hxxps://clownfish-translator[.]com/voicechanger/download/download64f[.]php?v=181

Analysis

max time kernel
900s
max time network
1178s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11-06-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://clownfish-translator.com/voicechanger/download/download64f.php?v=181

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3580	VoiceChanger64f(1.81).exe
904	APOConfig.exe
5984	ClownfishVoiceChanger.exe

Loads dropped DLL 7 IoCs

pid	Process
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
836	regsvr32.exe
4872	regsvr32.exe
3044	AUDIODG.EXE

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ = "C:\\Program Files (x86)\\ClownfishVoiceChanger\\ClownfshAPO64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Laugh.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Fire.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Flute.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vst\howto.txt	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone.bmp	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Melody4.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Rusty.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Bell.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\AudioChanger.exe	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Ricochet.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\You guys suck.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Vader.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Boooooo.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Melody.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Melody2.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Robot.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Hail to the king.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Smoke weed everyday.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Applause.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Denoise-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Denoise.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Gong.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Gunshot.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\I feel good.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Ghost.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Metal.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Singer.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Bicycle bell.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Duck.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Robot2.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.bmp	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Sheep.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\River.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Useless.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Vocoder-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Church_Melody.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\vocoders\Creepy.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby-Off.ico	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Cheering.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\sounds\Fanfare.mp3	VoiceChanger64f(1.81).exe
File created	C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone-Off.ico	VoiceChanger64f(1.81).exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MinInputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MinorVersion = "0"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\NumAPOInterfaces = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\Copyright = "Developed in Shark Labs, Sofia, 2016-2023"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\Flags = "15"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MaxInstances = "4294967295"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\FriendlyName = "ClownfishAPO"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\MinOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\ = "ClownfishAPO"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E0C6D1-9465-43B2-9BD5-27A3A56CF1B3}\InprocServer32\ = "C:\\Program Files (x86)\\ClownfishVoiceChanger\\ClownfshAPO64.dll"	regsvr32.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 847812.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\VoiceChanger64f(1.81).exe:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
2092	msedge.exe
2092	msedge.exe
1228	identity_helper.exe
1228	identity_helper.exe
2408	msedge.exe
2408	msedge.exe
4056	msedge.exe
4056	msedge.exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe
3580	VoiceChanger64f(1.81).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5984	ClownfishVoiceChanger.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3580	VoiceChanger64f(1.81).exe
Token: SeTakeOwnershipPrivilege	904	APOConfig.exe
Token: 33	3044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3044	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe
5984	ClownfishVoiceChanger.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3580	VoiceChanger64f(1.81).exe
904	APOConfig.exe
5984	ClownfishVoiceChanger.exe
5884	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 5032	2092	msedge.exe	78
PID 2092 wrote to memory of 5032	2092	msedge.exe	78
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 3476	2092	msedge.exe	79
PID 2092 wrote to memory of 4412	2092	msedge.exe	80
PID 2092 wrote to memory of 4412	2092	msedge.exe	80
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81
PID 2092 wrote to memory of 720	2092	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clownfish-translator.com/voicechanger/download/download64f.php?v=181
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d4973cb8,0x7ff8d4973cc8,0x7ff8d4973cd8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Users\Admin\Downloads\VoiceChanger64f(1.81).exe
  "C:\Users\Admin\Downloads\VoiceChanger64f(1.81).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3580
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" stop Audiosrv
    3⤵
    PID:2336
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Audiosrv
      4⤵
      PID:384
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" stop AudioEndpointBuilder
    3⤵
    PID:2876
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop AudioEndpointBuilder
      4⤵
      PID:2408
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" start Audiosrv
    3⤵
    PID:2784
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 start Audiosrv
      4⤵
      PID:1960
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" start AudioEndpointBuilder
    3⤵
    PID:2372
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 start AudioEndpointBuilder
      4⤵
      PID:1320
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll"
    3⤵
    - Loads dropped DLL
    PID:836
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll"
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:4872
- - C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe
    "C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11887822483070171659,9414672361970166540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:248

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:2336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3684

