheck.dll	msiexec.exe
File created	C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\AppData\Backgrounds\default.sbback	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIE992.tmp	msiexec.exe
File created	C:\Windows\Installer\e58e73b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5C40.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F01.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6BA1.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\e58e727.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI299D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7744.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI77E1.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E00A5837-482C-4DCE-B4CC-D16B343374E1}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI23CD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67E4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7329.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2834.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58e741.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58e75a.msi	msiexec.exe
File created	C:\Windows\Installer\e58e795.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3F28.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5EC2.tmp	msiexec.exe
File created	C:\Windows\Installer\e58e78c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFCD1.tmp	msiexec.exe
File created	C:\Windows\Installer\{C1A6E1A4-B337-41B5-B580-30EB1FF76D56}\_6FEFF9B68218417F98F549.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{C1A6E1A4-B337-41B5-B580-30EB1FF76D56}\_6FEFF9B68218417F98F549.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICDB.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	SBAudioInstallx64.exe
File opened for modification	C:\Windows\Installer\MSI37F1.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D16C611D-CA6F-402B-9EDA-9862CF4A701B}	msiexec.exe
File created	C:\Windows\Installer\e58e781.msi	msiexec.exe
File created	C:\Windows\Installer\e58e740.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5A68.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAD4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58e732.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58e737.msi	msiexec.exe
File created	C:\Windows\Installer\e58e75e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFC82.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1C93.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58e74b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6447.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4014.tmp	msiexec.exe
File created	C:\Windows\Installer\e58e75a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A76.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC7C.tmp	msiexec.exe
File created	C:\Windows\Installer\{5A53F620-6A7A-4362-94AD-12D9FCB856E1}\_6FEFF9B68218417F98F549.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI14CF.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\Installer\MSI5449.tmp	msiexec.exe
File created	C:\Windows\Installer\e58e768.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7049.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4A2D.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{573F9269-A022-4C6F-97BD-CF1316A76369}	msiexec.exe
File opened for modification	C:\Windows\Installer\{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}\_6FEFF9B68218417F98F549.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI32DC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4970.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI789E.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{13304708-E115-4044-82DA-88A6F5424359}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2D3A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5749.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{956F54F5-0AA4-441D-8933-7B45F4F56F74}\_6FEFF9B68218417F98F549.exe	msiexec.exe
File created	C:\Windows\Installer\e58e755.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2E0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58e78c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6FAB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI446B.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	SBAudioInstallx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	SBAudioInstallx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	SBAudioInstallx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	SBAudioInstallx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	SBAudioInstallx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	SBAudioInstallx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	SBAudioInstallx64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	SBAudioInstallx64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	SBAudioInstallx64.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0556D7BF06296E24388CFBA3E74544F2\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MorphVOXAddons\\Skin-BlueSatin_Installer\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93AD2302448CEA346B83A6F4476986E6\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MorphVOXAddons\\VP-FurryVoices_Installer\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9CF8D198D6272F64DA0C0E066ABED13C\DefaultFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4FCFE31E3BBADDD40B70CE4330C1281F	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0556D7BF06296E24388CFBA3E74544F2\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7385A00EC284ECD44BCC1DB64333471E\ProductName = "Ancient Weapon Sounds"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\148F092FD440FE44E915FFEF7AEF2E7D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\MorphVOXAddons\\SP-Animals_Installer\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49E415A634C3C441A9EF185DC536296\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\MorphVOXAddons\\SP-ModernWar_Installer\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79E688B4B5FA0F64F984B60E13949D27\Version = "16777217"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79E688B4B5FA0F64F984B60E13949D27\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MorphVOXAddons\\VP-Personality_installer\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5F45F6594AA0D1449833B7544F5FF647	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9629F375220AF6C479DBFC31617A3696\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|Special Effects Voices\|MorphVOXCheck.dll	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\026F35A5A7A6263449DA219DCF8B651E\Version = "67239947"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75D2CD268BA7181499B46CD255CF6E4F\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F1E3C4F5CF78DB142B914E51B6DBA85E\SourceList\PackageName = "VP-Fantasy_Installer.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\522A749D32C825E468E6FC937674B6CF\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\026F35A5A7A6263449DA219DCF8B651E	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|Farm Animal Sounds\|MorphVOXCheck.dll\MorphVOXCheck,Version="1.0.2.0",Culture="neutral",ProcessorArchitecture="MSIL" = 37005f005f007a00760058003d00340031003d006d00710038007a007a0030006d006b0048006e003e00240039004b004a0036002a00600070004100380063002b00710060006200750029004b002c00380000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49E415A634C3C441A9EF185DC536296\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|Furry Voices for Second Life\|MorphVOXCheck.dll\MorphVOXCheck,Version="1.0.2.0",Culture="neutral",ProcessorArchitecture="MSIL" = 350061005e0045002d007e0052002400690039007d00730054005400410060004500380051004b003e004c002e004d004b0073005d003d0076003600250030002600570032006e004b00760076006b007a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5AA85FD129FCC6D4C8B920C7B05C09A8	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|MorphVOX Pro\|Interop.SpeechLib.DLL	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75D2CD268BA7181499B46CD255CF6E4F\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0556D7BF06296E24388CFBA3E74544F2\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75D2CD268BA7181499B46CD255CF6E4F\PackageCode = "79000CA036800E6459E8A56072994BEB"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\955DFF8A25BB9BE43927164F443D3EA6\68FBE17F37A90C446A4755AFE3A44882	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|Deep Space Voices\|MorphVOXCheck.dll\MorphVOXCheck,Version="1.0.2.0",Culture="neutral",ProcessorArchitecture="MSIL" = 350047007600460049006e005f002b0035004000570078006b0067005800520045004b00750042003e0031005a0068002700260075007d005300430032003d0072006b00540041005700760025002b00650000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\522A749D32C825E468E6FC937674B6CF\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E4EBAEF7DE71B043AC5BA7B3649B65E	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19C830CB6C3D34E448936B9567EF9773\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F4C4C319E3E96A146A41B1CD31252A52\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\80740331511E440428AD886A5F243495	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|Voice Splicer Plug-In\|InstallHelper.dll\InstallHelper,Version="1.0.0.18448",Culture="neutral",ProcessorArchitecture="MSIL" = 42002e006100250045005e006d0072006000390056004c0034006a006e006c00510021004c0071003e00630072002e0027003000620031003f006800670067002b006400380066007e00320057005f00750000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\148F092FD440FE44E915FFEF7AEF2E7D\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D116C61DF6ACB204E9AD8926FCA407B1\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68FBE17F37A90C446A4755AFE3A44882\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C86793C7E2866445862D2A84CB467F8\SourceList\PackageName = "VP-TranslatorFun_Installer.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BA22A238A279C4E4893287EE9993AC38\5F45F6594AA0D1449833B7544F5FF647	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4A1E6A1C733B5B145B0803BEF17FD665\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93AD2302448CEA346B83A6F4476986E6\Version = "16973825"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9CF8D198D6272F64DA0C0E066ABED13C\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E0E23CC201A9CCB4490F16F45873F595\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD570F5B704D4F4FBA229C2AC5807A6	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\52DE9344DE9D87E44AE1C6C6D5ECED26\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\52DE9344DE9D87E44AE1C6C6D5ECED26\ProductIcon = "C:\\Windows\\Installer\\{4439ED25-D9ED-4E78-A41E-6C6C5DCEDE62}\\_6FEFF9B68218417F98F549.exe"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\52DE9344DE9D87E44AE1C6C6D5ECED26\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\522A749D32C825E468E6FC937674B6CF	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19C830CB6C3D34E448936B9567EF9773\Version = "16973825"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F4C4C319E3E96A146A41B1CD31252A52\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C44AEB11EFCBE504C96733FE04A73445\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C44AEB11EFCBE504C96733FE04A73445\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5F45F6594AA0D1449833B7544F5FF647\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7385A00EC284ECD44BCC1DB64333471E\Version = "33619969"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68FBE17F37A90C446A4755AFE3A44882\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\812CEC76052BC4B42BF35A79CED81B35\ProductName = "Deep Space Voices"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\522A749D32C825E468E6FC937674B6CF\ProductName = "Female Voice Pack"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93AD2302448CEA346B83A6F4476986E6\SourceList\PackageName = "VP-FurryVoices_Installer.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C44AEB11EFCBE504C96733FE04A73445\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4A1E6A1C733B5B145B0803BEF17FD665\SourceList\PackageName = "InstallTextToVoIP.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Screaming Bee\|Ancient Weapon Sounds\|MorphVOXCheck.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49E415A634C3C441A9EF185DC536296	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9CF8D198D6272F64DA0C0E066ABED13C\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79E688B4B5FA0F64F984B60E13949D27\ProductName = "Personality Voices"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4824	msiexec.exe
4824	msiexec.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
752	MorphVOX.Pro.v4.4.17.22603.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
1092	chrome.exe
1092	chrome.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
3524	taskmgr.exe
4824	msiexec.exe
4824	msiexec.exe
3524	taskmgr.exe
4824	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3524	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe
3524	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4336	MorphVOXPro.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 4948	4836	chrome.exe	86
PID 4836 wrote to memory of 4948	4836	chrome.exe	86
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 3740	4836	chrome.exe	89
PID 4836 wrote to memory of 2204	4836	chrome.exe	90
PID 4836 wrote to memory of 2204	4836	chrome.exe	90
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91
PID 4836 wrote to memory of 556	4836	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://adobe-after-effects.download-windows.org/adobe-after-effects-x64
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff897b79758,0x7ff897b79768,0x7ff897b79778
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:2
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5220 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5920 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5144 --field-trial-handle=1860,i,1549973239881705428,14910649648334400879,131072 /prefetch:1
  2⤵
  PID:752

