Overview

overview

10

Static

static

3

Voice.ai-D...er.exe

windows7-x64

7

Voice.ai-D...er.exe

windows10-1703-x64

10

Voice.ai-D...er.exe

windows10-2004-x64

10

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-1703-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-1703-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    593s
  • max time network
    596s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    05-04-2024 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Voice.ai-Downloader.exe

  • Size

    477KB

  • MD5

    40ffaea0c96bc8fd1ac022ecf287980b

  • SHA1

    c9ff64fecee39aa1a4f1c930d6b6ad423e1b1c14

  • SHA256

    100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e

  • SHA512

    cc0f2ff6b650644564d7469031c96fcaf93b9dd82318eda244abb65970d2e5697ba27bb0c62e31f4f654cc031ac7f19f0692f444674fd174f9acbc201c8944dd

  • SSDEEP

    3072:ckBGWOsTIJgIDU5A/cNo68pMABlZQ2wpFD0ra42L5GYDxJ0ytta:c1ssjH5Mp2w7g+42LUS6

Score
10/10
zgratdiscoverypersistencerat

Malware Config

Signatures

  • Detect ZGRat V1 4 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Downloads MZ/PE file
  • Drops file in Drivers directory 2 IoCs
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 23 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Checks SCSI registry key(s) 3 TTPs 57 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 59 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 13 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe
    "C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4736
    • C:\Program Files\Voice.ai\VoiceAI-Installer.exe
      "C:\Program Files\Voice.ai\VoiceAI-Installer.exe" /path "C:\Program Files\Voice.ai"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4620
      • C:\Program Files\Voice.ai\tools\vc2019.exe
        "C:\Program Files\Voice.ai\tools\vc2019.exe" /q /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3984
        • C:\Windows\Temp\{6223BD9D-DCD4-42C0-9B73-754D03AE7D44}\.cr\vc2019.exe
          "C:\Windows\Temp\{6223BD9D-DCD4-42C0-9B73-754D03AE7D44}\.cr\vc2019.exe" -burn.clean.room="C:\Program Files\Voice.ai\tools\vc2019.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540 /q /norestart
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:3068
          • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\.be\VC_redist.x64.exe
            "C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{96DFEC01-84A4-4560-AA7A-427FD1A26726} {429005DC-5F7C-44FD-9459-DC59A98C5EBE} 3068
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3424
            • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
              "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1136 -burn.embedded BurnPipe.{C8EC4F70-3A04-4F9E-8C1D-350595A5EEF9} {B6F6CB3F-4706-474A-B9BC-1EE04A33CBB9} 3424
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:2544
              • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1136 -burn.embedded BurnPipe.{C8EC4F70-3A04-4F9E-8C1D-350595A5EEF9} {B6F6CB3F-4706-474A-B9BC-1EE04A33CBB9} 3424
                7⤵
                • Loads dropped DLL
                • Suspicious use of WriteProcessMemory
                PID:3688
                • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                  "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E4BFD209-9496-4E2F-B6A7-CD23BDEA066E} {0C2A4BA3-E580-4C08-BBDF-773E1610084F} 3688
                  8⤵
                  • Modifies registry class
                  PID:2204
      • C:\Program Files\Voice.ai\VoiceAI.exe
        "C:\Program Files\Voice.ai\VoiceAI.exe" installdriver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies system certificate store
        PID:4840
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe" "C:\Program Files\Voice.ai\VoiceAI.exe"
        3⤵
          PID:784
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:2976
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      1⤵
        PID:3988
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3196
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
        1⤵
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Suspicious use of WriteProcessMemory
        PID:2460
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5319940a-4133-b645-a838-d5ee7358a34e}\voiceaidriver.inf" "9" "46b7f3743" "0000000000000150" "WinSta0\Default" "0000000000000160" "208" "c:\program files\voice.ai\voiceaidriver"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:2332
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11bfc96d40:VOICEAIDRIVER_SA:16.36.0.99:root\voiceaidriver," "46b7f3743" "000000000000015C"
          2⤵
          • Drops file in Drivers directory
          • Drops file in Windows directory
          PID:1140
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2544
        • C:\Program Files\Voice.ai\VoiceAI.exe
          "C:\Program Files\Voice.ai\VoiceAI.exe"
          2⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3368
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=2644 --field-trial-handle=2680,i,17893914157882710408,58610925463475502,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=3368
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:1488
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:/Program Files/Voice.ai/VoiceAI.exe" discord 3368
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:1880
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3284 --field-trial-handle=2680,i,17893914157882710408,58610925463475502,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=3368
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:4320
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3292 --field-trial-handle=2680,i,17893914157882710408,58610925463475502,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=3368
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:5012
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3488 --field-trial-handle=2680,i,17893914157882710408,58610925463475502,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=3368 /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:3932
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3496 --field-trial-handle=2680,i,17893914157882710408,58610925463475502,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=3368 /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:2980
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3896 --field-trial-handle=2680,i,17893914157882710408,58610925463475502,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=3368
            3⤵
            • Executes dropped EXE
            PID:3720
          • C:\Program Files\Voice.ai\BsSndRpt.exe
            "C:\Program Files\Voice.ai\BsSndRpt.exe" /i "C:\Users\Admin\AppData\Local\Temp\tmp7362.ini"
            3⤵
            • Executes dropped EXE
            PID:3516
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x560 0x4ec
        1⤵
          PID:4200
        • C:\Program Files\Voice.ai\VoiceAI.exe
          "C:\Program Files\Voice.ai\VoiceAI.exe"
          1⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2236
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=2608 --field-trial-handle=2624,i,7256538116523917047,4809566902571908841,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2236
            2⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:2944
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:/Program Files/Voice.ai/VoiceAI.exe" discord 2236
            2⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:2984
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3064 --field-trial-handle=2624,i,7256538116523917047,4809566902571908841,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2236
            2⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:3844
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3160 --field-trial-handle=2624,i,7256538116523917047,4809566902571908841,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2236
            2⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:2008
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3356 --field-trial-handle=2624,i,7256538116523917047,4809566902571908841,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2236 /prefetch:1
            2⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4944
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3364 --field-trial-handle=2624,i,7256538116523917047,4809566902571908841,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2236 /prefetch:1
            2⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4580
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3640 --field-trial-handle=2624,i,7256538116523917047,4809566902571908841,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2236
            2⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:2840
          • C:\Program Files\Voice.ai\BsSndRpt.exe
            "C:\Program Files\Voice.ai\BsSndRpt.exe" /i "C:\Users\Admin\AppData\Local\Temp\tmpA088.ini"
            2⤵
            • Executes dropped EXE
            PID:556