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4356

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2468

C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe
"C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000002AC 0x000000000000021C
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3044

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe

Filesize
171KB

MD5
961ac1bfcbc9b962ff00c78b7fe5b795

SHA1
68336dcf52ad8da141d0bab262f9c3466042b670

SHA256
40d9035ff1d596f0c67f552ca4729228b5b607e22308ded3255367410c0eb2aa

SHA512
f20cfcce6b7d526a87b5c2527af37e34ad806d2dba7ff80a52895e85d2eaa1630f4444f74640716d287df811b498cb75877d649e41f5cf703df043e517c390d6

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfishVoiceChanger.exe

Filesize
919KB

MD5
183d07dc66486c0fe23ce9713362ffca

SHA1
5913f31b33655736ca8e9574dc6f34571f7d97b3

SHA256
261e095ebcb20b0408cde829f6d1d7fda11888d70c88aa396640f03e7c019878

SHA512
e0a9d84250154e166859b1b7ffc4c8fc712e7860138b5b4731e4bcc6661c9f76c0faafe5733f9a5b42ab7c2e7ee47587565c0fe181c3536d34beb7ff77c71fb6

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll

Filesize
356KB

MD5
ad467fd2fc4d6fc21958b86f14c70036

SHA1
b30c49be905e5b7e5987a0f3930cfe334918a987

SHA256
afdb9a1ea422bb3ddb857d4c6fd9de2d3dec41bf0443d2791e7088749990aabf

SHA512
76af179736caeb7555cad1f4f7284a6cf3578a2c6bf6d122ae1e37a8a603abe29540d0a268301213cd23e0a20e86c390312999d67b8dae6463ee94783f3e55c2

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien-Off.ico

Filesize
16KB

MD5
3f7b046b32d33fa1db6d801326c84c92

SHA1
f267a3236f46e5160fbda29bfc0e628ab24f2d35

SHA256
9d68b4ce0995e03fa5a623c36ac00d2641697f9c2120b2d4acc24b371037a729

SHA512
e5e1f723e41c9f4ee324883b7d2746f89b8333b17172b1dcd05e8e070caa200e184d12382140986a0ab852312878e9c1d9e6253accc558af246f69f4598ae347

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Alien.ico

Filesize
16KB

MD5
b4912b4e5ac58c1da8deb5834e3c366b

SHA1
4d3470a065095f6498e45f7303a8630063eb658c

SHA256
99d1d4618d0ac84f70b30334c94208c617c76f8f1604f665f8dc5c424e638f4d

SHA512
aaa10258b02e41eb13e45ad5746ef5dce249020a973a83e2532bc2d20de0cba6d92d3f4bb3716f871b9eb4db633863763a087769054f9b832cd308b1e7865139

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari-Off.ico

Filesize
16KB

MD5
6f984a4938ba524ba9657d3c63845790

SHA1
0b1789655b8139fa9975aea26860674a5b4fd4de

SHA256
6df6a6464c72af219094cf3787cf0d1f858e2fd3b6c5cc213deecabd911769af

SHA512
f7c403fbf0e3436eae86e141078db563ca7b75ee157eaac4bfd239c5a42227680598a3cf76e4f30760232f71dc3b4fffe7a5bab8d6106854be9eabc7c43298b4

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Atari.ico

Filesize
16KB

MD5
b5c428102274914255a1c7f4876e2dcd

SHA1
03c76804698ac954d950b6a7dc334fa9ae6db45d

SHA256
3874c8be3dc907e0f26b658fec2a551e9651933a819bc15bf9f93b578e8b5284

SHA512
daabe89489aa3f6089e05a2d96f149211d4b4338d19e68497b5531d45a8580979dea303b95bdd93f14a349c743e18e120eedabcad7a472b9dd8032f5db42aeee