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MorphVOX-Pro-4.4.17-Deluxe.zip\MorphVOX-Pro-4.4.17-Deluxe\╨ó╨╕╤à╨░╤Å ╤â╤ü╤é╨░╨╜╨╛╨▓╨║╨░.cmd" "
1⤵
PID:1592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\╨ó╨╕╤à╨░╤Å ╤â╤ü╤é╨░╨╜╨╛╨▓╨║╨░.cmd" "
1⤵
PID:3548
- C:\Users\Admin\Desktop\MorphVOX.Pro.v4.4.17.22603.exe
  MorphVOX.Pro.v4.4.17.22603.exe /S /Q
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /x {5F075DA5-407B-4F4D-BF2A-922CCA85706A} /qn
    3⤵
    PID:3604
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphVOXPro.msi" /qn ALL_USERS=1 SHORTCUT_DESKTOP=1 TARGETDIR="C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\"
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\BP-Workplace_Installer\BP-Workplace_Installer.msi" /qn
    3⤵
    PID:936
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\InstallBatcher\InstallBatcher.msi" /qn
    3⤵
    PID:4592
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\InstallFileStreamer-EN\InstallFileStreamer-EN.msi" /qn
    3⤵
    PID:3524
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\InstallTextToVoIP\InstallTextToVoIP.msi" /qn
    3⤵
    PID:4640
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\InstallVoiceEventManager-All\InstallVoiceEventManager-All.msi" /qn
    3⤵
    PID:3440
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\InstallVSTFXManager\InstallVSTFXManager.msi" /qn
    3⤵
    PID:4892
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\Skin-BlueSatin_Installer\Skin-BlueSatin_Installer.msi" /qn
    3⤵
    PID:4640
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-AncientWeapon_Installer\SP-AncientWeapon_Installer.msi" /qn
    3⤵
    PID:880
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-Animals_Installer\SP-Animals_Installer.msi" /qn
    3⤵
    PID:1516
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-Comic_Installer\SP-Comic_Installer.msi" /qn
    3⤵
    PID:4420
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-Fantasy_Installer\SP-Fantasy_Installer.msi" /qn
    3⤵
    PID:4180
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-ModernWar_Installer\SP-ModernWar_Installer.msi" /qn
    3⤵
    PID:3220
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-SciFi_Installer\SP-SciFi_Installer.msi" /qn
    3⤵
    PID:3512
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-SciFi2_Installer\SP-SciFi2_Installer.msi" /qn
    3⤵
    PID:5000
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-SpookySounds_Installer\SP-SpookySounds_Installer.msi" /qn
    3⤵
    PID:2428
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-CreaturesOfDarkness_Installer\VP-CreaturesOfDarkness_Installer.msi" /qn
    3⤵
    PID:3772
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-DeepSpace_Installer\VP-DeepSpace_Installer.msi" /qn
    3⤵
    PID:1476
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Fantasy_Installer\VP-Fantasy_Installer.msi" /qn
    3⤵
    PID:4380
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Female_Installer\VP-Female_Installer.msi" /qn
    3⤵
    PID:3980
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-FurryVoices_Installer\VP-FurryVoices_Installer.msi" /qn
    3⤵
    PID:1692
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Galactic_installer\VP-Galactic_installer.msi" /qn
    3⤵
    PID:4140
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Male_Installer\VP-Male_Installer.msi" /qn
    3⤵
    PID:3332
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Personality_installer\VP-Personality_installer.msi" /qn
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-SciFi_Installer\VP-SciFi_Installer.msi" /qn
    3⤵
    PID:3440
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-SpecialEffects_Installer\VP-SpecialEffects_Installer.msi" /qn
    3⤵
    PID:3580
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-TranslatorFun_Installer\VP-TranslatorFun_Installer.msi" /qn
    3⤵
    PID:1396

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4824
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E16E31FC25BA6D24EEEE8CDE98FCEFA3
  2⤵
  - Loads dropped DLL
  PID:4712
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 33CF0154EEE6B327386A1E7761FE3FF9 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  PID:4252
- - C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBDriverInstaller.exe
    "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBDriverInstaller.exe" i
    3⤵
    - Executes dropped EXE
    PID:3716
  - - C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBAudioInstallx64.exe
      "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBAudioInstallx64.exe" i "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Drivers\SBAudio-x64.inf" "*ScreamingBAudio"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Modifies data under HKEY_USERS
      PID:4032
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 62AF7870C9E367592F60A87DFA5028A3
  2⤵
  - Loads dropped DLL
  PID:3384
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 52CC612C2A8C63593A14B54FDE71D605 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:764
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C833AC5D879ACDC50AD8168B7ECCB928
  2⤵
  - Loads dropped DLL
  PID:2336
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 239D55346956AFB8A1D34CE7EA5014D9 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:4816
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C6EA0E57028AD51B5C9E5A80365443F1
  2⤵
  - Loads dropped DLL
  PID:3580
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6B50EDF16B9A4E0E12B92F99A0493608 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3572
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ABC39E8A46F68EDFC332FC9DF1D6F59E
  2⤵
  - Loads dropped DLL
  PID:4180
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 725ED689BCBBA2B4236A530752D25915 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:2544
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8AA4C788D8789B64081E2D13000097F1
  2⤵
  - Loads dropped DLL
  PID:2356
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B575552A17EF78A70217898E27D32F21 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:4828
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D0412A906F273E502803E231F8770831
  2⤵
  - Loads dropped DLL
  PID:2740
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2F419185B64E0D129A640DAA71898EF6 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:1980
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8C7438B72B655207478601A878F83700
  2⤵
  PID:2976
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0842E5CFC7C3C44B518A169683EFA01A E Global\MSI0000
  2⤵
  PID:1696
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F5A9D332476D94ADDF5F088989A1E309
  2⤵
  PID:4468
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 367978F0651028F5CECDBF04CB227A2D E Global\MSI0000
  2⤵
  PID:4612
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 70D8C27E000788D9580FC9A14BC0310F
  2⤵
  PID:2740
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4D2E3A92D6925763AC2ABAE3BD4BF829 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:4892
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2193CE1FA0F58AEE860C0D995792EEBC
  2⤵
  PID:3796
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8D1F5FED39E778B1009FCA2DCE4A0750 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:3312
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F240F02ECDC5134D44EBB2C6A35E74D1
  2⤵
  PID:4488
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 51A2A19D2A40DF7C79724AC0834E5F1D E Global\MSI0000
  2⤵
  PID:880
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A753D53DBAFAF3FB92ADD9571B90560D
  2⤵
  PID:872
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D48EACEDC77A14C91A7F10FCEBF52064 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:4452
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C1A1E26BD3377D418EB08C57358CC3D1
  2⤵
  PID:2976
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9D658724560F6BA7DA24703C223FD8BB E Global\MSI0000
  2⤵
  PID:4596
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 033B8590211CFD19DD297C41713D6D77
  2⤵
  PID:3368
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F19F8BEE789D2BCD92B31D0216C329A0 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:1328
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0AA252EC1908A6D40BD7109FD9B5483E
  2⤵
  PID:1516
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F44BA6DE91E0C4C95DDECF4AAC7A8BD5 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:4452
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 43D745AEB880739E7C9B251DB5A93491
  2⤵
  PID:4016
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2D8A196A3760D5A2BD9DE220464BC4AF E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:3580
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8C0D17C9E0EA68AE7336A756249EE791
  2⤵
  PID:1352
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4087469C5951658861AE69A540E8D098 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:2532
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3D8B67309259DE484A583F680E555B10
  2⤵
  PID:4764
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8438531F7382B193F92FDEA057F70344 E Global\MSI0000
  2⤵
  PID:1492
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9F4D8CC96A4C750E72D81484AAE97BCE
  2⤵
  PID:4228
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A14B2B82E901BC5971ED6A68AD6079C1 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:3512
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0E366B6783A94CC0BD3ED1C8B60040BF
  2⤵
  PID:3896
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5791170FC0EF4416DCF415465B120A6D E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:4892
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6A7F7AC95EB761C0F36E560B8A051C22
  2⤵
  PID:3680
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding FEDEE61C076DB87F619DB9ACDD58A747 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:4572
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 104BB8496C7CB80CDBB4D49BCBD44B8A
  2⤵
  PID:4816
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B7E9E5B26DF39EAA415865C5184E52BB E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:1176
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 630F01F6C14DDFEDAD795E8F6A44CCDE
  2⤵
  PID:4592
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9E1550E51C426BA247FEF2B31F86C833 E Global\MSI0000
  2⤵
  PID:1452
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5470C35542C071291F2F141A3ADEFE17
  2⤵
  PID:3940
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 235314EDA54058D5FD198FF56D2F74D7 E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:4336
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8E2392E6EDE0759C24C21AB4D5FDE626
  2⤵
  PID:2992
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 48AE29F8256D88333AD838FA32D0267B E Global\MSI0000
  2⤵
  PID:4304
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8704C118D44DFD5B05825BDCCEDE3BF4
  2⤵
  PID:3260
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C248287F061D4AE99A4B1C396549059F E Global\MSI0000
  2⤵
  - Drops file in Program Files directory
  PID:2636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:1444
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "c:\program files (x86)\screaming bee\morphvox pro\drivers\sbaudio-x64.inf" "9" "4892a7cef" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\screaming bee\morphvox pro\drivers"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3244
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca1187927c7b:SBEE_Audio:2.0.3.0:*screamingbaudio," "4892a7cef" "0000000000000148"
  2⤵
  - Drops file in Drivers directory
  - Checks SCSI registry key(s)
  PID:4584

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3524

C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
"C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4336

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x53c 0x540
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58e712.rbs

Filesize
16KB

MD5
ab27d073612157e90d3aae25ac8c764e

SHA1
3a115a9fa0e5130291c4015e889dd9806d8ec87b

SHA256
dd7c409a5356353584efd0732380f5586916660d1b83032d2cd2a3fda9a9178f

SHA512
c72fe14e433bf4300d0ec2317dac7c329d2b477b1b82f254c5bd662668830b241aafedfe0f5f2ecbfa8393ee55d6fdd4e83be142751ea9261353c40369c30af0

Download Submit
C:\Config.Msi\e58e717.rbs

Filesize
8KB

MD5
dbee39c27b53b7872bc2d0b5efda92e0

SHA1
30e1c0c25e67fb603706230bdac6685914c124f9

SHA256
8372300fe3f76f830c569d2b064b8abf0572bd6af85c8648c25d9c8b1ef83e58

SHA512
63aba72d7cba9e53ea678041d14b07e4b1b479b483cce672fdc3af3cd120df7f6f561d48503efec01b22c6cac9894685bc731025d76240873351bb1a9f1ee139

