Overview

overview

10

Static

static

3

Voice.ai-D...er.exe

windows7-x64

7

Voice.ai-D...er.exe

windows10-1703-x64

10

Voice.ai-D...er.exe

windows10-2004-x64

10

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-1703-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-1703-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    564s
  • max time network
    590s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-es
  • resource tags

    arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    05/04/2024, 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Voice.ai-Downloader.exe

  • Size

    477KB

  • MD5

    40ffaea0c96bc8fd1ac022ecf287980b

  • SHA1

    c9ff64fecee39aa1a4f1c930d6b6ad423e1b1c14

  • SHA256

    100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e

  • SHA512

    cc0f2ff6b650644564d7469031c96fcaf93b9dd82318eda244abb65970d2e5697ba27bb0c62e31f4f654cc031ac7f19f0692f444674fd174f9acbc201c8944dd

  • SSDEEP

    3072:ckBGWOsTIJgIDU5A/cNo68pMABlZQ2wpFD0ra42L5GYDxJ0ytta:c1ssjH5Mp2w7g+42LUS6

Score
10/10
zgratdiscoverypersistencerat

Malware Config

Signatures

  • Detect ZGRat V1 4 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Downloads MZ/PE file
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 20 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 25 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Checks SCSI registry key(s) 3 TTPs 42 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe
    "C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Program Files\Voice.ai\VoiceAI-Installer.exe
      "C:\Program Files\Voice.ai\VoiceAI-Installer.exe" /path "C:\Program Files\Voice.ai"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:712
      • C:\Program Files\Voice.ai\tools\vc2019.exe
        "C:\Program Files\Voice.ai\tools\vc2019.exe" /q /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4660
        • C:\Windows\Temp\{B1392312-40C2-40FC-9DD6-28E1C5E47247}\.cr\vc2019.exe
          "C:\Windows\Temp\{B1392312-40C2-40FC-9DD6-28E1C5E47247}\.cr\vc2019.exe" -burn.clean.room="C:\Program Files\Voice.ai\tools\vc2019.exe" -burn.filehandle.attached=512 -burn.filehandle.self=532 /q /norestart
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:4284
          • C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\.be\VC_redist.x64.exe
            "C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{790BF21C-A081-4CB0-BD98-AC078853BB99} {E1CB14CC-CD87-4614-9FA9-4DE668A00484} 4284
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5068
            • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
              "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=912 -burn.embedded BurnPipe.{373190BF-AD35-4F04-A4E8-9368F6EFCFAF} {FBE6FF93-0F86-4711-ACC5-1E002CF61450} 5068
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:3296
              • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=912 -burn.embedded BurnPipe.{373190BF-AD35-4F04-A4E8-9368F6EFCFAF} {FBE6FF93-0F86-4711-ACC5-1E002CF61450} 5068
                7⤵
                • Loads dropped DLL
                • Suspicious use of WriteProcessMemory
                PID:2756
                • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                  "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{CC87300F-2E04-4156-867E-B5BB325E8220} {E91647A5-09DC-4124-B785-447EB2DA4BB6} 2756
                  8⤵
                  • Modifies registry class
                  PID:4884
      • C:\Program Files\Voice.ai\VoiceAI.exe
        "C:\Program Files\Voice.ai\VoiceAI.exe" installdriver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies system certificate store
        PID:4112
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:428
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4136
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f37fa2bb-cd5e-d346-a8f1-eabc461e1199}\voiceaidriver.inf" "9" "46b7f3743" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "c:\program files\voice.ai\voiceaidriver"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:3884
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "voiceaidriver.inf:ed86ca11bfc96d40:VOICEAIDRIVER_SA:16.36.0.99:root\voiceaidriver," "46b7f3743" "0000000000000178"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:1576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e5ee7b3.rbs
    Filesize

    17KB

    MD5

    77dbd3d35a41e0296a9147fe7d8b3c14

    SHA1

    65e7582479032e71151500738b33b81113c62cb0

    SHA256

    decc3586a42046cc6154190d6376098821fd9327f388765804d0e03f9f98ddac

    SHA512

    b861f54920850de1b1bf3121943b491587534aea7a424aa5c05a704a770bd26527e3e08d99f4f6fda1160f2fd294bacb2880186a9bee83c8454cf1bd339d54e3