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Cave-Off.ico

Filesize
16KB

MD5
fc40dfade66ab7cf24962bca246834c0

SHA1
9f5c5dae7824afd92ae3dacc9bd72f814bb5e776

SHA256
671d371f7b2f07fc7b1e8ea9f0ab1bdf2a9055e79f3c859b19b6f579fc17987f

SHA512
e0bcd0d37c1b1a4db6dec33d9b3f6471612a7e266349b744bc1e3664e908cb737304af77f3d6f91c7e44ed561b86ff4e686625301fbef4a24919df765d105efc

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Cave.ico

Filesize
16KB

MD5
f8b303268883f3500b9723c5f82843d2

SHA1
805cd035ae00e0fb37f3afbac9cffdd5c3b12014

SHA256
716cc28267dcdafd13ca183d11fd74394f7e55063874d5c19a088ec40e225590

SHA512
0d4b0873c42ff4da2b908bb458c59adba5765c48c4b2168ff7749fa58bd637b483001615532ca4a4158b9e43ac6881ccf4f372d9faf29f136bd473741a975e9a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Chorus-Off.ico

Filesize
16KB

MD5
87eafaceec081d8d2bad823ec42d8372

SHA1
515545777b7805a4ff74bfcdee79d9237a11c669

SHA256
e472affc0a16978628ae05ddff151eb0e4fe2892989e55d3bc3e2715d9679448

SHA512
6957e54e9fd29ec607821ad451727cc76ab04e8ffb99b6b0fea8dcc821b4e579beb4ec4f7cad1f9e90fb638601a3752720931be1a0e3e287b5a12ac3e3d472d1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Chorus.ico

Filesize
16KB

MD5
afefd408c6dff3dbb1217c497aacd33d

SHA1
ba1439c6d07e450b16ee1326d648ded9d3c8aec3

SHA256
b6e3c53bb48c2898ea96955a8df633c78035cf071842e84e31a6b265f86ed49a

SHA512
205c5c0d9b1b0f4f5e844c5abee168e7d3b64da0914b70f5470d7635f68f1d2bd5eee2343017a0c4961c2c78bd4ca2f70cd5594ef99b0ba91ce5250e0f3a4ca5

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall-Off.ico

Filesize
16KB

MD5
822ce582243adb560d3a6f5b87884cf6

SHA1
92fb5a5a4a81293cabba2b9e55fa03f0c51f0d1d

SHA256
2b04ea3f81189ce4a22abe6eb620dc65cf6bd44a2f152303096e3013068778ee

SHA512
27208641135e35d100de11b2de6d7f808d35ede3cfad8630b7cbd366e0a750aeb634392f4905bb9c65f9477927e3ea6447bedbe59447ec24cf511cce16eb2b50

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\CityHall.ico

Filesize
16KB

MD5
b8a844f428b535a1dfc17aac4a247041

SHA1
c6ff6d1ddfaedf589cc0e541f159ca6e97b4d907

SHA256
e1bca0ca6c4acc6b946d9486dea1ae89a8fa36715fc80f3a70d70d60689f0bff

SHA512
52655bfc21a68ca6e00dd21e2f5123707a7e0f51d318f86c6b33bd4ccd3d0a36f9f01123eeeaa23f48d232617919f88ff68b9b082852c0137bd27d32f2b9fd4a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone-Off.ico

Filesize
16KB

MD5
252a8304468aa4d67cdc654959f72ac5

SHA1
4cdabf4f34cd8a27991ee08d7d0d366ce1060723

SHA256
e899579042c65ee392700daf59d07252d9a4241fd70cc56a00075d2be5ce5609

SHA512
78854112f576c3ab88a43d1ded442361d32a4f3a5ccfe72f1317b6c0bc0b697cb6f492f5c18053667466eeb37f278c2aac9b54079ff04302c9a2862f704807ec

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Clone.ico

Filesize
16KB

MD5
818e9c0e411979071778221ef3e64ecb

SHA1
6e9f0e72c0d0dd8d4c6208cc65ce643464c2fc60

SHA256
d5e17286741825c832a92ff8eca5aa1a11a3873cf825e76d549a06d7527cf437

SHA512
1cc1202620add273cd1e6eedd4cd01b01457725e2ff798107959f6c4f9dea9aafc068ed8a77e366b01ce2fa4bd92a8c6e8a52d86f5209eacb17924a25f7b3b1a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone-Off.ico