Download Submit
C:\Config.Msi\e58e71c.rbs

Filesize
9KB

MD5
1f90246e0de94547ab10bbe13b97029a

SHA1
52fbc6d2b2d0afe79d04c50338dc8068fba81b58

SHA256
2e7cfb14d33ca6d2f12b7dd9cba6080f166451fa2a4d5d50957ade7d3770a3a4

SHA512
aaa908a36569d314d9d5d41c577b36dd25c6f76b51f2fee1622c03fdf6ba1718cc656e3dd29da1407e0ee37e0cf8c4cb857619cdf422173817c716840beab75e

Download Submit
C:\Config.Msi\e58e721.rbs

Filesize
9KB

MD5
b67cfed6716f38f6db8140a104a14a2b

SHA1
92b5b8f4eb216e3b8e1d0dadcd07a0232bc572c0

SHA256
d591ef3530500d6700a4a6663c6a39a76083d87c46b4bb2b928e0a18c045118b

SHA512
b7d06d5ece50a5c9a7f95bcd3639054339dd3965aa3c0c1134d0aae3ebc53a68738cc23d73d37742ee64e16ab9c9eac470ff56abdc11b83b1aad73a73b4ac945

Download Submit
C:\Config.Msi\e58e726.rbs

Filesize
9KB

MD5
16bbf860b53d40882e2d74b4e5e93b93

SHA1
79cc5b31d320633f1967c8068dae4dab913e7a92

SHA256
ef9f43ad392472ea5354dd34d8a2dd59e829e82fd64d0ca6781a8efa4fc31a31

SHA512
030a0c2272facac5103f680ca4de55ee5361268121c5431c8a7a278510b57d2e890d681f662185d330e9c235ffb80f9a2159b2761cb5177c00dfdafd3216becd

Download Submit
C:\Config.Msi\e58e72b.rbs

Filesize
9KB

MD5
8582bdd997835cb03c4db380840d46a3

SHA1
eb2b92f014e9b601339d55f91178453f69ad2c21

SHA256
0996b7afe1cdc65e10c674cf6fa8df30f843403f777e181ffed737fc680a30e5

SHA512
c38b90dae0b4d9edf49dac9864c5180bd0c39a86c83cadc348ca3eb352f5c93b07f4a48e2f9487819dbedea5114b23189eb0e9898cae2ea7e83993929a19670a

Download Submit
C:\Config.Msi\e58e730.rbs

Filesize
11KB

MD5
4fba45d621e63582ad749cf73f7a5f0b

SHA1
6d77094915bac34079f487fd549cfe081db1e563

SHA256
699d23cfdfa3be98733718f79cf9361193fd3455e350eb1251dc9a28d909fd77

SHA512
06b0fb4036f72034ded10c2d8157a0d77ad26c55d334d7ce4048396872efa1842c86a74c37617d129c3cbcfd829677224b5d4685fd0ecd8916289e7a8db743a9

Download Submit
C:\Config.Msi\e58e735.rbs

Filesize
8KB

MD5
918b6478db1b9feccb2a1b215a49c5d1

SHA1
409dd86b61beaaa5ab3be344e15d7a7fce4c25bc

SHA256
43d23b1d0048606f70ab9831d76f98db4d692d9e1d9b04dab3229ff6f754f4c4

SHA512
e23d449e64e7973e80d0d941f0580e71f0b57ac0ef271458ca1a9aa03f2a2a4ee9bf7a63584d8fb93140ca8c65250bbddf7bb431fa59709b89d2689905c91353

Download Submit
C:\Config.Msi\e58e73a.rbs

Filesize
8KB

MD5
f08d6fb6f5ef9e49d1f57fca928d3bd1

SHA1
4619d64894a67766c8d67ac1372da49ebee906ea

SHA256
3dc4167e0b6783d18386c3ca85e17de297cf8fae686955a55537d633ded40c3c

SHA512
bfdca3e10a5ce16359b43227aa5f0c1ac0202e11ca075ac560d4521042b268693b0aaaf3de8f5739997fe09d493330740433d7bc70f552454edd4d44badb93a1

Download Submit
C:\Config.Msi\e58e73f.rbs

Filesize
8KB

MD5
e14d80e3fc23646bf6a11a7ee8127cc3

SHA1
1ed4854212e64fbf1df204d130060285fa9af7be

SHA256
059b7202d08d36356598281f05e0bd8b8f3bc592d7c7a4626d7e96bdd5913b77

SHA512
ed5dc2bcb0cec993abc0b97441d2a79b9bf3933e787ec56d801b9fbfe831d212f44da37f2ded9ac40e1271ab0238d6dacf8a364448502ef42239b3517e3c47cf

Download Submit
C:\Config.Msi\e58e744.rbs

Filesize
8KB

MD5
5d1ccb2ba8871f28b538ac4c66934116

SHA1
70ab0819c19bcb08cd6b3ecdfc6c9fa25ffc0e86

SHA256
d0c6a1a6deba6ebaeac313d3a7e4c5949a6ee24f762ab6b55868c8c9e9e9cca4

SHA512
dc672a9b7e30b109a0272153e19cd191dbce12c28ca8a60f0acd8a0aef1eddd0320bfe0d36ad9fe38c9ebe36095e3b191feef63f6561bcae402150f6ee79463d

Download Submit
C:\Config.Msi\e58e749.rbs

Filesize
8KB

MD5
0a9abe6b4c91fbf43188f65ba8012071

SHA1
5b6fbad1008e7cbedd3ff74f7afa70a5598cbae1

SHA256
08068b1010e148f7a0fbe41631d3c5613cefce8a0a7bfd8d50702b5d5ef36632

SHA512
be6ef15241a98c800671b30e9c26ab102a68c471021fcbb159743d1134352062035857f8e33271c84e808d5ba48c160202c6c892c9c46c894bb2153a86227a28

Download Submit
C:\Config.Msi\e58e74e.rbs

Filesize
8KB

MD5
7c43e4f180e5639fe6c0810a701b296b

SHA1
4a59df051dbc17f0b97c416ccc21063ff64cf95c

SHA256
ccfce16afd030f14523721239eeeb68257506ffb2b3eee2768fbf06f0f937742

SHA512
186b3fde472fc5797bec4b82b65647ede58f5af9b50bf9f2a754115221e9b8d6f878b7ff252b85aa5ff14ae1c8b957299651c4a25eec199ea635da8b2ed704af

Download Submit
C:\Config.Msi\e58e753.rbs

Filesize
8KB

MD5
14f3f0a850109ac6fbc286f9ab96537a

SHA1
dd5135e8e8a92ecdcc01429294225b345b6c151e

SHA256
3c985d71191245c5b4306b49850ed10b0e33c7ab6c795c3be31e888ebac950a6

SHA512
28ad7413bc73c38be61500fe2bd529309595108278e6c5ab88844f712ba53d7e7d68383efaac4ed8457c2dbcaacd8b1bd015600dc392bdd9516ec805a3c96851

Download Submit
C:\Config.Msi\e58e758.rbs

Filesize
8KB

MD5
d0d240b49ec8a27658edb60e36acda4a

SHA1
8d80b472353fe3cb3ff9ebadd70373b1640b2d79

SHA256
bbe362ede428345c34cfb6815c08cbabc6e59cabc4d2496bba41ed7517a581ed

SHA512
a2d8b5da6c3b894167242ed8eb6c756225b46376a2500100fcd99e1da2a343f9e2041868c940766283ca02a41770c0f1522c758072ffbe117ac09888cbc8c019

Download Submit
C:\Config.Msi\e58e75d.rbs

Filesize
8KB

MD5
871fe42b7e5c3d0b82268df108aa8207

SHA1
d821de578676d9ae234c52e8500385606dfacb77

SHA256
f045544ad3d537f10b87523e846b8e698dec46fe94b637cdf32d840e0f2fa227

SHA512
e2d6513a2cef09df894150f81dbf0d567a754b51d8ecb25a0200f0ccd8b623b38e23c32d1db1c14a68428ff2b083ef5b28b241e2d43c7c45a0faded50d92a1ca

Download Submit
C:\Config.Msi\e58e762.rbs

Filesize
8KB

MD5
20864617f5d0e5e58adc791af9f5ba36

SHA1
7264a4ddafd8bb434a86b83f52e03c1b39f37da5

SHA256
8017382d2b4c2232e60183ecfbccd161b1a56177e0e81ec415bd3e28a98d81c1

SHA512
fce7208ccfe29492d61f206aac079d4e9fda9ea73cb9d8613ae8957f4847ea9e4871e692c1b4a3c101ee47ec692997fdd1644938237d10e645aa77ad7c1e777c

Download Submit
C:\Config.Msi\e58e767.rbs

Filesize
8KB

MD5
ae7f82a96d60325e6c5b7472c18ea013

SHA1
305760857be1c1b37d25a301b0e99e0e10e75b6a

SHA256
cd15858d6c052a32139d7457e0f2b7542874994e68bbbaa3d294cb949cc79922

SHA512
ec9d381c23ca539e6302849f366a5df18d364596768dec65a3347595b42be64b898aa4b3eff626ef98689e98bfa6ecff152494d3d8c371190441b664b4e21d38

Download Submit
C:\Config.Msi\e58e76c.rbs

Filesize
8KB

MD5
41b5f90f322f95e06c4bec1adeb66f5b

SHA1
848d9943a3c0ed2e3bed9d2eef1a6bada89e7004

SHA256
8e3366d9ddf134620fe92f6efbed63d8474b34145e70a9e778e92e03e297235d

SHA512
6dd5f70bb6a887c0f60841a200a0cc329f5d3dee5a44a58d4659fcb58ba47bf2719d466f0c4d1dbcaf18c65e5470afb0defc6a8064749deb73236550c109093d