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\e58e678.rbs
          Filesize

          19KB

          MD5

          ded939d9fccd3d7b53556053f92660ee

          SHA1

          d6b980c8d2b442883f3aa8f9c03863f28c677760

          SHA256

          3a2abb970543cacd64892b17de9b95695a4f0ab199c8423b28b6a03ae2f64508

          SHA512

          850b4d7b957c2405c7f55ef4d25af1174ac3683cbe2120035b55fd82ae4009b75e584997bc6dfb972a2f38a2da029036db3955f0d8a3d1c4016f905a9ae78066

          Download Submit

        • C:\Config.Msi\e58e684.rbs
          Filesize

          19KB

          MD5

          91b3c86ec8e587720f655da45702e240

          SHA1

          82325fedda229cde9d6ce61e7eda1c5295ae69d2

          SHA256

          bc07f3f523473dab44f06b7688de81aa7d9ca12b6644793d5877afb3c1b7d6f5

          SHA512

          4fc121c7d245c237e79444d1d0172cecfd4a3d611a6c300642009462b85f7f08396b964cdab46ce529a692910acfb0d899fd86e29e79e17d5e3ef64f01b1cf68

          Download Submit

        • C:\Config.Msi\e58e68b.rbs
          Filesize

          21KB

          MD5

          79f58a6f385fbb451455408715b7f302

          SHA1

          6ea876d641cf6aeb54d5a4cd99beb70c8e427a3b

          SHA256

          b194941cf88e2dcd24313a299b9aa9408afa9a56d2796e941cdbe7301e556bdf

          SHA512

          a9b0bae146efcc2f8d8e9f9b19b81a567ef88a5b054307f8863c0a84931d6705a2847d7032fc81aa2337f7bf9278b61367c2d864780aa2990906ad79fd22cb5a

          Download Submit

        • C:\Config.Msi\e58e69a.rbs
          Filesize

          21KB

          MD5

          c96c5e0f53346a404a98fa10085a9231

          SHA1

          bae885e2174ff71122e67997ce357f80a56a7974

          SHA256

          7a9ab7c3f1923d3e17c7ec8f819b6b720f75780784d06c0cc2627f00313ac087

          SHA512

          fc25b45301660ea7dc20e384d2b911b6263f7a5a637735a8adb3608e0e00a9bd8e06b04d8b6f2914f0a8f23c602d2683dcc8aed61fb69288a9f03955a647c4c9

          Download Submit

        • C:\Program Files\Voice.ai\AudioConverter.dll
          Filesize

          425KB

          MD5

          1dbdc883fe4375e343e574bf085c0148

          SHA1

          e2235e18bcb3cececcdc6024426de2437596e8c4

          SHA256

          67271bdbe5fbc4f77fb9ec5c206da226e76245e1fbf48753156e9dcb6e5b946f

          SHA512

          43242a0697b497a24f2b80533658d4ed9c85f37925bec471aa8b5646bfdefd9d996ab896c2d63f21ff648fc5494b24a35e4f6717041c9c97c09ca585285682a8

          Download Submit

        • C:\Program Files\Voice.ai\CefSharp.dll
          Filesize

          1.0MB

          MD5

          69f79d227400c5c5a17e4fe6b5719009

          SHA1

          d7ace396db95eced9b4f98badc4282f359999d28

          SHA256

          7be25c5ddbbad217fcb40dbef92ba783bb8a155d3db48cde5a4c32e13761cbf7

          SHA512

          49262793c3b64fd454522381856761e456999d36e84ee228a894cefa4e19473302e9d7941d49b3a4d6faed98b136a18d60fb1dfdeaf4119f6fddb4c82da6f24c

          Download Submit

        • C:\Program Files\Voice.ai\DriverManager.dll
          Filesize

          82KB

          MD5

          0ca711f575bca2fae56fd952d9af1276

          SHA1

          d53d175ddc924431707b8a6e4e4e834094a5fc6e

          SHA256

          a789ea2806ebb04f8f9fb59c2ee0d407b64e5c33042ca7cd68aeee2fed6b0ea0

          SHA512

          513de025729d4eb9f9edcbf42b5f5012321ecf1383ce2af0dd6e71b881e72f310d937b59df28cb9e416a79c4294a629da07be68a1c1622f0f1f499c8babbebc1

          Download Submit

        • C:\Program Files\Voice.ai\VoiceAI-Installer.exe
          Filesize

          699.6MB

          MD5

          93f7d1286779c23fec33567a8297b21a

          SHA1

          d819d6debd0289e7f5d5e9a6290de4e678114012

          SHA256

          3d7d2cf3fb1a87a615301f15af98d30fbf3e317f9c98ca154a80f44c8f0f04ca

          SHA512

          a0f6d39511c7314d1b511a21ce83eecb93cb79e9eb976b74933553023b72b4807c659a7f250174f74096e741b79f53b36f120c08d9fab399b8c840484feec237

          Download Submit

        • C:\Program Files\Voice.ai\VoiceAI.exe
          Filesize

          3.9MB

          MD5

          e760f3b42f993578aaf79b792dc538f0

          SHA1

          45888500d9ea5ea2ffdd0d4fdb0eff6cbf349151

          SHA256

          1839fb52451cff7a16f31f834b795eb4663452ded6df7a6951e48326ebfc3673

          SHA512

          173ad8367de22f871238e7344a2b308171dd31e2646bfedf696dbad49850b98b9cc89ace5400f20edb31014283e4b4e639451ef206d8f4a5a95066bfa1ccef73

          Download Submit

        • C:\Program Files\Voice.ai\VoiceAIDriver\VoiceAIDriver.inf
          Filesize

          14KB

          MD5

          fa4ddfa2231dc2c50e26794ae7356e0b

          SHA1

          463f4c2ac4f7505f2361c7853505b19fbe08f257

          SHA256

          a3554efa382a84130393a4d8656b31f06b20b9387e27fcba978162213fb7be90

          SHA512

          be11de31cdea93320a03892b572b17985a66d8b8483d1568afcba9d6cd73cfc8f86c628736d9c8649cb9af0acba17dc26c14fef55b2951520236f650b5a55946

          Download Submit

        • C:\Program Files\Voice.ai\meta
          Filesize

          23B

          MD5

          6997abf8c138e85961f89ee82ae53532

          SHA1

          32e7d5b03035f8e6597493168003890c0a3ed29a

          SHA256

          0fbae5806b1bc5bf6f68ae6bc0975be1ec56e27edcb4a572792246e2aa8d1ccf

          SHA512

          b176783b0c4c6503d8274484b7584acd8d7a9a29b73da63f9a01184f54e7fc7aef330301c6b97a717aa22bc96547aa8156dd432c5b15107e4b23cfa7b23da17a

          Download Submit

        • C:\Program Files\Voice.ai\tools\vc2019.exe
          Filesize

          24.1MB

          MD5

          4a85bfd44f09ef46679fafcb1bab627a

          SHA1

          7741a5cad238ce3e4ca7756058f2a67a57fee9d1

          SHA256

          37ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b

          SHA512

          600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          3ec812af46b0f111e99b54b129eb94f9

          SHA1

          103c4720315078aadb6d63111eec900a8652fc9c

          SHA256

          64d459714f98144b7a04079efbd965519d8b0bd3ed0021832e3683e79bcd41c6

          SHA512

          1fc8bac653f8f2daaa92014daa05a31cc02abac666c485318b76b379c53f47ddb79ee3495697716a1838b85766b5d71138bc6438844c661792064c22a68b2abc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
          Filesize

          471B

          MD5

          cdac9aa44678b9d8e2995eeafa3c6a9a

          SHA1

          d9a4824c479038225099970896e9d1862fdefa11

          SHA256

          50b895e2d2433627c30c99111aeafe361f4bc363b4abd9ff0cd1a6dd5c99b896

          SHA512

          1c05a657f882588ddb0dda5dacf010ebeeee787fbf3146edb6147eef55ae6d7ad241f809d00d31e21e4db86f02db435901cb13baf0453ab5578159986aecf575

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
          Filesize

          727B

          MD5

          2fdd383842ccb423a1e7a0b32cb69b0e

          SHA1

          d2b6a9cc1030ca375088d5ee9f7ee63499de071c

          SHA256

          858423c18dbf80f7f64719a0a5ffe348c9ed58f922585d98954c2177841265e7

          SHA512

          be002bb7f543640dc94d6eb3a8445c99a283d49df9cbfa0059d555884834bcca9f4e1eefc94ad4c9cacd976d43519481b987ffe9e5a7ad58f588407e6165b525

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
          Filesize

          724B

          MD5

          8202a1cd02e7d69597995cabbe881a12

          SHA1

          8858d9d934b7aa9330ee73de6c476acf19929ff6

          SHA256

          58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

          SHA512

          97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          f38af251daac0be3fc1916a906616455

          SHA1

          11a2bbee9529e26246af30e66ac25a3f581c4c9d

          SHA256

          505514a2c88931ed0aee5dad7010c4254d9a6d4fe9f4534aec201133ae60a4c5

          SHA512

          6adab1285c1763b214adbec66d6f43396abc050f416fa9c80c4f7f8a9c8fc27663f6a1e532f64414fc28cb3f1b84f0f187cb67b95955301f24873046a3825169

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
          Filesize

          400B

          MD5

          a40fb47f3ea16bed04a7fb9df47e4e26

          SHA1

          53083d63d3d024c829dc9a708c4f11a842032789

          SHA256

          4b1b0d713c67bfef44023ab58e2a6ec8c5f58d8f6dcf5a147e9b0e12e1830bfd

          SHA512

          cc6068425c8b3160a02a096dafec3a076eabf4a660e28578dbb48993ea697aa88c0e65c5a1eae585ebcedb7d8b9a17524295cb6667258537cbdf42bcae5e5610

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
          Filesize

          412B

          MD5

          948a62f7a45d631df610586ea46778f8

          SHA1

          c4f7e7e17b02a6b3b4a0664060ddbf7711afb19c

          SHA256

          ba99521a04d6950693d628c9ece96a939cda7c1ce1b0a61d82f551830fc45a63

          SHA512

          649b2c178fbef3c7be12b9a617bb1b5dcf325cfc14c09c00ac8351f01ca2f26477369b63c667db2af8ed1ca9c93c4cbb4aede70f6ab67f6fd7f6dd89e58eefaa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
          Filesize

          392B

          MD5

          95ce7506f7cd40750d2bc2c79782f5d0

          SHA1

          16d8395f23ebe5be4f1724598a11a07c82a0f026

          SHA256

          acbf8c2d9379c5a1c13627a9b515710bdf2c2663b492559be87a38d87e6778c3

          SHA512

          e7469965789b9ef1bfc74371dfb669a497057c2eba9a0514120ae31d2ce4206885bb03c9d3e962af69e792d893c381a2b2a291adfaa37c3895af5da6c4783271

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\VoiceAI.exe.log
          Filesize

          1KB

          MD5

          baf55b95da4a601229647f25dad12878

          SHA1

          abc16954ebfd213733c4493fc1910164d825cac8

          SHA256

          ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

          SHA512

          24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RXB2E2AL\user-event[1].json
          Filesize

          16B

          MD5

          7363e85fe9edee6f053a4b319588c086

          SHA1

          a15e2127145548437173fc17f3e980e3f3dee2d0

          SHA256

          c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

          SHA512

          a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240405005517_000_vcRuntimeMinimum_x64.log
          Filesize

          2KB

          MD5

          51d5c3ea7ddc742d33594652f941be5b

          SHA1

          d1eb3dffb6cefc79513d272e32c986e91356102e

          SHA256

          f99fecc525eb35aad182055c30457e10fb705dbafff28abec387d1807a40e4df

          SHA512

          a6683a01f0c6933d00e83a413c6d8acb55296be575e04cf7283673f8961fdf3c05f8cde4ed6d398569ac714863afe1e3503fa4e11a832565a3609168c869ee5f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240405005517_001_vcRuntimeAdditional_x64.log
          Filesize

          2KB

          MD5

          f5533aaedffb38ecbd87add93d2c3794

          SHA1

          39e220c43beca6e9a4f45dc441b41da3f7b2b09d

          SHA256

          226900c858e45a2cdecdcf18e14a39c0ad132fa807a04b801a7570dd7414284c

          SHA512

          4489332b29ef2fe2ed5ad2991f99a0bf181cf46df0dd563ad359e5355cfc4c59670696e685ec96e0d9093176de5189747f2d5b92f90fdf1aa10e6cf52f127aa0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj3818.tmp\INetC.dll
          Filesize

          21KB

          MD5

          2b342079303895c50af8040a91f30f71

          SHA1

          b11335e1cb8356d9c337cb89fe81d669a69de17e

          SHA256

          2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

          SHA512

          550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj3818.tmp\System.dll
          Filesize

          12KB

          MD5

          792b6f86e296d3904285b2bf67ccd7e0

          SHA1

          966b16f84697552747e0ddd19a4ba8ab5083af31

          SHA256

          c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

          SHA512

          97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj3818.tmp\nsProcess.dll
          Filesize

          4KB

          MD5

          05450face243b3a7472407b999b03a72

          SHA1

          ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

          SHA256

          95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

          SHA512

          f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nskAAB3.tmp\nsDialogs.dll
          Filesize

          9KB

          MD5

          f5b0c649b0cfc103fb113d013d48cacb

          SHA1

          f89286966000cb053b7e94100c76ec6d1129af07

          SHA256

          a87bd092fa5bc00661525455b9f866b68c14c29224520c4e38f56f47234cfc1e

          SHA512

          e184101a03ee1c8896efb0029a02a23e46d422bc0f250ef15349c8214d44156afe2b5f739d8a2339bc2d1c05984fc55651c36c71897cd4b14f41dd37a25cfb01

          Download Submit

        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Local Storage\leveldb\CURRENT
          Filesize

          16B

          MD5

          46295cac801e5d4857d09837238a6394

          SHA1

          44e0fa1b517dbf802b18faf0785eeea6ac51594b

          SHA256

          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

          SHA512

          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

          Download Submit

        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Network\TransportSecurity
          Filesize

          1KB

          MD5

          be8e70bcebc149bf500757e2445315b3

          SHA1

          f5db56d844888394bdc3ed958aca9190d89b8878

          SHA256

          85afc3ae805ffa70d471a74d1b1e14d47598400e9cf08c12be65b067b2140bbb

          SHA512

          8c6451db0ddb3196786f618b63890712fc822a4fe1deb5ccc085917843a8999dc52391c27d6e1c1ea6c79ee496dc9f465f31d07952eb6b5a07c7a565bf63998c

          Download Submit

        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Session Storage\MANIFEST-000001
          Filesize

          41B

          MD5

          5af87dfd673ba2115e2fcf5cfdb727ab

          SHA1

          d5b5bbf396dc291274584ef71f444f420b6056f1

          SHA256

          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

          SHA512

          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

          Download Submit

        • C:\Windows\SYSTEM32\VCRUNTIME140.dll
          Filesize

          95KB

          MD5

          7415c1cc63a0c46983e2a32581daefee

          SHA1

          5f8534d79c84ac45ad09b5a702c8c5c288eae240

          SHA256

          475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

          SHA512

          3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

          Download Submit

        • C:\Windows\Temp\{6223BD9D-DCD4-42C0-9B73-754D03AE7D44}\.cr\vc2019.exe
          Filesize

          635KB

          MD5

          9bd591625766a7330708b2c6380dc1d7

          SHA1

          18018a3d12278187a8dc26eae538a799511bbdfc

          SHA256

          21503f265452414f3960b33ba000ab2cbe0a335901e3a585b0935ac4806fdd79

          SHA512

          58c90b7889d92f31e76d0559258023cb4693982288721c3c7fcd820e40f6c1ee972d9ffd3c95016c2126314a260da5faabdeb1a8528eb23d469a7ecbe391c1a5

          Download Submit

        • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\.ba\logo.png
          Filesize

          1KB

          MD5

          d6bd210f227442b3362493d046cea233

          SHA1

          ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

          SHA256

          335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

          SHA512

          464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

          Download Submit

        • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\.ba\wixstdba.dll
          Filesize

          191KB

          MD5

          eab9caf4277829abdf6223ec1efa0edd

          SHA1

          74862ecf349a9bedd32699f2a7a4e00b4727543d

          SHA256

          a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

          SHA512

          45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

          Download Submit

        • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
          Filesize

          5.4MB

          MD5

          6ce5097b19cf57527651840bb438adf3

          SHA1

          49d0b725e5819a076562fd007490eca0bbb69003

          SHA256

          f24a3bc5df7e7c07c0d13f46348c989eae7f597f428b20cc9044bba47785b7f0

          SHA512

          9152301c4f87018d166b624d73919fc2da7e7ef74b2c1ecf8ad01c31c2b2239013cc3bc22237c81940ae96a5fd1b3698d260c3d3e0a9d0318cdc053e28328d83

          Download Submit

        • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\cab5046A8AB272BF37297BB7928664C9503
          Filesize

          879KB

          MD5

          8e288dd0b5e0468ed8ae01ee566e77e8

          SHA1

          fbd11237ae3300a2202444d339601d1ac6bbf310

          SHA256

          c80addc870825e9a1aa9281e105e583973ec2846bbd74f1e97cb60911ba7a2e1

          SHA512

          facc72bdcdd5de47c0d18ecb5288962b04d9e4924a9a07ee807a3bf0eaa77eac05f086906b680bcf97c3bad5fab0038b47c0e09cd2bbec1d0709eba015bc1c04

          Download Submit

        • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\vcRuntimeAdditional_x64
          Filesize

          180KB

          MD5

          e6df9f55e20905f77b136844a3844dd6

          SHA1

          b7c1fb12bda508a62fdd9ffa9e870cae50605aaa

          SHA256

          f8745f3523ea73806d591fa4e666e86c30c7e5240a07211a0c11a7633d16c4f0

          SHA512

          7c71c2b9a7d3d768d1686cb037362efb9e38c50b652bfaeb22cf86c6c47a85962f9893cbf5e2f86880c9c8fc8bc0278edeb47088813e022ef05d7db15efc0713

          Download Submit

        • C:\Windows\Temp\{91019AEF-1F8F-453E-8FAB-C534E45FB197}\vcRuntimeMinimum_x64
          Filesize

          180KB

          MD5

          143a2b9f1c0ebc3421b52e9adcb4db2e

          SHA1

          06e01b8cc855fd9a31f99b430f8c8745e706c677

          SHA256

          5d0416e45819d555ad27e5efc1aeeb465cbb8e2937b3221852bea0f7d9c3a954

          SHA512

          7e17309cdaa856bd1bf17535e0f65db585226262a1c9ffcaadb19eb0822a578ad9036487870b97fc86b7167848f69d495aa51c380ba9890a71f8f9a94061fa05

          Download Submit

        • \??\c:\PROGRA~1\voice.ai\VOICEA~1\voiceaidriver.sys
          Filesize

          71KB

          MD5

          90e4c7c347839c09c8f7f45de3f4fda1

          SHA1

          18c5a6fae8c9292702d62e9ad2da1e24336f72c6

          SHA256

          74c4c2f122d48548019314fe15a331b81bfc10408b0d6f471dee94e37fe3c1bc

          SHA512

          2cf37738f112026eeb68636423e619be5e34cae7734ab1cab5d8cc799af7509d2ffca09b566cbe46bb47f54981042099e857660acc2ab24558715408c011bd58

          Download Submit

        • \??\c:\program files\voice.ai\voiceaidriver\VoiceAIDriver.cat
          Filesize

          12KB

          MD5

          26f1832c761580eab272ae065f644005

          SHA1

          bdd7eb53423659de315d88ad5bb557ffdf5593a5

          SHA256

          bae9e5bbff837d0ebb43ca1ff1a275474d8e50832a590a957afc8d3ee1e5f560

          SHA512

          a0c5c4fa7dcc9d4347a521863b9ba4fd2f5eda4d49f70498c4e89c54b59b7773835796e0cc83470c191e1231c69885d22efe823a3a96b2b971ccd1473e2630eb

          Download Submit

        • memory/1488-639-0x00000224A5950000-0x00000224A5951000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1488-786-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1488-663-0x00000224C0F40000-0x00000224C105C000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1488-637-0x00000224BFC80000-0x00000224BFC90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1488-687-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1488-636-0x00000224A5930000-0x00000224A5931000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1488-728-0x00000224BFC80000-0x00000224BFC90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1488-634-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1880-655-0x000001D3B4950000-0x000001D3B4951000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1880-674-0x000001D3B4970000-0x000001D3B4971000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1880-661-0x000001D3CEC70000-0x000001D3CEC80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1880-660-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1880-788-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2236-873-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-810-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2236-866-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-865-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-864-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-874-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-872-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-871-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-870-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2236-869-0x0000028E51BF0000-0x0000028E51BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2980-749-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2980-664-0x000002372E8F0000-0x000002372E900000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2980-654-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2980-675-0x000002372CDD0000-0x000002372CDD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2980-659-0x000002372CDB0000-0x000002372CDB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2980-783-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3368-744-0x000001AF7E4D0000-0x000001AF7E5D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3368-741-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-603-0x000001AF630D0000-0x000001AF630D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-602-0x000001AF7D310000-0x000001AF7D320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-617-0x000001AF630F0000-0x000001AF630F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-622-0x000001AF631A0000-0x000001AF631B2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/3368-623-0x000001AF7E000000-0x000001AF7E102000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/3368-624-0x000001AF63190000-0x000001AF631A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-640-0x000001AF7D310000-0x000001AF7D320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-626-0x000001AF64A00000-0x000001AF64A0A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3368-673-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3368-625-0x000001AF7D3E0000-0x000001AF7D45C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3368-627-0x000001AF7E110000-0x000001AF7E2D1000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/3368-686-0x000001AF7D310000-0x000001AF7D320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-638-0x000001AF7E4D0000-0x000001AF7E5D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3368-772-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3368-633-0x000001AF7FD20000-0x000001AF7FEE2000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/3368-601-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3368-738-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-635-0x000001AF7D310000-0x000001AF7D320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-727-0x000001AF7D310000-0x000001AF7D320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-731-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-733-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-732-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-737-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-739-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-740-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-743-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-742-0x000001AF02680000-0x000001AF02681000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3932-787-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3932-691-0x000002513E340000-0x000002513E341000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3932-690-0x000002513CBF0000-0x000002513CBF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3932-688-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4320-656-0x0000020FF4F00000-0x0000020FF4F01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4320-766-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4320-662-0x0000020FF69F0000-0x0000020FF6A00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4320-666-0x0000020FF4F20000-0x0000020FF4F21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4320-647-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4320-784-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4840-507-0x0000026506DA0000-0x0000026506DA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4840-590-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4840-499-0x00000265065F0000-0x00000265069D2000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/4840-502-0x0000026506D70000-0x0000026506D71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4840-500-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4840-501-0x00000265210E0000-0x00000265210F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4840-509-0x00000265210F0000-0x00000265211F4000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4840-506-0x0000026508690000-0x00000265086FC000-memory.dmp

          Filesize

          432KB

          Download

        • memory/5012-658-0x00000249496D0000-0x00000249496D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5012-665-0x00000249496F0000-0x00000249496F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5012-653-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5012-767-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5012-768-0x0000024963B60000-0x0000024963B70000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5012-657-0x0000024963B60000-0x0000024963B70000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5012-785-0x00007FFA38AB0000-0x00007FFA39571000-memory.dmp

          Filesize

          10.8MB

          Download