    Download Submit

  • C:\Config.Msi\e5ee7bf.rbs
    Filesize

    16KB

    MD5

    a9ead349431fbc730f156a75c37bfb2f

    SHA1

    ff9b1bb8741b20cb1db4d0d9a833ca8051b1199f

    SHA256

    035719ca9162572d7e40a7038e717a1cf41cf2a6795b3ea33b15d0052d3b199d

    SHA512

    ade528cfdea0a8654a5bcf74a9f05626d61e86f7a8a7cdc36c653054d805a050a27fdc57307f9073ce68febd2b84fbcc1894a1a61a43c7ca49fb95b88a23cf47

    Download Submit

  • C:\Config.Msi\e5ee7c6.rbs
    Filesize

    19KB

    MD5

    737b6d3e853dc9989f3640b11697608a

    SHA1

    2646d1ceab517b11c2a001a1198f6945990f09af

    SHA256

    4cb07236b7318ef152f1518b720323ebb089b41ad8382e9627642ede9ab2e44b

    SHA512

    25284268fddf087a0a912a7a2af83f20d5032667f0afe4a74aede9eae505d8681fc1b2a7699bdd809f51cea39afea6199230f8fe79ac84d71435480be42dd2f6

    Download Submit

  • C:\Config.Msi\e5ee7d5.rbs
    Filesize

    18KB

    MD5

    7a9aa95bd247b0f8fc51555eab662f82

    SHA1

    fd44f9c95249f0bf7d5859d5914a3575ebe2692d

    SHA256

    543c567f35726bca19a45865a5ed3f362fbba0eab9060128daa13bcd4a5e9a2d

    SHA512

    2433a4729531633f526e0c34cf3d3d3fea6f5d38b18fd47b02ca279dd8a7567c43e8621538b58e590fc7d5baa0efcfcb7d46e5f9068ee19ee301997f7a66cc2e

    Download Submit

  • C:\Program Files\Voice.ai\AudioConverter.dll
    Filesize

    425KB

    MD5

    1dbdc883fe4375e343e574bf085c0148

    SHA1

    e2235e18bcb3cececcdc6024426de2437596e8c4

    SHA256

    67271bdbe5fbc4f77fb9ec5c206da226e76245e1fbf48753156e9dcb6e5b946f

    SHA512

    43242a0697b497a24f2b80533658d4ed9c85f37925bec471aa8b5646bfdefd9d996ab896c2d63f21ff648fc5494b24a35e4f6717041c9c97c09ca585285682a8

    Download Submit

  • C:\Program Files\Voice.ai\CefSharp.dll
    Filesize

    1.0MB

    MD5

    69f79d227400c5c5a17e4fe6b5719009

    SHA1

    d7ace396db95eced9b4f98badc4282f359999d28

    SHA256

    7be25c5ddbbad217fcb40dbef92ba783bb8a155d3db48cde5a4c32e13761cbf7

    SHA512

    49262793c3b64fd454522381856761e456999d36e84ee228a894cefa4e19473302e9d7941d49b3a4d6faed98b136a18d60fb1dfdeaf4119f6fddb4c82da6f24c

    Download Submit

  • C:\Program Files\Voice.ai\VoiceAI-Installer.exe
    Filesize

    699.6MB

    MD5

    93f7d1286779c23fec33567a8297b21a

    SHA1

    d819d6debd0289e7f5d5e9a6290de4e678114012

    SHA256

    3d7d2cf3fb1a87a615301f15af98d30fbf3e317f9c98ca154a80f44c8f0f04ca

    SHA512

    a0f6d39511c7314d1b511a21ce83eecb93cb79e9eb976b74933553023b72b4807c659a7f250174f74096e741b79f53b36f120c08d9fab399b8c840484feec237

    Download Submit

  • C:\Program Files\Voice.ai\VoiceAI.exe
    Filesize

    3.9MB

    MD5

    e760f3b42f993578aaf79b792dc538f0

    SHA1

    45888500d9ea5ea2ffdd0d4fdb0eff6cbf349151

    SHA256

    1839fb52451cff7a16f31f834b795eb4663452ded6df7a6951e48326ebfc3673

    SHA512

    173ad8367de22f871238e7344a2b308171dd31e2646bfedf696dbad49850b98b9cc89ace5400f20edb31014283e4b4e639451ef206d8f4a5a95066bfa1ccef73