Download Submit
C:\Config.Msi\e58e771.rbs

Filesize
8KB

MD5
c9da212857d068a72e06e7f30e3e0a48

SHA1
6daa401e258ee9c6aa41cd359425fa9df181e37d

SHA256
d2f51be9ecb157524e36f9319c2d7b41cac1f8f3fa2f3ad696352f6c2cabcec9

SHA512
a827f01bdcb26c110a9b420e28dab56d2ea81b92718eb55e9f91b64e45af69c65f3a928cafb8525031531bba2a88ab96655e8d69533b125fcb520ed917de6162

Download Submit
C:\Config.Msi\e58e776.rbs

Filesize
8KB

MD5
3185665435ff3e8104871bf88b0c544d

SHA1
8ea715ed481135f5d16fb4eaf307a07656e1876f

SHA256
b352c16b306306c67b8cc11606d80273399d680db8e129d1f31d2936451d18c9

SHA512
d366dcb6e6cb1400e1c25e06c4c5f2e485060445d5633a8302d703385d87c38a639ba12c7e3fe8be7edd3403c3f3e091c62445eaf5b61dfb70517be5900fde7a

Download Submit
C:\Config.Msi\e58e77b.rbs

Filesize
8KB

MD5
c30177a5c494cc1a6177e7b14664f7ac

SHA1
2e77d5244fd6114cfa144fe281f471ca004795ce

SHA256
e84faa88f9cd8ff6e772cfdedd1d3f937d5ab72dc166a07ef62fa4a7a3c91d94

SHA512
e2f02f71c9caba2fcf7fe36126d28b8150cad00f23782b4356ee3ae07676f76afa8b69fa3109d9af66f547267632fb0e779750beeaa5306897917728bf20a695

Download Submit
C:\Config.Msi\e58e780.rbs

Filesize
8KB

MD5
f7828b6dbb16d6dcb41db9d67ae921f8

SHA1
9fbea642b625abc73054e85c913e87a65d6c67ff

SHA256
1ed71ea4c1600f978ce816e2c1903113d4d419c7dc02a29f008a3c9dd63fb8ea

SHA512
0f3ea3eac9e6b8d8f48b650095c8f86ee65ec9e43428e31bd9bf8c079eb8ba5175b26ba743e286c1949ca448c2a2eea0f72fcc6d6ef7bfa83e830fed5d41e2f3

Download Submit
C:\Config.Msi\e58e785.rbs

Filesize
8KB

MD5
9f61f145a19c96b65872d6ba5806f2d6

SHA1
dbb74167b3586605c1dc9aecd492db2d5833769b

SHA256
7e8d4b007ad6eb2d8d67a36884d2648d9a8b2a74e0712fda89f6436382f1a519

SHA512
1f6d6adf85f3af4fba4b6353c72337d6fa84effcf27b27b552a02d05dc663d4e51aa4f11bf82298a40797ddb3e0bdd1d70d25c4eb34fb23658fe7dde2878bfd7

Download Submit
C:\Config.Msi\e58e78a.rbs

Filesize
8KB

MD5
5e1622d4e4deef01c51b935a2cbc18fa

SHA1
cfa2bb4f34fc6dce3f70e173a8feb6446c13afed

SHA256
f116cc7783e53ff76e953f58f5a5e835a9876eb6f00a7f0decb4c5a2afd85bc0

SHA512
e9e4919971bf2a6e6a83f39508d2f75c7c4b987514eee031fe5bda988d0ead4559912ea72b7e9a1dc4bfc6a32991c59c76ced39c5b34bdb82d55d05dd842924e

Download Submit
C:\Config.Msi\e58e78f.rbs

Filesize
8KB

MD5
ff24693cfc461b724336dc08e6e94144

SHA1
5a52fd3f687adca4ab69987c38dc8fb18e114d56

SHA256
1a0544e0a3c1fc09bd4f344c859807d5e59aef80b55e9d8531315afdca2a51ff

SHA512
fd11ee818bf0d2682a9b4f61e42d680410d9074696aa1491ff72a51e63e9c70c20449f86524dffa89889e1bfd200b3d9ee4dbc65f95f85aab52a1a9b98a95eb9

Download Submit
C:\Config.Msi\e58e794.rbs

Filesize
8KB

MD5
06b834b05fbfd272055842b2d9ed9649

SHA1
c815e53fa436d68494642b45976ce7137fd066cc

SHA256
c79793848e7fbf1674cf80f5ec867fbab35e95a7878311483a097c81177f3d4c

SHA512
2097fdb700a368e13eb4d87de43a410b17ff2bcf342d6ad1f4849ce8c89845f2df0bf15e26736b4dbe670daad4a872d0d9919c86f054c38fed211ef4aeb19579

Download Submit
C:\Program Files (x86)\Screaming Bee\Voice Splicer Plug-In\InstallHelper.InstallState

Filesize
1KB

MD5
9450b18a8f86faffc765bd567b89f521

SHA1
52acd08c64339977a812dee6a3d7d9abe0b296c8

SHA256
d1189d9132ede992b0e052ba41e4834e6e25b5c5bb8359742221c1334f15f477

SHA512
110dbc146b72268f8c38ad99243e12b23ea025093b24ae3e08517e97ea3a8c626d44457ff49503d5854c349d5fdb0181bb3839044142b6ea7f9b4287933e6101

Download Submit
C:\Program Files (x86)\Screaming Bee\Workplace Backgrounds\MorphVOXCheck.dll

Filesize
32KB

MD5
1d52f5ec5f63a6d8c3f504dc52f387e2

SHA1
c6c5a03bfbad019ce0f167a64a219b692633a303

SHA256
8bf4e5deed09c5723f0eb753102b49a884e3e8506688c05599c5ed264e906330

SHA512
e16dc7acc49d25a35a760744ec10a15c0057ea965bbfe9b39ea688ed2f5fcb5ff8baa86843b56badd11ea11a0853c08a077b1c38d0f871c56156d29314f956f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
33KB

MD5
956996c24062dcecfdfc2ac0a6250452

SHA1
11a42ce1499c5f401bf07030c92308da5bed93bb

SHA256
de9c94f3c1e07707ccfa93f87788f40aa13a19715ac50cdb8e906b349ab58fce

SHA512
d7f034d6c014c84bd6f61366acd2093ecc6ad63143bc6849eec8200623d8ab10185d25bcce29c7d58b711f3a56ac46fbebb1b6ab40b64073191bd13a7367e85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
74KB

MD5
36e8ae174669f991dded90c9da479a90

SHA1
afd43da283712742e710c49ebe1d75baf8a0d30c

SHA256
611cf9fde5ea4e716bf1d67b39d70a3a492231944d4c9f17090ac448265c1224

SHA512
5b19c4b5acdfe147074fd4b4fef3d6aefa322a08ac86f2c37afbeba07a0b2ec2ea9d63334a46ab73e4bb066821b1ada8908a37f9fc5bf54c2c7a34531a9e3dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
65KB

MD5
245a3377be49975611caf9d72efc104e

SHA1
0a5165786ce59eb3b2b622d681bd0eaade33231c

SHA256
f6960a61657412e6cac00e0ecc7e022f0d901f904ffcbe47b448bde55edd0ca6

SHA512
f43986231f2651553bd0a1600bc6b5dc98c5cd1c4872889c76d0d4c92db01f4ef6489136cb25bdf38590e7f7c519a9dc20917cb7a9cfe0076ed86d252c37984e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
42KB

MD5
b683029bafe0305ac2234038a03e1541

SHA1
12f8c193902e99348493ace32e498031bf79b654

SHA256
18e6b5ff511b90edf098e62ac45ed9d6673a3eee10165d0de4164d4d02a3a77f

SHA512
44823904027dd2e901429bff1672132600ae6895486ebcfd3b97a5315635104bb1d555f614dc5fdca9645b01c65056d2d55842351b1324290c163a2451307e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
18KB

MD5
a4d8bcebf094e348166f20cac4ac1a1f

SHA1
eb7cce356ae41f5326076be8bd40c3848c3919b1

SHA256
8202d126a1bd9699b9d97ff51bf012337200b44be67f0f64140b16edd458e802

SHA512
eb3d21f668803a04062b321d6d7ef4ecb0078c19c15e01f8b9c62879e5822d6a117a12bf98683266f7d1a76b895652f38880d88ded2dd54232489668e5f734b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
26KB

MD5
8404cfed82d322c1be8e149fd9f40eb8

SHA1
3e3657246db3b889e68d520904ac294a230db56d

SHA256
8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f

SHA512
47ea700f6173773136f46bbe61563c1a7cc7314b6be85286be064c273927f48cc57fad00331549316b29ec42f89baceb5acf456d918842f6aa54927555bce7db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
28KB

MD5
d3c0fddab45272867f6c8b763cbb835f

SHA1
fae509ff264d07cb49d115eb7b4d3a49259c62bb

SHA256
14230beb67faf9696f3d8d323e6ba7a7f3ddecf593fe185c449694943fa5d6b2

SHA512
2d9e1880e70804d0aca1c5b775ea87036ec022e3f789a6e38f6954a623542c7ba96cc9bb312292cf0e256895871dce1a623df5fdb83c7d328bfbced9fb029f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
21KB

MD5
680183a3cc6ba8623c71908e6465d7ab

SHA1
43c03946ebf52cc70efc9f96cdd9f368882472a5

SHA256
63f59bc0b830d02e117315bfeb516755c071815b9fc55d66b953bc602554c9b8

SHA512
55708a8cd78d153c251107a58af198ac55c23426ca6e20ca84e2a66dc8f278ccb1e9dfaff3c1087f3ba79c3c80d59cf342866bde376bdb200b4d4f72ca33cd96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
91KB

MD5
1aaa500e7ee26e8e2c81523c4966e89a

SHA1
cc4df4666e6b52b4be27e4d5df5691eba83ebb04

SHA256
c114e62af64c682c61a5d8289ab7fa29b5363e5600de5882c041591416238c1a

SHA512
98500f01659f842098190ba1f147321c298d8d847d5039e61b157bbd4531d8af230280b1d52c09f312406297b5a9f1b7cac0454d7e05d04d0d299d7757877c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
72KB