Filesize
4KB

MD5
7a4eae69fa8bbcecd7d1c5c26cbf0f57

SHA1
d4bc72f9954fa58f624718d68dcfa8df4ef43867

SHA256
0c39e36374122bec7f62f2008971630aab77acb842a8227414aa8efd41b875db

SHA512
a1edd33ffbb0cc97952dffbaf87cd813cf6f80fb4a1c27dfbf1e642c8b2ea17076af84fcb674a737fcd9ed7f5d62ae604a777ca10900a01fda7a85cbee5628be

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Microphone.ico

Filesize
4KB

MD5
ac87badf42c18d9b85e9927553934a22

SHA1
12c52083ceec0b8e02c7df852cd866ae902c5355

SHA256
a8992375ccda029017fb09cf9f404bb7c7364f6b226dd3c082ad30cfb0897e1f

SHA512
cd8541c9f9b76b0223e9b323fe0dc8b4d24b18779e876c558fc4d512a2e3807b813941d0033dd32f3b3e7941522b7e2c28e27e25a05a8186b6222065ab666062

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast-Off.ico

Filesize
16KB

MD5
fbf41565033ad19d2248a78cc799f2f5

SHA1
4c60e313038a57b86f2239c50ec7ccc99127ee88

SHA256
9d5d274595493a116342d0773e33743f2c8b08dc4c5857fce3467b993428fd2e

SHA512
3973cddef018e61ac8c25b5bd4af32ecaf12c2281dc452bca7c120a92ac769ab5ce45b123f26a679291a194a8292880affdd86ba35916792a0bcbc3d456530c2

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Fast.ico

Filesize
16KB

MD5
4c38f648467f86b0b76cb3bb9913270a

SHA1
1c7abe04aed779f9932f1d518e65e6a24657cf56

SHA256
253a04575aabec843f6f4ab9d0fdd874d526f7a0f8c45922bd7bfa9242f2bac9

SHA512
a16efffddb1813f1fe599b3d7b93b13886640a4b18eaa6e08597c36c0a51aa376fd2587b4842ed3728b56bcfdd7bd1888424cc0f8655b9f83d29579907d76625

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Normal-Off.ico

Filesize
16KB

MD5
68dfefeae93b257db46fcaf0f101c8c6

SHA1
a4c9c364878bbf4192c222be65d0303ad6d13afd

SHA256
e108093b0a2897652c3646c58be076fa0f6fea8099858429d4430cefeb2370ff

SHA512
e59c53ba2ac469f37ba6f39359d9f62418fc255876820cc0cbc75c6559abd7487c01fd6cb15c54e91622fa7bab5e040dd21b5ffac0d005f66bdc88c0dda62f3e

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Normal.ico

Filesize
16KB

MD5
6e4004a72a3fea06f4ddedf1a349c54d

SHA1
683937023167f7571dd67398f2bbecde2c7f7cca

SHA256
8176921000f89a71e8719ed20b77ffb380f87bbfe5a59f073c841c61d9a877b8

SHA512
b1bbda78d27d727fc768d56065773d70918e0f15d8860011de0aba007562ea6985268978858568f631e695f8a4729393c342c0c944280e3e94fe5fe000dc455a

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow-Off.ico

Filesize
16KB

MD5
9212061a50c0a464fc9a23ba2b642402

SHA1
38e063b9d901855295ba27468d386fb19c264610

SHA256
76f2e1f2dcb7ef4a532d3ed539e8e5eea900ecfd24b84da91b6d7a6201453aaf

SHA512
25591857a02bb78bbe1f7e2ae621920cbae65d2ff270d1549acf3aae2a4d59970bf9c9364b9b543dac63fd8d97f0e18708e1f71bdcf76a22c3d9af73c8d34800