    Download Submit

  • C:\Program Files\Voice.ai\VoiceAIDriver\VoiceAIDriver.inf
    Filesize

    14KB

    MD5

    fa4ddfa2231dc2c50e26794ae7356e0b

    SHA1

    463f4c2ac4f7505f2361c7853505b19fbe08f257

    SHA256

    a3554efa382a84130393a4d8656b31f06b20b9387e27fcba978162213fb7be90

    SHA512

    be11de31cdea93320a03892b572b17985a66d8b8483d1568afcba9d6cd73cfc8f86c628736d9c8649cb9af0acba17dc26c14fef55b2951520236f650b5a55946

    Download Submit

  • C:\Program Files\Voice.ai\meta
    Filesize

    23B

    MD5

    6997abf8c138e85961f89ee82ae53532

    SHA1

    32e7d5b03035f8e6597493168003890c0a3ed29a

    SHA256

    0fbae5806b1bc5bf6f68ae6bc0975be1ec56e27edcb4a572792246e2aa8d1ccf

    SHA512

    b176783b0c4c6503d8274484b7584acd8d7a9a29b73da63f9a01184f54e7fc7aef330301c6b97a717aa22bc96547aa8156dd432c5b15107e4b23cfa7b23da17a

    Download Submit

  • C:\Program Files\Voice.ai\tools\vc2019.exe
    Filesize

    24.1MB

    MD5

    4a85bfd44f09ef46679fafcb1bab627a

    SHA1

    7741a5cad238ce3e4ca7756058f2a67a57fee9d1

    SHA256

    37ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b

    SHA512

    600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    3ec812af46b0f111e99b54b129eb94f9

    SHA1

    103c4720315078aadb6d63111eec900a8652fc9c

    SHA256

    64d459714f98144b7a04079efbd965519d8b0bd3ed0021832e3683e79bcd41c6

    SHA512

    1fc8bac653f8f2daaa92014daa05a31cc02abac666c485318b76b379c53f47ddb79ee3495697716a1838b85766b5d71138bc6438844c661792064c22a68b2abc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
    Filesize

    724B

    MD5

    8202a1cd02e7d69597995cabbe881a12

    SHA1

    8858d9d934b7aa9330ee73de6c476acf19929ff6

    SHA256

    58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

    SHA512

    97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    d01e52af367909efc6b780b4d5017d90

    SHA1

    08f69dc57b226afb12387585d2cf6b3c014222a5

    SHA256

    a486fe9347708d5f3097ff229fe3975fdd0f114fcfe637668880a02802cc2f62

    SHA512

    971f6879648293b8bd7216edab464c52dac18d80bf5ff0bfb48f0db56f044730ace19cf8689642f74f732105c28bceeee708fc53b5d3b98efa3bbd376fda4d9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
    Filesize

    392B

    MD5

    3d9ba165ccedcfd308516f632ec8c8b9

    SHA1

    d5016cd5991ceaafc1de6be8d0f65ec8f27c3d63

    SHA256

    2e5903e4f796f7f34456f0034b18f4ccc134460c96438baf5f065dfb24cfd3ad

    SHA512

    e9343ec80c9bdba66307f00931541c5a7d9e4d4098e753f42e4563f7170e346aeabc45c3b3d6835d4b33a08452a34d13a18ce8cbebc42f9c7fdd5e804ce57cbd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ORZAXET9\user-event[1].json
    Filesize

    16B

    MD5

    7363e85fe9edee6f053a4b319588c086

    SHA1

    a15e2127145548437173fc17f3e980e3f3dee2d0

    SHA256

    c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

    SHA512

    a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240405010140_000_vcRuntimeMinimum_x64.log
    Filesize

    2KB

    MD5

    8818b5e2b4b662ca4cf705875f8e7e2a

    SHA1

    d5fe1fcad2496326d133d01589575816869a6da7

    SHA256

    8048ba81a068e0f5079b8fe348e4758341df4ceb1249a48850df80d3b7ce88c0

    SHA512

    58a1e2796cce2841bf6989849f9869bd587bc0b071b12c4a3d558f8f5ed3ddbff2c2d2f1f0bb5be66726d56894a4c20b2562bf9f62bd1be121223892641b4843