MD5
8254fdc9b597351d30fcb68906f0db47

SHA1
b4e6c4b38db7ec57232fea14ef425de5ba0ec006

SHA256
38e2080e1e0a60a2a31e596892acc2091db6026d355532330c02134f73c60bc6

SHA512
1df111fdf79bcc51e4779c1ef522d507fadd63427456d19a210d320b6a30b6bc845c3ff52de838b59d00afa7ac1badeda3575eb8a598343348f97276d3e6e14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
87KB

MD5
e2196e2a0d97a39f98d7a17c9ff512c9

SHA1
af40580f3e97e2e502567cee4f306757deeb5465

SHA256
3b7f0807cde1769942a3bb687a9d8a15d33fdd03e080c3626481fd1995937fb3

SHA512
1577a1dcbb88f749c5fa72cf94b70f3a335c8a7eb20b10b212c1f2daf50992a4d39fac9242a2a510393d3caf2a18a6dbe03012985178c783e8636f8dbbbfeff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d3788efe984c32a1850f062d1809b9a5

SHA1
abfd99c2b99ec7f37469c62e3fdd32c0f2a04bad

SHA256
368b9631fa336e1ab5d52737e782e2896d79cebd6998d54a382175da4b28e0ad

SHA512
f29306c9718acfc24618acb08cc722f7c47b625735c00eff4103fe02d3c03ec912af0f92f5699a732811a9c767d52ef4a52aa6e7589448804ad1aa0ece1ab506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f2beb3b185668770438f6fc24ed4e8d4

SHA1
b5511ca02b5111ebf639b998c5d4f1b4e441b22b

SHA256
44740b4245c56ab83ca2b94fc1e277c518ce4f8abe307c0e6d9367a5848f2726

SHA512
e3c2386c289aae5e9b3babccc124e4c2ea619d4178b3619246aa8cfa7d1f1dda53047e2400e98aa22e841a85553506f382af05d09de3c74a8e41115e43f3d162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
364f6b4d71acdd9c83e1dc1d3540922d

SHA1
e955ade48ce769a8968bf79a9a0b4e5e77147d13

SHA256
32a0885dbf4cc05327e549e120fbfe4cae9675d916a2ed5fc418da6336c6aeed

SHA512
5c26d5cb2ff83ad9d8b8eb129aea11bab37114130c3f5a9571f485fc4b6b8ecfe971fc55e66878fcd64d92ce38c665206f32ebc1f7866012be4b125fc3d42cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8f9e508b5ee6a65a637e8d0ef4c52357

SHA1
8d1582d3513b9135713168ebb7e044ceb4e67beb

SHA256
8a51b9d64d23d8a22233c28389cda1e05a713366943520ab2ca549a47c4e46c4

SHA512
93e2b5692c47529bba9f34a2fd344e59275ac8d4a1cde9b08148d10c3b744f857f1adb424e2578e3e61dde55f18daf464b96cdabf91f17b129e5252b20696e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bb3320d7993403e0e310e849ace3914e

SHA1
6d4f46745270f0c1c66cfe256ea771f3d6c5789c

SHA256
7a49f4278065b008f4632bd5c238733d3eab774dbee816b5091eb85dd51724b8

SHA512
15827f5077c8269965fbf234368a45d6a9af2e26f3347f8a9301d158ebdbc35b3d781f03d65d1f71d5c7bc628d0e7396b9560758db0366530e6cd71b5538c69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0eb87f8d4b9212d6d08c57a1b71e0f54

SHA1
ff4ec3e43f8937169a3af7aed0119500f333ee8d

SHA256
349ef539fb3842246eb597b961b8b4710c58a0220bb4c4c5299b25b088e60419

SHA512
55ea958defcb3d7a4eed710567fe5e9e3e65367c08c12298300fc19f48cd0a30ce3ecdd9ea66dc0e5ea78b722ef259f1548c4265cb5562a835786a1980a06fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8c24a7292978f096fca52ed6ca32771a

SHA1
4a195b1c223583de0da70265247f37e57d38e5d9

SHA256
e4beb44839bf99b546b1334cfbff4bbcbee1da3a6398d3ca913f0793e48418ee

SHA512
8b687f3a3fe01e724cb39df8aed6335abb3bc771fb5958f5f403bd53a56b35d0553fa3b4ac70318991cc1d2af808d85d2a3f300539f4dc3e519d0705c34cc67c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
81d80aa13a8598e9ef0c76ebb1cff4fe

SHA1
b3e887795ce2a5c44a144d8061a43e13c9538bf8

SHA256
3b7f9e34386e3b0343f744e10c801c4d0f8371a10b40f4fd89ed41633c2a38de

SHA512
d0377f5b3fe381bd09090e92acfd8248f08eef3d17fbb668c664dd50791bde8e703becc8e78662284d47799508db425acd68ad737b29a656e2f3d2222763f2a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d9cac1eaae3a5ac7a4bb0e6501c0a69

SHA1
e823c5d2ed85937f02b979b909b461b55a81729d

SHA256
847f1a50ded15477a670f9ec6d4026c9b8a09252a6089209939b795a09788d0b

SHA512
ed1289961c1085b956077bbba75b36bc16ffe196645789278f7de1aec1427d119e3315eda03bdcf8035976552872f2bdcf6b28e60c8a30ec7e5df7646026642a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
753b2cfe51547f0c4047c83807d86fb7

SHA1
7b97a5be1ee6628560ce5db246d15484624b1bdc

SHA256
64b608b7e8952cf81636a48bb01e5666916b972fafecb7d19ec3cb8e10fdc121

SHA512
c81e96a178eb2fdfe6cc8eb4722b69339298185f4f75e173c592a1eba2cafa4227fbfb8d5f95d4c2d4dc4c9b392a4ccdbad1c429c58422c05ceb709892f92017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e53aa2de87b975444d197a6dc53e0bc0

SHA1
d8d3f4ece082595922afc75ba1ea86c61e43f8ce

SHA256
ffd5514e37748b508cd2795ce5d87948863c94f80f80c91ae66536a941ed4201

SHA512
98317efc687229189ae72679af3f13b845aa8698a64e03622154f7b334f26f724a0042cf597fbfde501226357d95ad1c66bf9e13982fb48f0803cfc28eb733a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c739d980bea47eef97c8478eeedad010

SHA1
f6176e7ec12c1c0e3ae2f287d4e3f0494aaad9de

SHA256
61912e626f4348d2da4b6b02b0e3c6440d162764216c1eafe2a45fd1c7d8fac4

SHA512
76bca9f2eda43cf271578543b8705ec2c10468db2cfdda267f4dd52ae5ef3872a3c73e56f6c4e67646b5d86a1b4fe4d04518b20305aaae227eb175b6f15f77a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
faded9ddfaef63f30bb7e989cbf69099

SHA1
e5c4aab84cc9d68591bca78cbafbf6b32c2d6a0a

SHA256
a62fcd0d0a1c1187015e619fdafa08f213138dbe9da059b955ab820b433c465a

SHA512
4e82899e50956b9769b8fc25ceea30cc49ae955609fb434bd58c6d87bb26e48a728d7b40b49617307d86a89134a8ddf549abac03879857e8c717779f1dce674e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fea2771dddc4e874e6932ea2072a5d6f

SHA1
01f96699409027ed3976a3fbde3df2cb38913b36

SHA256
3edf10e9ad56d3f2268fc81d96cff2d374434678318ec9951df2f7a49cc92c6b

SHA512
8880f40e48d6dec10de01a26c89519593307f30f9de3fefce4f251c3837dc5d0bdcecc0e500aff62ae35e30215368828364505ac8398f2057120d21b2a33e594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f9cdd49230366334a3dab88e7d41d07

SHA1
96eb125e9add4d5b7adc7fdac3c25ffb7c1ed77c

SHA256
71dd52fb6c02088b0f223b28084b761424a935448de38f96f77933b452e60a25

SHA512
765c73ef6f75b808b7e94feb4595e94d670285d368b1ccdc58a9ad9351c8932095edf8724dc9475dfd8e4a8bce58aa234394576efdc4a0ffeb989462ad3d8ddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6fee3803a7962b5a0e3911709aee13d

SHA1
acdf78dffabe222b2c2986a86b648b21fa43ad5f

SHA256
b8a000200c05d4905ea1223b9acd64094f1e53f1f8c7bcec8339d79a2dc8d58e

SHA512
afe308cb785b4a1371110f35707f40eaa46f6f886d3951f54ef95a184702a1dd1590b6e8f6970edd9593d10499f0267a907927b98011d2709ce56824d52bd514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3b807ad93aef8f99c3be5b2b2f8a63c

SHA1
cd71f1a192ae6432678bd5c6a7d90476bb355fa8

SHA256
ea671ea1e60f5b013031b1cafb07b8b7d29154aa7bed280baf9e1dd38bc5b5fa

SHA512
a1e131bcad31ab449ab8efd3bc344a15a2f59af0aa508b44c4085b199d1e1d36a1e750b5e9ae93467b837884e10757db4180ccd8cddfe93a03b5d3abcf40c86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
520b33352fb8fb783b67b914d879d906

SHA1
455b44e6a9822724f353c75bea6639e1621b9d28

SHA256
77629c1a092dfc112ad131451d9c216be2e5936fecbf5cb4a4e3f55624cc5574

SHA512
765c0243225cbc85e61049cd27fd51e7310ff1553e9b39398ede148ad2a30ca1053dc98cba460ff6d9e4f9dcf6198b7dc269693bb46c8ce6081e72143ee6bd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e472878395ec73dbd384366e4f4e17d

SHA1
79a075c35e354ceaf04886391b0e7ffebecaa88a

SHA256
8993baef7c176c91c4a0607540e00a9ca72986ff958900e99d1d75c3146ff09c

SHA512
2e9e78a3fde0cadcc78473cc2fe92c6f88ade1dac08409451b8a21abd596119e9f5cd1118601cf29d9df1725476b3dbc2f478c37c8f2eb01acb833646a1197f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
0a71a868f193d4c38d78fce3f6fed8cf