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Mutation-Slow.ico

Filesize
16KB

MD5
a3b4f287362f6128ee9c1647af52b0a5

SHA1
de1c96252d1b867089704bb4ad617ff169575fc4

SHA256
06cae75f238e989d3df868fcaa8529c614c3804fd57c6a7fa26f83fa892d26e3

SHA512
0b8541b43f6eb688abe8607c9adb76987238bd724d3b64ebdb46b661deb143765e6a425943b1ec80e09d6e8584859fb639078e3d7bebd72c23c39131d51d8fc1

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby-Off.ico

Filesize
16KB

MD5
f1df374917d3f8f9ed76f195a95fc69e

SHA1
a0011da872fc603b91b64333db8431b1215dd357

SHA256
8656ab19d7393e74a6e486dfa7c99f6ece46b1a479c6459356d8b9a2493c5af6

SHA512
f18ad61d77b902113a50361cab2eb549b636fadfaa49b64cd0bb8815d79494e1bf27393d2b3737d77c103c58bf2f323b601b508ca24f873bb1864dc7ea11ff67

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Baby.ico

Filesize
16KB

MD5
e3fd1405f464a7a805d81082f68e7e9f

SHA1
351b37806e40734e5808929cd25fbe5fe4620f1f

SHA256
1b4852f4cdac1a50f802b0590cd615cb41b0dc4cbb2760abfbc7998edc0529e1

SHA512
e41b022af71f7f7f5a5b42fc75867db4236ef94b15cdf333495da7eab90d89ea5071110ec28b562132f7ab0bafd692fa70d9889c62d736dd1b7e931b05bf6c44

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female-Off.ico

Filesize
16KB

MD5
93adf3488c6445baaf58722b824cef92

SHA1
493dbddffdd665be4bbff73710ed6be48f8b5fc5

SHA256
9e14fa6d74fcfa6aff3f7d8f7dd3b56af1487d759059e5905ab5020f3b231345

SHA512
b6fe5dcb7d7c81cb26d0720339466707084ca3d29f6558fc74fecc0f9f6043040e2b6bbccbeb66fd772305be92ed95a9eed703ad2f3adcae8edb55a2c5e0bc25

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Female.ico

Filesize
16KB

MD5
9df98607c8c803b39f1f31e1865bbe65

SHA1
1bd4eb1bc6eaaa3036f45bae64c0d091c158f3ff

SHA256
161de208a3aec64dccd1351be3f0cfb31f4fa144a6fcb6776437613bc36d6074

SHA512
b89b772fef928cbc0990331f4d30bd21cfd519fd45b0fe02114bf8da41134e205dd43ea1dc7ee0744233008183c132f4745eb2fe27712ad7f0928dbadccd7997

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium-Off.ico

Filesize
16KB

MD5
7594baf2728dfdc8f8c55456f5f5f932

SHA1
bc8d54bf277dff6a3f73b3d7643bf43db403d2fa

SHA256
2c639ac60a864b592ec054da4a07d11bb4d6cdb1066ea698cef5d3e59b71704d

SHA512
7392ef4431edf3e316f1f2bfa37ce58ba4987f26af9f9023dc7e820473890be5fcee27a8c8536cc4a627ae49040f480bf0d9ab2d751808b0e7f10b7f931f856b

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Helium.ico

Filesize
16KB

MD5
14d45e43dfe60e6a24bb73dee4f617e3

SHA1
4f2ba51c9c0e3eb0b83fa3401ed2fa737cf67e3c

SHA256
57c4be5d556f6b4c787586728f75edf5f2f29fe405eb362ec400ea7d19159cee

SHA512
ae50ede1a98eec82ee53aa82f7be4e1fd994ed41d321ec6274f423b0bd19ad9d595d3f9f20c498490af5dd26a7783936016a8795e1b96acf64758588d6279f98

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male-Off.ico

Filesize
16KB

MD5
ec5bf36ef0d5a9d98b174eae13e053d6

SHA1
c060e8aa6aff84662e25794a86b7e29c15bfbf32

SHA256
3743770e30f2e35187794c0f765d3313ffca4257d5f54579ec6f49c799a113d5

SHA512
9e230ed7ab209ea98ca53a7a639b0ca2f8df3046c8964bb2956d207b5a677c92c01e3b79cd87ddc1d386006b33cbec67250cac28beadb525ac80c971df3427cf