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240405010140_001_vcRuntimeAdditional_x64.log
    Filesize

    2KB

    MD5

    cdfb87deb1d732d7b6d2024e8f871453

    SHA1

    f791edb0787850653b20edd58baacf05e92bdb58

    SHA256

    96304163e775e205597df7b81759261fb017c12fc3309aa9cb06345ecfc2b09f

    SHA512

    becbef5f9ce61ebd9ef5e4779b9c948c36a446ae0cbb1e024ca29ade8aa80dbf69382ad618740c4430f636fd9d9db117f40b0f2d2088d874d9a5caa5cc110816

    Download Submit

  • C:\Windows\SYSTEM32\VCRUNTIME140.dll
    Filesize

    95KB

    MD5

    7415c1cc63a0c46983e2a32581daefee

    SHA1

    5f8534d79c84ac45ad09b5a702c8c5c288eae240

    SHA256

    475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

    SHA512

    3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

    Download Submit

  • C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.PNF
    Filesize

    18KB

    MD5

    e50b9a539c612bb8b517642462e2672b

    SHA1

    01b82a45dda2112a0fc81061fd91d0e2681255a8

    SHA256

    542a84f6f915bbe01cd1bf5887d5c89e904826a33d0fae2bbc401e97aa811495

    SHA512

    39af392d369b49a0dfde5f52ec350a9a09bdfc6da65059bf3c113bb68477c15a5169d4963a96db4673a339750bce2e945e436e10c307a8d30ef8a98443811403

    Download Submit

  • C:\Windows\Temp\{B1392312-40C2-40FC-9DD6-28E1C5E47247}\.cr\vc2019.exe
    Filesize

    635KB

    MD5

    9bd591625766a7330708b2c6380dc1d7

    SHA1

    18018a3d12278187a8dc26eae538a799511bbdfc

    SHA256

    21503f265452414f3960b33ba000ab2cbe0a335901e3a585b0935ac4806fdd79

    SHA512

    58c90b7889d92f31e76d0559258023cb4693982288721c3c7fcd820e40f6c1ee972d9ffd3c95016c2126314a260da5faabdeb1a8528eb23d469a7ecbe391c1a5

    Download Submit

  • C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
    Filesize

    5.4MB

    MD5

    6ce5097b19cf57527651840bb438adf3

    SHA1

    49d0b725e5819a076562fd007490eca0bbb69003

    SHA256

    f24a3bc5df7e7c07c0d13f46348c989eae7f597f428b20cc9044bba47785b7f0

    SHA512

    9152301c4f87018d166b624d73919fc2da7e7ef74b2c1ecf8ad01c31c2b2239013cc3bc22237c81940ae96a5fd1b3698d260c3d3e0a9d0318cdc053e28328d83

    Download Submit

  • C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\cab5046A8AB272BF37297BB7928664C9503
    Filesize

    879KB

    MD5

    8e288dd0b5e0468ed8ae01ee566e77e8

    SHA1

    fbd11237ae3300a2202444d339601d1ac6bbf310

    SHA256

    c80addc870825e9a1aa9281e105e583973ec2846bbd74f1e97cb60911ba7a2e1

    SHA512

    facc72bdcdd5de47c0d18ecb5288962b04d9e4924a9a07ee807a3bf0eaa77eac05f086906b680bcf97c3bad5fab0038b47c0e09cd2bbec1d0709eba015bc1c04

    Download Submit

  • C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\vcRuntimeAdditional_x64
    Filesize

    180KB

    MD5

    e6df9f55e20905f77b136844a3844dd6

    SHA1

    b7c1fb12bda508a62fdd9ffa9e870cae50605aaa

    SHA256

    f8745f3523ea73806d591fa4e666e86c30c7e5240a07211a0c11a7633d16c4f0

    SHA512

    7c71c2b9a7d3d768d1686cb037362efb9e38c50b652bfaeb22cf86c6c47a85962f9893cbf5e2f86880c9c8fc8bc0278edeb47088813e022ef05d7db15efc0713

    Download Submit

  • C:\Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\vcRuntimeMinimum_x64
    Filesize