SHA1
47852124dafff3f0a6ff72db353e182bf203069c

SHA256
60ef06ac82a77b5e61352ed64223dae70208a54fac1a633efb01e04acd94f15a

SHA512
044342dca5c6d8842e6e6cc0f8b97934943211d11bc18b5eb4630567e99c8997f0dbbe3442475448ff18fd9d3663a85aa2937f33a72fd2c79b49e536236ac822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
d8830530a2326feddbe956519f4a5fd8

SHA1
0fc77e0fcd27f1a2a805681bf90d2d5226d0502d

SHA256
e974cee96f164ff1e1d3428c9ab2f7da069cd583ecc25daff0bf7a39a9c9cd54

SHA512
4646aa299ecbd5245f212e11cd033275a170f2399029fc9cb6072c5fd2d554b8250faed661fa17d21c8c918a4ba0277a7815b0edf75e2659b160637b222f9352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589546.TMP

Filesize
107KB

MD5
d398fd067947edbbf710a9b5a2d3cbd7

SHA1
47ac8fa38fc838e206e9fb117370c0bf194fd8d7

SHA256
3328ad5f25d3db923cef7305141b607966b9bcc7255b9000a6b2555798e6f225

SHA512
2ed6987b751033115e3d126ef86449f9564ac9a828c17c39c40652dd076494e72b4bc6c1306d367c68cdf0b1f0e1b12cd289ff81f5081ae236b9b1b03807e3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CFG1081.tmp

Filesize
123B

MD5
17af548f88a3199aa8a63a72201f470f

SHA1
4e64bb20a2f54d778ed684aa21abebad63a5c2c0

SHA256
a558dbe555749cd3bdd62060fdbba72720c4f4a186d5870b977ed2acf9721d9e

SHA512
08bdbc75f5fd4d9ec85c53253e4030ce7245b20ecc95e032835609c7c43a07d6c9e7776f48c5494a788a543240c0649a9f1a34a0e514ebc4dda5730953647338

Download Submit
C:\Users\Admin\AppData\Local\Temp\CFGE8A6.tmp

Filesize
123B

MD5
b86728705e9c691dfb8a2e9e9a8d37ea

SHA1
28944d67d67ff2d13af91213663b5498b9f7244a

SHA256
fc94fe1cd9d41350cd156716afb6bad9804d8db549b47d8849f1273ad096d742

SHA512
012ccd8a83bc819bc4018d50e77f48a13a9d7d0523045ea73897eca774ebbb9f6b0e14315d7061bc9330535e13329880400e00914163e3e191b6e4f1078490c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\SP-Animals_Installer\MorphVOXCheck.dll

Filesize
28KB

MD5
7d9b4da24c668d8ee2ae7d5b032a62eb

SHA1
ebe7c40e5ed0fd67f0c6fc028c168d5bd9b86f96

SHA256
b94899dd9b7cbe15dfa10fc6df7e248a052eaf0ca086322c2715a5ccc83f6588

SHA512
3597f6eca63c92cac57bb9258e078ad345ee5cca54cf8c59b1e43cd3092b6be71982534a66b61951e1ae82b58ba37061d7a296d86d5d9d888ad57af926f31ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Male_Installer\MorphVOXCheck.dll

Filesize
28KB

MD5
b0869f2f6ccad744c617a5ed7a6ec8c1

SHA1
a09fe73612e5029501fc2f38179a4981ee14f067

SHA256
44a5cad4d635e9446474cd1312371bcfb0127459ab47084ca0c9d803bef9fb07

SHA512
48feea87bf59eab0bc11af3059ab698a2b7efa37c218948f122320fbe5080634cec3c9fbf58003e147c8f379c21928d783f8a3bfc0fcf3ed9480b2620ce3bd8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOXAddons\VP-Personality_installer\App.ico

Filesize
102KB

MD5
66bda22b81254c846a9f386ac1906fdc

SHA1
e4a95443caec4375608e5375ebf04afbbc18f544

SHA256
4aca05ca3a13388c3b2bde5f772e1aa2da948bbca17c8e3a19a71fb49de6a437

SHA512
68867b51a40bfaace8c0a5714e84dffd344f4bca0f239640f47b4a98bd8b74f5502727790f2ba6ff56ddccb2502d977bb5a3b2a2fd4b56a04f1d1707b5404ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\AppData\Backgrounds\default.sbback

Filesize
309KB

MD5
c93f7b94e826e2eafded6e7a8e3ffdd7

SHA1
6ea85f9dbdc174b825a777352c25ded6e6e0e39c

SHA256
9ef1111ee3d35d481615f65c118f44d8d2dc43b45a30e28b664403fc597f1a54

SHA512
58dfc2f8f7561a5686183a963123d470ea3cb76d2b0503afed45bfd596f99fdadb30a8949fd8284c31367e39bdd5bfa924fda99ed3c2fe0922f4e896fe856d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\AppData\Presets\Default.sbpreset

Filesize
350KB

MD5
0a80f2e4841abf46ac75c546f10f9bae

SHA1
d4118ea3229ff33deb99db7d06c655a41ce75fc0

SHA256
5856fbfe66e78906347ed385b4c5aee1d871835bb4a16c11d27c69fa10c54b29

SHA512
6905d5e7a9080da50f79a4d0cf91495935677d191027f2ad53fa9889ab67c2f6803cb526b6980463b50ca9bf0391d35ddffa81dbff3f6e26fc00a3abce20f883

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\AppData\Skins\DefaultSkinPro.sbskin

Filesize
191KB

MD5
961733313fec02a535cce69175a81703

SHA1
0aa2f419a70edff9ab24a3df50748e21df34c069

SHA256
d3ec194286a4c27f4c425982c84dc977c5ce205e9d591ef59c3e5f425db6990d

SHA512
1f8d1176698f2e027e67de5f408c970bff9137c2c80799f46cd38b8dbcaf22b1bd97386d2d0a2bfed44b4de33def45ad501a7a2b6bfcb5ac4a0a1d8abea22fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\AppData\Sound Effects\Miscellaneous.sbfx

Filesize
310KB

MD5
80e5bb791974f8e784ae124febb4257a

SHA1
1b49fdbdfd6cd24cf7b259eb09db1ff03d8a7a20

SHA256
efe7c9791808fde87d32f6f529cd50fa9b0000e961db8b2860858e684ca7e799

SHA512
7e7315aeb365aef89165d1ca9e7dcae8487db3a11c59866ee61874c51e19217e8b7608fbc123ce768595944772ce766ebecb82d09d9c50701ea60807e101a625

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\SBAudio-x64.inf

Filesize
3KB

MD5
24b34f2a52988e4e4a60120647353cfa

SHA1
3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

SHA256
8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

SHA512
901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\SBAudio-x86.inf

Filesize
3KB

MD5
060f620afb2c463a87e0d2605967c10e

SHA1
5a0e9c991c05b8f57cdd7ab8c413c42324ea7c30

SHA256
b9cc6c9dcbd5e501bcf73997e49ce77facf4a4aaab25c820a4fd0dc38eba5913

SHA512
d1bf67f003900e02a4ff37fe4985e5398620773f9688e76eeee960cdc0704c0456d00716dd0e8c36f39048d6d20719cde1eb8706bc6c41564acfcd0f9ddec441

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\SBAudioInstallx64.exe

Filesize
55KB

MD5
f6fe452fca855571d55c0540c2210cc7

SHA1
e9ceef78724e91c764324268e0f41beab18a39d6

SHA256
2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

SHA512
9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\SBDriverInstaller.exe

Filesize
80KB

MD5
c1e6b228c8118a648021cea9fef0e5cc

SHA1
7b6b5cf4f1e8baacbd103ad1fc2d2dd4a16c4e21

SHA256
59751b837b685f2c83cddcfc8e6654fde4b254b8b0787691525e28d7ec6f130c

SHA512
ffee99e17354b7c7e24dd4077600f311a10908fb510ae05d154b2ea8ab1ecc2fe4c70fe0b2675ba847f3dba407556e8d41cfcb2f0ce45653d9b11515f594b062

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\ScreamingBAudio.sys

Filesize
34KB

MD5
a689d522eedf89401e1da2fe883aa7ec

SHA1
b45e26307b591c4271909eae7e8b025e44ce1eb5

SHA256
15c03644972c6cd4e2d970f3513793bef30e2e8f18a78369ccdbd090c3f94ae0

SHA512
74a14d7a422b527d4cd69e7f7aefc781eaf7607a42ef16160a37ea19428ce2999526851f971099773c7eb285aed70b1538ee28aa9ff288242895f71724958101

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\ScreamingBAudio64.sys

Filesize
38KB

MD5
8b56bdce6a303dde63d63440d1cf9ad1

SHA1
c51b124eea04b6388b313bd3494891cff5b394cf

SHA256
66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

SHA512
e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\sbaudio-x64.cat

Filesize
7KB

MD5
54edf263c49e02cd6b6794d7a8d312be

SHA1
30ccf63aa2b614263a4c38f9bfdba812d6d85996

SHA256
c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

SHA512
3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Drivers\sbaudio-x86.cat

Filesize
7KB

MD5
1353945ca3c4e9a0e6fedf53470d518d

SHA1
0e0970cddd5d3880e08a5d85ee2602be9bd964c5

SHA256
0e63c005e61250b47f2c6ab4bc8b9543a88be7080e3bd1aff514d2c048884337

SHA512
f22558fed85ce4cdccbb50897cbb869e1b9f70552e2d8b9aa567af33d6e654a29c7f47cc37ee9e42307e3ee0d28092be0a8d9d63ee085b18db4fd8d3250f00be

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\EULA.rtf

Filesize
44KB

MD5
f5bacae2c9cfe680883dbf3c5605bcd6

SHA1
dae923100e986170fb81b2516ea91e6f9c466e06

SHA256
c3162f4ad239c72eb58374877e6963718db6476ba7c8e22eff9191aeeaa93aba

SHA512
101bedd4dfb6dc5d6c44d802b2cab9290666e5ff35839ed008e7fbba0403eaada17440a1e08de7dbff671ca6c6fe074c0c286ba5db0d068753ea96d9a3a71ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\GoToSleep.wav