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Male.ico

Filesize
16KB

MD5
4f722d42b679c3137e0ec5d0380b5c2e

SHA1
30f9554ac568321f10ac08346ec5fd9094fc65f5

SHA256
69c3129ac103c9b5c7bf0203d79911a195c52f849b8cb51ea2a72a22ae0e5db3

SHA512
b64d35d1f14449a0b3ce2097324a577101e576d0151ee938cd76124392e75bf6bf650aea3a2654a2436be47d8b93c46d0353eeb048fcc730057a3285c2f5d2a6

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual-Off.ico

Filesize
16KB

MD5
a46db4094f28a4548446e255b3b8f6c5

SHA1
b4fbc2baee8d82b38cc4b3af4f76f83acda1cdae

SHA256
3eca94615a2ca4f29cdc0a3104fd84b6b01dc19415381c32e31edcc1073cfcb9

SHA512
a398d136284b7692a6159a2373f52f5658170b3219c08d9f8156b2b612e4b103bd3eab21d6a01b7750fb35995572f7ae1fe41c358819d8c388a660cba406ef50

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Pitch-Manual.ico

Filesize
16KB

MD5
cd5e5ffbece346671f78bf2add304a73

SHA1
cae262814cede831b21a8d2756778d408ae55511

SHA256
d872545106e8e899c1e340e992e7a22cefcbe62eb1aada04fd2089d629043716

SHA512
d26873abcfc65e7899c6ecc4be47f342a5280e733afe03ab528c5743022a91e0c292823afa699d8044480fb78c0f4ff41cecaf8e0c2ca09d99a5f58fa10f2638

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Radio-Off.ico

Filesize
16KB

MD5
d86fedd0bd1d19b0dcd1ba34f29d08d9

SHA1
0887b15268146436037262b9eea36a29edc535df

SHA256
3dd0c14f58f5e386a5351067444709b2ffe4c5af7076abc301c642d75f9bd49d

SHA512
52cfabb25ce0de3f7ff23163de2fcd9e5fcd749d84f1427307955aae3eff74f163ce7d2339a7501321da2142fcd48efe4e7b432742bbd35ef07271e7b258d994

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Radio.ico

Filesize
16KB

MD5
f2214783b072e29992dddf5702b80df8

SHA1
f5cf7b5a1ab07350a6cc8329ff59090b0008c60c

SHA256
383986e6129a7fa4659787bf5159a03f9b2e0f1ecd8e90d018a326d4f80523b1

SHA512
ef1afd460324f30e57b9eb25ab0b44ff217052c4d965a1f6617bb3be761f9646e60fa74ab454c269e22808b24f18af8d546c8b4be7142d07440d8990d3e694f3

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot-Off.ico

Filesize
16KB

MD5
49f703b6b44a50cb8446e93ddb5e3e6b

SHA1
f63de1e09be9bbc2e465ed91d0a41cf2878be5c5

SHA256
16a4d7c4bb8e9985454f48b5694dcc5e915681b6900ecd0dcfd30970617195b3

SHA512
3608583c4866d3096f3b311a661fbed96cb817a01f296421ec35b665647d4f28ee21b19004a3e75f5e1237d6fc3ae1ed1a5848262786ace9e9071394efb3a9df

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Robot.ico

Filesize
16KB

MD5
dc21021665efc0d91a3c023349e0088d

SHA1
a9db1ccf0293442e171af55dff9b305da26ed551

SHA256
f4b31cc68ab44252953dfd7ba9ed190904a2855a187c5eb9b2d1865af6b4925a

SHA512
3d797a568390992805f5a0ad3d247afce0fca4a399c439cd68f2496c4b49491fb216554fe940512c984371083771f73136ec013921bd5184dbc276676a269b16