    180KB

    MD5

    143a2b9f1c0ebc3421b52e9adcb4db2e

    SHA1

    06e01b8cc855fd9a31f99b430f8c8745e706c677

    SHA256

    5d0416e45819d555ad27e5efc1aeeb465cbb8e2937b3221852bea0f7d9c3a954

    SHA512

    7e17309cdaa856bd1bf17535e0f65db585226262a1c9ffcaadb19eb0822a578ad9036487870b97fc86b7167848f69d495aa51c380ba9890a71f8f9a94061fa05

    Download Submit

  • \??\c:\PROGRA~1\voice.ai\VOICEA~1\voiceaidriver.sys
    Filesize

    71KB

    MD5

    90e4c7c347839c09c8f7f45de3f4fda1

    SHA1

    18c5a6fae8c9292702d62e9ad2da1e24336f72c6

    SHA256

    74c4c2f122d48548019314fe15a331b81bfc10408b0d6f471dee94e37fe3c1bc

    SHA512

    2cf37738f112026eeb68636423e619be5e34cae7734ab1cab5d8cc799af7509d2ffca09b566cbe46bb47f54981042099e857660acc2ab24558715408c011bd58

    Download Submit

  • \??\c:\program files\voice.ai\voiceaidriver\VoiceAIDriver.cat
    Filesize

    12KB

    MD5

    26f1832c761580eab272ae065f644005

    SHA1

    bdd7eb53423659de315d88ad5bb557ffdf5593a5

    SHA256

    bae9e5bbff837d0ebb43ca1ff1a275474d8e50832a590a957afc8d3ee1e5f560

    SHA512

    a0c5c4fa7dcc9d4347a521863b9ba4fd2f5eda4d49f70498c4e89c54b59b7773835796e0cc83470c191e1231c69885d22efe823a3a96b2b971ccd1473e2630eb

    Download Submit

  • \Program Files\Voice.ai\DriverManager.dll
    Filesize

    82KB

    MD5

    0ca711f575bca2fae56fd952d9af1276

    SHA1

    d53d175ddc924431707b8a6e4e4e834094a5fc6e

    SHA256

    a789ea2806ebb04f8f9fb59c2ee0d407b64e5c33042ca7cd68aeee2fed6b0ea0

    SHA512

    513de025729d4eb9f9edcbf42b5f5012321ecf1383ce2af0dd6e71b881e72f310d937b59df28cb9e416a79c4294a629da07be68a1c1622f0f1f499c8babbebc1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsc807B.tmp\INetC.dll
    Filesize

    21KB

    MD5

    2b342079303895c50af8040a91f30f71

    SHA1

    b11335e1cb8356d9c337cb89fe81d669a69de17e

    SHA256

    2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

    SHA512

    550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsc807B.tmp\System.dll
    Filesize

    12KB

    MD5

    792b6f86e296d3904285b2bf67ccd7e0

    SHA1

    966b16f84697552747e0ddd19a4ba8ab5083af31

    SHA256

    c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

    SHA512

    97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsc807B.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjCD90.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f5b0c649b0cfc103fb113d013d48cacb

    SHA1

    f89286966000cb053b7e94100c76ec6d1129af07

    SHA256

    a87bd092fa5bc00661525455b9f866b68c14c29224520c4e38f56f47234cfc1e

    SHA512

    e184101a03ee1c8896efb0029a02a23e46d422bc0f250ef15349c8214d44156afe2b5f739d8a2339bc2d1c05984fc55651c36c71897cd4b14f41dd37a25cfb01

    Download Submit

  • \Windows\Temp\{B7E71F61-584F-4EA1-A37C-0206AF8E3647}\.ba\wixstdba.dll
    Filesize

    191KB

    MD5

    eab9caf4277829abdf6223ec1efa0edd

    SHA1

    74862ecf349a9bedd32699f2a7a4e00b4727543d

    SHA256

    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

    SHA512

    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

    Download Submit

  • memory/4112-496-0x00000220F97F0000-0x00000220F9800000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-504-0x00000220F9910000-0x00000220F9A14000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4112-502-0x00000220DF550000-0x00000220DF551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4112-501-0x00000220F9620000-0x00000220F968C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/4112-497-0x00000220DF530000-0x00000220DF531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4112-494-0x00000220DEDD0000-0x00000220DF1B2000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/4112-599-0x00007FFDA2FD0000-0x00007FFDA39BC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4112-495-0x00007FFDA2FD0000-0x00007FFDA39BC000-memory.dmp

    Filesize

    9.9MB

    Download