Filesize
41KB

MD5
7bde340fe05d829bf8f7850e35e4510d

SHA1
ec60103a537d1412f0128b49b423469a7c65b06d

SHA256
5defe4b6d8401d81e2458df16753c2fd0a4cdd7b92bc449de18d28308e1b090e

SHA512
8d9f727db04ac266ff9c5e1584cf705b304884c274def9803bfdaa044df6c58b62a9cb2519137184fa830befc3df2c02a62975a8090a5d35d3833ff7b844c6ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Interop.IWshRuntimeLibrary.dll

Filesize
53KB

MD5
32018bc5c511f5f331a9960fe6c15ae4

SHA1
3090d08c86762a654ca0034fe332b773a2fc78e5

SHA256
97916e4e713dff69018e948c4a45dd92b14828897d8fc44ed8d764340add06bb

SHA512
250ea0778f27d4b032986862e71bb08d7a575fae9fef8dccb115901a150febb37ae10949d0550b8697f93ec8e7c7d20622ccc1819b2664a87ef19d75d887a52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\Interop.SpeechLib.DLL

Filesize
165KB

MD5
7863de1f92614d818c8d9f0b43cf81fc

SHA1
f9f1503436a3ca5ddfd42e5afe0ba233eb4545c2

SHA256
b0c492a2c1701cd4206f732715a1dbf556106f01ebdd98375143a85911e8e3c3

SHA512
fa60ed1cbba7cfa75cc8bb6d863f0e9b854c22730fe2adddef8245cd42f35e0689156c7c85c6fb1dad1399efbdbff25fb73622791b50a053f36a3f918e679465

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphDSP.dll

Filesize
5.4MB

MD5
dc5f2f988f35c42837133ab3ddefac30

SHA1
17b7df50c01de56d4b4eb4d81961ed2fe481a05e

SHA256
c715b331230fc4a00393a67711a6a384496aed923438dd4778fb80373205bb0e

SHA512
c743f8f99079753f0012953011d148e08035caa5c32c334355d15db4f03f6a67b16eb2cf45cc061495f911ec56843033a56a13055eee6415ce0570171b24f9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphDriverInstallClass.dll

Filesize
14KB

MD5
f86f2142c1c7aa672833a3fab8cab8f4

SHA1
73b263e7b71f36a8a7d132bc87e9fa4316cc0e07

SHA256
dd76195def35c1be1f96a27d282965ae97dec9fc626e57183785d273bba56b19

SHA512
cec69135131332f1690792095627591631d4b500783f7c1ee528292c7c2ec3afb4c5c03a056c3efb7608ff45a7bb28a5325a5d9635909a12e39e648203aded27

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphDriverUninstall2.dll

Filesize
16KB

MD5
314d600543d24343bdd7c609db4e6f9a

SHA1
e287075f9a3db833bca1852afac2d857805a8fde

SHA256
b8f717a2afa1138685d06a59d9ecc22742bedda04365d81930eda7b9565600c4

SHA512
a8a08d25772e226736a268a9c0ac87a5d0492914312f49006c83ed79c55cedd8a11d183c99c9ed69df8445c367557e75950af678dd831c2d29bfc71715eb67d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphSupport.dll

Filesize
384KB

MD5
b530e4984061d2b540293fd1d80f3ac3

SHA1
1d6d7b8416fc3fb66c6e9d9f1c10f8a665de1290

SHA256
2682246b4932884bdf0c25ee591d422a5f915cd5b5dc6b9343a6e832ee82e228

SHA512
b844d960dc3e6518180653ce5f8f3370e72897c5741b76e27083f6711bfd8c2cb56179cc9900e5ab7b87ef469966ef5deffb487925da88848772d68ff3f1023f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphVOXPro.exe

Filesize
5.0MB

MD5
c68383a0361971a610c34f93a45448a1

SHA1
369e43df88a820eda488eb99847455b6acec134a

SHA256
a38e6b2336ab3ba6374f9909c79c26359d005603c101126327cf67d990086493

SHA512
4a077e6c9e89ff8aeb7809e1d71209b0eae8be8c17ead980da9a3794b6233ab3759b7a6ef93d21c6fb396ed9d2159307194edfd6d8c88929ec6244c5b1c8813a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\MorphVOXPro.msi

Filesize
572KB

MD5
30aab48d4954c800f8acb66777a24abc

SHA1
c3d0014b5e67e2054462fcc124269ea03f8246a2

SHA256
fab1bf183fc294f98a1710400da08019fcff44fe48bbffcf081b425a9df1e837

SHA512
5ea2a27870e9b35f1592f6774092c8f564665138f61ff1214cefd952356c671a765b10ff61c4b26b76e73a948a1276e369f90ae46a3bb88309f9f722a6ac9002

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\OggVorbis.dll

Filesize
1.2MB

MD5
b48cac971d859425373bdc5b2381ec96

SHA1
5f3ec5269402ab3f05ef354509e9c4abc365fb10

SHA256
e75f9df94cd51128ced9c7830e9b9a5e835f7bb6264f0e515b4cf877034e6956

SHA512
21a2fa6a018f73d8c9d71cdbddcbbf4e74dce720124c5c29d7584d7504f03054cef450170afbe93ec1f06aa9033eb4626b09e3ca3960433dc30a37fbd0b01ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\SBSSettings.xml

Filesize
461B

MD5
91944cd0e02585e3c6097cdcbfb7fff0

SHA1
0ec7703a03fc77500900b014bc93a6f9169776fe

SHA256
4678343c9e7eeb534b658e0c051509de09d7495ed2a031fc02f1c741b37d6537

SHA512
dc98a02a86ca7d695d8abe72e3844278aa06b05cecf9455ff437045a52b6cd8fa16cd7e3b3215a4e1975fd78df7c6b281d00328606543105d3caf61e46b85fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\alias_audition.ogg

Filesize
15KB

MD5
5d47e1d833ec7d5fdd36d2d39256fbcf

SHA1
7893467485cc8bb49ffb2a6aa9bcec14a55e5f45

SHA256
a5b9821347f82ed2bffc8129d7ece24ac612d9177ade5f7695a916089e86f3db

SHA512
6ab80a349af9360abffdd5e032476ed0baa433689b181f86a79efce8adf34b9c2bb2d8ebf2cb834ce5542e13a4bb2ee9e148f58e6f7f3ac7156c710dba373524

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\alias_next.ogg

Filesize
16KB

MD5
21a547df9acab85cfff057aec223d2ac

SHA1
1a7304fd084922b4c0bd1a81565f6d1d175edf46

SHA256
0538f5e5875edb226c0b2b220acc68c75e54aebb24011344feb3d9fa664a80b5

SHA512
508287fa0010e09bc57648f9b2c794191009d1283d1f83c75199b64c37c2cc4a391948424373b26979cc248796421fd8a0410cb8fcd8dddb5ec33f5bd185f196

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\alias_prev.ogg

Filesize
16KB

MD5
cec2eafd6c824893b38063f2a5c71eb7

SHA1
a7e2614fd60cb80454283faac0a12defb2314ff2

SHA256
e1a92e9892d92888d2ea24232cd241be26af0402827c2415b4f93400120e896b

SHA512
78f247afc5ece0eae5a202835260ffca2e8babffbca0b84cc9799cd5bd47df948378195affa736097fdf267c0895139cca90fd07d537a6e1c4723ab3048fc2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\morphoff.ogg

Filesize
20KB

MD5
97406373da41ef853e4d694a8f2a16fd

SHA1
aad08bf44e16aa8c6f7982241db570f681937fae

SHA256
62a79d9c4ca534faca46dc35d61c3ba38520a7e6ea196021b2e7c3b17e67b530

SHA512
2e437af68216818b4f6094130467d3d6a19d5f8003b0168dc53367740fb562cd0d623619983e5767e36af09de0db6cefe44f7d2d72c364d8bb847359e0713f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\morphon.ogg

Filesize
18KB

MD5
38fccae6f7fbfb611d7b6b8ec3a2337b

SHA1
831b9284656d69a234c02f99720ce993e382cc33

SHA256
5d8720bec8f069cc2d1ed6e0fc5aceabbdf10f023fc40e0b9524ee169a305877

SHA512
d581694168d05ccc9d405d717bd26237c5d4867c6fae0f26b813f2ca8c0b400a842899c8f9dde1261dc68f584c2b12014efed7d0027149dcabeb6ac40df5fed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\muteoff.ogg

Filesize
10KB

MD5
0e6c9f11ee7886c1c2b30388d7dedfaa

SHA1
feb872b80b951c1985d93483162cca0729c715ce

SHA256
51f6ae1b80670be903948404bb932384d3a9c7dc56e6fee17fb82f54856dfdc1

SHA512
fcd025b4900ba2adce0d55e4b42bedf59326b7dc08c4e65295bf4a8b43ce5250b9067370faaeca7adc96110cc7df92ea4017480905d32e212b467e9468060a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\muteon.ogg

Filesize
10KB

MD5
3b8a3111ba6eb4fb481d3bcaccfe918e

SHA1
851cfd2fffa86cba7062e151c916fd7ed1ac0c12

SHA256
acaf2d3f4858096fdee0c61bdd2315a5fe765f45fc81e012ca9fb0b0af10d25e

SHA512
f3b91e73b3470d999fcfd508022488c2ffa3d8a731d2c8eb09f2410d6e7e383f2411619d47f257c3d218b46ada4d3b5284ca941d25b5acdbed6686938bad2981

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\sfx_audition.ogg

Filesize
14KB

MD5
5fc4a74f51037d3a459f1c2b39a66e7c

SHA1
430ff900b60712361039ce8fe23829856a5c8fc2

SHA256
373e8594694ceab921e8d23a4959e120a803e93a3de42a6a0909aad9fbd21256

SHA512
963ebf849c93dba37980fca5dfadfde2cb76eef39d52e1e8f91144965790ee63be55d4060ba500b555bc5edba20dc1e4077519f6322c0b9401867bab9593f812

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\sfx_next.ogg

Filesize
15KB

MD5
5cd8f4bc622fbeb9cc4d612c15cd4008

SHA1
629ac04256037b201c175b78b1f87144d1fad5f2

SHA256
58f5ede5477e039eda1a711e46ec8cd915d82e255d53ede22f7596e6c84aff33

SHA512
5b747d75abf0a1599e7d2fda164179b0d2e303882b31a0e46c37f64a18738dc8710dadc69313eaa693a21b36a4315449a2609de7eb55c886c10bbe19f373c02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MorphVOX\sfx_prev.ogg

Filesize
14KB

MD5
bc89d1204764af4bb4d999a80f5f69ca

SHA1
63f76f6d5e7127bfc19ab57957812ce4fd912117

SHA256
1a980d1ebe71e35753b588977d99e051e076018e5f477bd3351b8032e84398f5

SHA512
521dee146fcaf7fd43f50d8bb80c9a13c9dc9891b11afafc8379129174e1ef7128d31b8fadd905af5f4030787e60373b652b4c20c67a4862dc9206a4a4d773ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE4A0.tmp\nsExec.dll

Filesize
6KB

MD5
1128ee61dffa0a97d30b2f828235b289

SHA1
b552f3d4f13894f2f30fb446893093ca78fe149c

SHA256
1e33decac84bdd2b3a651c969258f8e6c90616e9ec35de6ab4f402709555ce4c

SHA512
d470356be436997fc53c17b8546cc80b187538ad2f258788761b92c28d91ef733fe6d8b3b33c353d84d1e0ae089207efd1ebfde33a6d33d5a341960e7bcfc8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE4A0.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssE4A0.tmp\nsis7z.dll

Filesize
169KB

MD5
567103638bb0c81cf9bd86f727ea12ac

SHA1
ddc03ea66412f11b5975092f92067a85d29d17b1

SHA256
37dd96230521a91dc7eba0d0a4fe8726b4405562b1a96363a01e28334bde94fd

SHA512
1d64a197489ea45e21a89ec535ca0282eed47ade40589dee31de865870ddb91ffc0921a5eacea89ddf9bc1d9b93bb7edf6f6c3148a18a9611df87be0fc369fa4

Download Submit
C:\Users\Admin\Downloads\Adobe_After_Effects_CC_2017_ru.iso.crdownload

Filesize
31KB

MD5
a6bcbb3a160bf3aae8f13c7043be2ea5

SHA1
eab38553c976acb562aae37c5e345009b86463c0

SHA256
e5cce11415a8e0e9c567864170722790ebe3ba5fd53ae300a5cb02cb84b3f8a7

SHA512
b90ece8d73a806b71df87c33974dbd52e85209a5719bd20f15b7b86cd41cc298b35e322207005f13ec7c0352a36e51a5eab6085d5648a7182532147b1892c09a

Download Submit
C:\Users\Admin\Downloads\MorphVOX-Pro-4.4.17-Deluxe.zip.crdownload

Filesize
16.3MB

MD5
51bb288d1143cccf0f69e48c681d2f01

SHA1
2ba579e0c47a3af47dd1e8394307551696c1c5ba

SHA256
84e59bc0d213d7ad1703a2bde9d0216925933e3243291ab3168dd85e8953f81b

SHA512
3e7557d8a3826c7dac3f770528450e739cb6d6e39fc933ee29a24253e4bd7f213aeb0b197c397b9e784915b3c0097129cd5373503c98b6bd23e0fbe192c2fbf6

Download Submit
C:\Windows\Installer\MSI24B8.tmp

Filesize
60KB

MD5
46b24723e5126a6f7a3a7d6facee18a7

SHA1
1cbcaa27406d66115814231977b970a805726a2c

SHA256
d14b73d7a21be2a97dcea3e6a997fc846406bf2c699370acd769aa7f097aaec2

SHA512
f3ad9a1ae3f55058bfc256441d62b4110b38e1f2b3328e09ad47805f1c312cdf67b313e5f5a67d19fa128e0082d08dd79f1fff6ea3fc49bf544b733a827b626d

Download Submit
C:\Windows\Installer\MSI5EE.tmp

Filesize
222KB

MD5
fb4ed24de182178cac3cd3870a4ba5b6

SHA1
38b168fbe97b72a5de5eaef16535ea1aed964e1b

SHA256
5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

SHA512
03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

Download Submit
C:\Windows\Installer\MSI74C2.tmp

Filesize
63KB

MD5
67cf69315774a0d416a320a3c809bda7

SHA1
3fd19a4444f7c649c1714c4f1273be9d6ce6a7b7

SHA256
588dd2168b1f16b8af094282ccb9f59304d658d3f10d1f3a9c2f2d045e0d8f38

SHA512
546c0a559eaec6de1322ec992deb63eab6865931ce4584610e684c8aa6e3cfcfe0b542c507933ba847d00893eddf443a2fff5a05d112c88f0fdbd2f003afb00b

Download Submit
C:\Windows\Installer\MSIE7BB.tmp

Filesize
221KB

MD5
911aa8d08b7ccab654e897b0e4439354

SHA1
4f4f16048deae47a2ff5b9849042f62ec51794bc

SHA256
ba56a2fa13e5dae48b6d74a8fa40f2f44473b386e71ba1e7ec2ded90ad56bb8b

SHA512
8aa11f26093e54a62c5390c64e218a8a57cd3374bbce8ecc243042dd8a2214ede1f3befa699837698c0bd42b9b4e011f95c62588b8bdd4da9aae12dabe4b46e4

Download Submit
C:\Windows\Installer\MSIEBF4.tmp

Filesize
67KB

MD5
a62aaefe34379cd32de8105ae14e6704

SHA1
c0bdb0bf5e0b86c60888aab9eec2baa255783a65

SHA256
844319b0d1fea0fbe8acf538789b05d84fdd36ad2ca2e08a4ba3c5ac9ed51bac

SHA512
bcc88f4ab3da2f9c0d3c7ca4fd70a1c886bdaa2f2d044958e39d304b4cdc99809d0660421c0f05bea3ebc87ca5dd1a04acad35497afbd3a1e141e2f860dcfa29

Download Submit
C:\Windows\Installer\{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}\_6FEFF9B68218417F98F549.exe

Filesize
102KB

MD5
b011a4a55df9c8d2f8113445c059ee0e

SHA1
e6e733724a3c3c45093feaaa9d0578a41b0b0d2b

SHA256
b0f73ec2b4eedc632cb1a314edcd855bf0ba50cdedae138746a606934a20eb0f

SHA512
df1dfb1edcc0f95ea819cc6dfe0da47e2294f249ad5a1a9cc7fc4520e35a6abf92b3b41681c44267373839fe2e36cbcd98474ec4b6cdaa31040f455ea3d0eadc

Download Submit
memory/752-533-0x0000000002980000-0x00000000029B1000-memory.dmp

Filesize
196KB

Download
memory/764-764-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/764-785-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/764-763-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/764-765-0x0000000002680000-0x0000000002690000-memory.dmp

Filesize
64KB

Download
memory/880-1144-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/880-1142-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/880-1163-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/880-1143-0x0000000002EA0000-0x0000000002EB0000-memory.dmp

Filesize
64KB

Download
memory/1328-1251-0x0000000002EE0000-0x0000000002EF0000-memory.dmp

Filesize
64KB

Download
memory/1328-1250-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1328-1267-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1328-1252-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1696-1027-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1696-1010-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1696-1012-0x0000000002CB0000-0x0000000002CC0000-memory.dmp

Filesize
64KB

Download
memory/1696-1014-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1980-994-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1980-964-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/1980-967-0x0000000002D50000-0x0000000002D60000-memory.dmp

Filesize
64KB

Download
memory/1980-970-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/2544-883-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/2544-881-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/2544-882-0x0000000003400000-0x0000000003410000-memory.dmp

Filesize
64KB

Download
memory/2544-898-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/3312-1126-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/3312-1111-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/3312-1110-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/3312-1109-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/3524-981-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-966-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-965-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-969-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-977-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-978-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-979-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-980-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-984-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3524-982-0x0000015A526F0000-0x0000015A526F1000-memory.dmp

Filesize
4KB

Download
memory/3572-838-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/3572-839-0x0000000002510000-0x0000000002520000-memory.dmp

Filesize
64KB

Download
memory/3572-840-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/3572-855-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4252-525-0x0000000074330000-0x0000000074AE0000-memory.dmp

Filesize
7.7MB

Download
memory/4252-510-0x0000000005150000-0x000000000518C000-memory.dmp

Filesize
240KB

Download
memory/4252-509-0x0000000004E50000-0x0000000004E62000-memory.dmp

Filesize
72KB

Download
memory/4252-448-0x0000000005480000-0x0000000005A24000-memory.dmp

Filesize
5.6MB

Download
memory/4252-447-0x0000000004D30000-0x0000000004D38000-memory.dmp

Filesize
32KB

Download
memory/4252-443-0x0000000074330000-0x0000000074AE0000-memory.dmp

Filesize
7.7MB

Download
memory/4252-442-0x0000000004BB0000-0x0000000004BCA000-memory.dmp

Filesize
104KB

Download
memory/4452-1176-0x0000000003180000-0x0000000003190000-memory.dmp

Filesize
64KB

Download
memory/4452-1283-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4452-1201-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4452-1177-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4452-1175-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4596-1234-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4596-1219-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4596-1218-0x0000000003170000-0x0000000003180000-memory.dmp

Filesize
64KB

Download
memory/4596-1217-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4612-1060-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4612-1045-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4612-1044-0x0000000002D60000-0x0000000002D70000-memory.dmp

Filesize
64KB

Download
memory/4612-1043-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4816-818-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4816-801-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4816-802-0x00000000030F0000-0x0000000003100000-memory.dmp

Filesize
64KB

Download
memory/4816-803-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4828-918-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4828-920-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4828-919-0x00000000025C0000-0x00000000025D0000-memory.dmp

Filesize
64KB

Download
memory/4828-935-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4892-1078-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4892-1093-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4892-1076-0x0000000074540000-0x0000000074AF1000-memory.dmp

Filesize
5.7MB

Download
memory/4892-1077-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download