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence-Off.ico

Filesize
16KB

MD5
15b678e256892c094819e9adee6931c0

SHA1
af96f5f1f0ba441cb27fc92ec84bcf64ace578a9

SHA256
a5a127fafc661c60ab71a91a3af1e75757dc8f769814886ec1385be491d0bee5

SHA512
4d0f5cc19ace20534c2b88325cb7f1482e444b14628eb2c5d02ba2d89c1f53d4a14033b23f714fab6f5fbe9d2e5d286bdd8d9735b0f343cb156e287506c2998f

Download Submit
C:\Program Files (x86)\ClownfishVoiceChanger\res\Silence.ico

Filesize
16KB

MD5
d182f6d36f07ce8c87ab7c3a5b63c660

SHA1
ccb3953c3de04823f64674069b8fd8fdf2d47290

SHA256
174cf35498ac34dbc791179f2eae97421df96566788d10774cd119da236b86c7

SHA512
849e074ab63223361664fff2a667d13e89de642a877e8c7baf28f3a8580f5cfe32754a750d9fb46cda290daba3cd8887ab6e9824dbca2597d01555e0968724b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9faad3e004614b187287bed750e56acc

SHA1
eeea3627a208df5a8cf627b0d39561167d272ac5

SHA256
64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

SHA512
a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7915c5c12c884cc2fa03af40f3d2e49d

SHA1
d48085f85761cde9c287b0b70a918c7ce8008629

SHA256
e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

SHA512
4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
192B

MD5
78047f994e27c725546ecb14e8235b32

SHA1
4947fa8ae39c5574c4f6db9c676f3b59907c2846

SHA256
fb20fa287ec3f3be7b0a1034d3532d56adba9d92c9415229f5e9fb353bc6049a

SHA512
9bd34dce6a0d8d35bf9cb76d2970b2ec09903053ead849ec029e2c1bb2ea6b7abbdc14eafcee0374e39a7cd9959b0d5eb17c4a221ad92cb15a325520e84b52b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d3ef81fa5e36d2cf1ad659a95283382

SHA1
2b7fa60f0aa7c287c6348aa240ed197a30c849c8

SHA256
b947dc5d05e615452dee4efe2e367e1f3ed2ec63f6b7a809795b9ea007d0ab29

SHA512
63802c44da94dd726aa2f8d75fbf83eacd18994d869fce5c89031dc05f021725d7779519bd13589d46c48a2a81aec4999a329b90fd0a4580102fe78a4b541088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa9b79e6263e9fcee712520ba96b1bfa

SHA1
59fc7b39cb1c3d32429c596e22f96914d3cfdfbb

SHA256
208b66fb3fde4447ea66c389889061d73fa626a6c72e67b953f1ed71729f37de

SHA512
b9c41fcc92ff6f21317b5c7612f2aa2c149ad749a564667107c716e592909b8cc0500489fb3dc467e9aec039c47e9e5d29d3ecceb9e39c2fa53221ca89b5bc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7ee0046ee20c4606f9230680426c0f8

SHA1
232de1647799108322c2bdf207ff59807fec468f

SHA256
d721548edde77fa7ff4a959ed973034310c02c5e970c6b024a9d51ad3954ae14

SHA512
ab764218088a4e5efce76cf1f628acf2ba932201a06e626c6c54cbd98b3e0cac8d0562b1cca0dc9fe10294de6a29b7cc157ff29ed49b7e93226f8d36bb73ebcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f62ab0b2568e700f8a94938d902add28

SHA1
f655f7d0f145220b909283634bb03dbd2e070f40

SHA256
bf57a5e44089a319df366a3324b45adcdc6e015baf6c775229e24cca6413d781

SHA512
5dc2c208be043cfb14d6d5281166b64f74a9ec95f3795be2cf51a34ddc802385e66a8696cf12bf5bc65677f375e40e394ba0124f792bcfc787cc8ac8932f5b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e321ef616d34b7fa6bc6c87501cc91bf

SHA1
83d9f2d03ef01fefb5ecc903f143afb1ce739b66

SHA256
e38956e7a6473646cd30d2e9f95ea1139228bd2f57c598f2033dfe75f438b89e

SHA512
ead34a883a7b2a1c46723812402b8459dafa3b548aaa6472941dd95e640c7d53e731578a864d30fcf58d3faf9823f6f82c1a8c4a91ce96256d27ee5887bc1f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
727238067b82d72654b68c2767106305

SHA1
66ca794c893fd91b8a9374398bf2fe7762ddf3b9

SHA256
cc2a17d497e84a18f2724ce80761104d3135d49fd469a3a18f548a3a7b1ad458

SHA512
0aed83be692462e1fbc6e136d11bb92283aa40a858d9d1ba37e1c9e8f618dcc42cf441a7e6f40eebf1451ccea434d3cf278c7c2f0981dbb1171669531c742f9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
28bfffbf7263ef7bc2263a077d2b6d3a

SHA1
79af5ce60900b539277c7c875bb18ba7a422b486

SHA256
552299ea280204273121e1995cd4333413d2bdcb2e32ce26fd683610e7949307

SHA512
2c5366363625c6167099b5df5d33dee6cfc0bdcda9c279ed1cb238f920090f3c38dec2bd2caf3ae0861a7c3dc59b4367143f8c7ea44004dc746122da9f29c189

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse9EC2.tmp\KillProcDLL.dll

Filesize
14KB

MD5
586270250a1acce8126a0877fd5bb981

SHA1
9f5645b37b3af04004697639855da5c99a41aca1

SHA256
0fe15b023e21b7054fabb3d47b6084d60f8e474d8f9ca3a0a25dcb2097d6f0b8

SHA512
a1994b91337385ab153860a013912f9cacdf9c233395868bf8eedfbe6dd13841619a8048c1d8407ee4b77c466fd8f31fc5cac2c779a2ef58c3a2a02caeded055

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse9EC2.tmp\LockedList.dll

Filesize
28KB

MD5
2ee096682cc84f5fd44fb5291c00596c

SHA1
8dccebf054abe13e5b324dfdfbe6605553971396

SHA256
671570118024c9132f12999e198cebc87b3bf1846695553bf478c5a42efec226

SHA512
1ffdc3a5256b8eb62aff82c6429dcdf582009a908d43ab30d3fad84770b012be59c972323b6ae2b8d7ea2ae29d8ab3a99913205a0b33582e95dc813c31507d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse9EC2.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse9EC2.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse9EC2.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\Documents\ClownfishVoiceChanger.ini

Filesize
748B

MD5
4f113e85d9aed4c508015c465fbb92fb

SHA1
39ee7cf5c0d9b83ae6d9d48c9797a2f78e418c86

SHA256
952af17bf4042a0428ba28eb4ed3eb8f878092d1d0b6419a78fcbed9e093551e

SHA512
4ae8484cde1c3025fe35dada0b7b37e89fb6194657a01d007be82b3a9bedce9b30296cb94b8357b90fc8980297eca4c0ae5897b63b460938317506693024679f

Download Submit
C:\Users\Admin\Documents\ClownfishVoiceChanger.ini

Filesize
843B

MD5
a831e8b40d72d5d39830ee9063077820

SHA1
7892ccc0e3565359019ed23b726e970aacd802b3

SHA256
afd34f7e528295268405d9a411a864221b936d9cc8cdcb283e1fbc9463ae4113

SHA512
7484fddc86053d02aa626d54662b5adcc87b5237bf3aa82e4ba1d5315a86fce4b051ac28b803221676ecb073bf5d2e2f6e75e57a007d94660586db4a251143c8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 847812.crdownload

Filesize
1.3MB

MD5
916685fa3dc46d2dc8f13cf30b33eb2b

SHA1
0f8192d856d75c214058362e9ee7fee54c882b7f

SHA256
9170931851b047e8a80e4f3134169fb0e0a5a902c95dd8838ee2aeea4d77ffcf

SHA512
d1727740ed7160901f4a0e02628d9bc60de119e11b46acdf9bccb4b289057e1fb6049fc0a272e475ba322469f1cfa12c9ce41fa6263ea04db674e3fcfa9849c6

Download Submit
C:\Users\Admin\Downloads\VoiceChanger64f(1.81).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit