Overview

overview

10

Static

static

3

Voice.ai-D...er.exe

windows11-21h2-x64

10

$PLUGINSDIR/INetC.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

Resubmissions

04/05/2024, 05:40

240504-gc9aqaec7w 10

04/05/2024, 05:36

240504-gaqetsec41 10

Analysis

  • max time kernel
    105s
  • max time network
    99s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04/05/2024, 05:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Voice.ai-Downloader.exe

  • Size

    477KB

  • MD5

    40ffaea0c96bc8fd1ac022ecf287980b

  • SHA1

    c9ff64fecee39aa1a4f1c930d6b6ad423e1b1c14

  • SHA256

    100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e

  • SHA512

    cc0f2ff6b650644564d7469031c96fcaf93b9dd82318eda244abb65970d2e5697ba27bb0c62e31f4f654cc031ac7f19f0692f444674fd174f9acbc201c8944dd

  • SSDEEP

    3072:ckBGWOsTIJgIDU5A/cNo68pMABlZQ2wpFD0ra42L5GYDxJ0ytta:c1ssjH5Mp2w7g+42LUS6

Score
10/10
zgratdiscoverypersistencerat

Malware Config

Signatures

  • Detect ZGRat V1 4 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 13 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 30 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 47 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 59 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 13 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 43 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe
    "C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3408
    • C:\Program Files\Voice.ai\VoiceAI-Installer.exe
      "C:\Program Files\Voice.ai\VoiceAI-Installer.exe" /path "C:\Program Files\Voice.ai"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4324
      • C:\Program Files\Voice.ai\tools\vc2019.exe
        "C:\Program Files\Voice.ai\tools\vc2019.exe" /q /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1144
        • C:\Windows\Temp\{9F8474F1-A454-4A1C-9AAD-D211AB94A864}\.cr\vc2019.exe
          "C:\Windows\Temp\{9F8474F1-A454-4A1C-9AAD-D211AB94A864}\.cr\vc2019.exe" -burn.clean.room="C:\Program Files\Voice.ai\tools\vc2019.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556 /q /norestart
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1956
          • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\.be\VC_redist.x64.exe
            "C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{F63FBE23-8694-4A78-8D1F-396A2E408ED3} {6362DB8D-6639-46DA-A53B-DD039D8A1AF4} 1956
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5116
            • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
              "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=968 -burn.embedded BurnPipe.{F259EBF1-85D9-4D4D-AB89-448343F0EACB} {4F548E16-C298-48B3-ACD0-FE71222B49B1} 5116
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:2736
              • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=968 -burn.embedded BurnPipe.{F259EBF1-85D9-4D4D-AB89-448343F0EACB} {4F548E16-C298-48B3-ACD0-FE71222B49B1} 5116
                7⤵
                • Loads dropped DLL
                • Suspicious use of WriteProcessMemory
                PID:4480
                • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                  "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{0A7D3817-E35F-40E8-8861-86E76963F856} {057E41F7-DA68-4108-A8E3-007BD490E89D} 4480
                  8⤵
                  • Modifies registry class
                  PID:2948
      • C:\Program Files\Voice.ai\VoiceAI.exe
        "C:\Program Files\Voice.ai\VoiceAI.exe" installdriver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies system certificate store
        PID:3332
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe" "C:\Program Files\Voice.ai\VoiceAI.exe"
        3⤵
          PID:3448
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:2956
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      1⤵
        PID:3104
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2488
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
        1⤵
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Suspicious use of WriteProcessMemory
        PID:3608
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bb826ef5-31dd-bc45-bb64-3da5e2344b90}\voiceaidriver.inf" "9" "46b7f3743" "0000000000000140" "WinSta0\Default" "0000000000000160" "208" "c:\program files\voice.ai\voiceaidriver"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:3564
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11bfc96d40:VOICEAIDRIVER_SA:16.36.0.99:root\voiceaidriver," "46b7f3743" "0000000000000140" "900d"
          2⤵
          • Drops file in Drivers directory
          • Drops file in Windows directory
          PID:4640
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4728
        • C:\Program Files\Voice.ai\VoiceAI.exe
          "C:\Program Files\Voice.ai\VoiceAI.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2480
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=2564 --field-trial-handle=2608,i,13002199314782129735,13386274253041204424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2480
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:4092
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:/Program Files/Voice.ai/VoiceAI.exe" discord 2480
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:1708
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3012 --field-trial-handle=2608,i,13002199314782129735,13386274253041204424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2480
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:764
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3060 --field-trial-handle=2608,i,13002199314782129735,13386274253041204424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2480
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:5116
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3348 --field-trial-handle=2608,i,13002199314782129735,13386274253041204424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2480 /prefetch:1
            3⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4020
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3364 --field-trial-handle=2608,i,13002199314782129735,13386274253041204424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2480 /prefetch:1
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:1956
          • C:\Program Files\Voice.ai\VoiceAI.exe
            "C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3652 --field-trial-handle=2608,i,13002199314782129735,13386274253041204424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2480
            3⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:2428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voice.ai/register?redirect=app
            3⤵
            • Enumerates system info in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:4616
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd6d673cb8,0x7ffd6d673cc8,0x7ffd6d673cd8
              4⤵
                PID:4952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
                4⤵
                  PID:4412
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
                  4⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3564
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
                  4⤵
                    PID:3352
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                    4⤵
                      PID:2372
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                      4⤵
                        PID:1968
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 /prefetch:8
                        4⤵
                          PID:5500
                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
                          4⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5792
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,8648273418413510679,7273989955815453125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
                          4⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5940
                  • C:\Windows\system32\AUDIODG.EXE
                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
                    1⤵
                      PID:4960
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:780
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5256

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Config.Msi\e581983.rbs
                          Filesize

                          19KB

                          MD5

                          029d09a4a032d5d1cdfdd7ad644ded6b

                          SHA1

                          24668c482e506885e3ae8d45071e9e8f8a552fce

                          SHA256

                          ef1dd3bb82a4d0e688a88dc2768d229dd698740b3eb284a8545aef204f68f18a

                          SHA512

                          507db5ea551b6fae3ac036ef1961b3ba7590a8fdd40e744b0b852da0c6c78a5996febef0434de8a0efdcfeb3d1e9531241ca6cc0d0508b19cb2664b4de5df18e

                          Download Submit

                        • C:\Config.Msi\e58198f.rbs
                          Filesize

                          19KB

                          MD5

                          24a3545f7218c74b5c68f7d4fb8340a2

                          SHA1

                          3bf15cc8e997d32079223a276041ca080e386501

                          SHA256

                          028fd54746725a7d00d647e1eabbce8563b9724bafc30b2ecd9a14167c067488

                          SHA512

                          7e6ace34586dbca89753f30883eb58deaddec3fdbf5c2895ad0104632021319bb5beb019652568bd89c2c06e33e59e4ade86fd6f89053285730dc0b00804a29c

                          Download Submit

                        • C:\Config.Msi\e581996.rbs
                          Filesize

                          21KB

                          MD5

                          60a98cb6d1fdf64adee176815763ff06

                          SHA1

                          f3bfc6ff6c7538ada87ee988e0232ed59a8d21e9

                          SHA256

                          446704f15304f4e2102968c5f5d177e4a8c42ff2142d5351a2cc6c64a4cedca9

                          SHA512

                          d1a91b530e65041d0df2308beb51ce8604dbc751251031eb25d89b012731241cd5f12efb60ca4af9a8ccbf59226f4dcf1fa064dd947cdc16d2f2008290783e16

                          Download Submit

                        • C:\Config.Msi\e5819a5.rbs
                          Filesize

                          21KB

                          MD5

                          f0f7c5669f6dd5efc30ead9104a71eb3

                          SHA1

                          29f0799096783f38e62f43ef60f6234b03f66d31

                          SHA256

                          e167a5924523bf90ea0ed081e89268a672777304f96d53d180712ceed88ebda4

                          SHA512

                          d70b6d569b2484db60e99ea1aa918edf0aa551302d274ab87c80408dd5c970665741feaca4876485cdcd690285b8b4dee5418fbc96dfd10e8e81883871d521ef

                          Download Submit

                        • C:\Program Files\Voice.ai\AudioConverter.dll
                          Filesize

                          425KB

                          MD5

                          1dbdc883fe4375e343e574bf085c0148

                          SHA1

                          e2235e18bcb3cececcdc6024426de2437596e8c4

                          SHA256

                          67271bdbe5fbc4f77fb9ec5c206da226e76245e1fbf48753156e9dcb6e5b946f

                          SHA512

                          43242a0697b497a24f2b80533658d4ed9c85f37925bec471aa8b5646bfdefd9d996ab896c2d63f21ff648fc5494b24a35e4f6717041c9c97c09ca585285682a8

                          Download Submit

                        • C:\Program Files\Voice.ai\CefSharp.dll
                          Filesize

                          1.0MB

                          MD5

                          69f79d227400c5c5a17e4fe6b5719009

                          SHA1

                          d7ace396db95eced9b4f98badc4282f359999d28

                          SHA256

                          7be25c5ddbbad217fcb40dbef92ba783bb8a155d3db48cde5a4c32e13761cbf7

                          SHA512

                          49262793c3b64fd454522381856761e456999d36e84ee228a894cefa4e19473302e9d7941d49b3a4d6faed98b136a18d60fb1dfdeaf4119f6fddb4c82da6f24c

                          Download Submit

                        • C:\Program Files\Voice.ai\DriverManager.dll
                          Filesize

                          82KB

                          MD5

                          0ca711f575bca2fae56fd952d9af1276

                          SHA1

                          d53d175ddc924431707b8a6e4e4e834094a5fc6e

                          SHA256

                          a789ea2806ebb04f8f9fb59c2ee0d407b64e5c33042ca7cd68aeee2fed6b0ea0

                          SHA512

                          513de025729d4eb9f9edcbf42b5f5012321ecf1383ce2af0dd6e71b881e72f310d937b59df28cb9e416a79c4294a629da07be68a1c1622f0f1f499c8babbebc1

                          Download Submit

                        • C:\Program Files\Voice.ai\VoiceAI.exe
                          Filesize

                          3.9MB

                          MD5

                          0473d284b2db13ffa1544854870561dd

                          SHA1

                          6aa3dc4437cc084228009c120798ca766fee596e

                          SHA256

                          cd3704d37f1127da9504b6186cdd4a0cd21f3d8445e78c9aad33d080538091d1

                          SHA512

                          3e077ea5487f0eecc587688cc773b77edd78fe5f643b994f854bcc9f7356262199af96996005b02e074ac3eb5613aaf0b38e1e21d2dd4ff49dda058cedfd0783

                          Download Submit

                        • C:\Program Files\Voice.ai\VoiceAIDriver\VoiceAIDriver.inf
                          Filesize

                          14KB

                          MD5

                          fa4ddfa2231dc2c50e26794ae7356e0b

                          SHA1

                          463f4c2ac4f7505f2361c7853505b19fbe08f257

                          SHA256

                          a3554efa382a84130393a4d8656b31f06b20b9387e27fcba978162213fb7be90

                          SHA512

                          be11de31cdea93320a03892b572b17985a66d8b8483d1568afcba9d6cd73cfc8f86c628736d9c8649cb9af0acba17dc26c14fef55b2951520236f650b5a55946

                          Download Submit

                        • C:\Program Files\Voice.ai\meta
                          Filesize

                          23B

                          MD5

                          6997abf8c138e85961f89ee82ae53532

                          SHA1

                          32e7d5b03035f8e6597493168003890c0a3ed29a

                          SHA256

                          0fbae5806b1bc5bf6f68ae6bc0975be1ec56e27edcb4a572792246e2aa8d1ccf

                          SHA512

                          b176783b0c4c6503d8274484b7584acd8d7a9a29b73da63f9a01184f54e7fc7aef330301c6b97a717aa22bc96547aa8156dd432c5b15107e4b23cfa7b23da17a

                          Download Submit

                        • C:\Program Files\Voice.ai\tools\vc2019.exe
                          Filesize

                          24.1MB

                          MD5

                          4a85bfd44f09ef46679fafcb1bab627a

                          SHA1

                          7741a5cad238ce3e4ca7756058f2a67a57fee9d1

                          SHA256

                          37ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b

                          SHA512

                          600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                          Filesize

                          1KB

                          MD5

                          daaa3db64c5bace6877eef6555487d0d

                          SHA1

                          ed112df64ec16d7fd1e7b350f630e976977da09e

                          SHA256

                          ffacb609ec21856f9c04b4cddc87142eac26065daa266da2629e147862f29fba

                          SHA512

                          370be602dbe98a7ab45bf8e408d3f49f28f302b671aa956dc386bc54786abd0f841cff3cb14ccc433e83eecac40e6c46a468148785c12041e9f052d4ae85c2ff

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                          Filesize

                          471B

                          MD5

                          6f7d4198f10ed256eb253f6bff3b747b

                          SHA1

                          3f0d3ddf37cd6f248a82ac691ff737c133b8087b

                          SHA256

                          15341ecbe6b8c1dcc259909c63b1198aeb9996a195adfcc5c8de991c6316fba7

                          SHA512

                          b3ba0ea2e4ddea61658692da76a54986e046c16c9421ea1107d531044d68d8a12fff9593b1ca4a71d054a3068bfe391f061165eeafd64bc9506d482a99867818

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                          Filesize

                          727B

                          MD5

                          ff274dfacd6e046e1349e47cb5dd3abd

                          SHA1

                          0847dc44786bb43c0215605f06d105708b175e42

                          SHA256

                          90b00b8a12917d3afc5be8bb3bb2c957943c0449ef555c7d2116379c09b35ec8

                          SHA512

                          686e5826da24f0cd27a54d182b98565a96d4b79c5cb35e60bbecaf0a074d126397d5a6bd16734d029df075fdd32d1e6fe3f544f5be80f0620b7669235d81463b

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
                          Filesize

                          724B

                          MD5

                          8202a1cd02e7d69597995cabbe881a12

                          SHA1

                          8858d9d934b7aa9330ee73de6c476acf19929ff6

                          SHA256

                          58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

                          SHA512

                          97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                          Filesize

                          410B

                          MD5

                          397a8a3ef6e3cc066ae9587321c093b1

                          SHA1

                          1c64bfa7660bfd0c67ceb24011b7338b8a027dcf

                          SHA256

                          3fbf174a42d965aaa09d56a133494ce6a0b3d87b1c4ebea6eebf4ec71def622f

                          SHA512

                          165280186e83afa747a38210aa3744405f4a08bfcc8582a5f3e112976820ca215bdcf34a56bdaab38b5a0f0089bdb4165b517529d0a3ec35de1d0e13a3a7598b

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                          Filesize

                          400B

                          MD5

                          1bb3c33a07ff9075cce34fd40e253a84

                          SHA1

                          4c49c55efac8198ab489b9f51eee8ad8eed535d0

                          SHA256

                          d62ebc15007dc29deaf02444b59e002823c751de999fc80aa64f4ffdebb3a0ee

                          SHA512

                          220ddf89c37b95fd9b65fa58bcf2477853e7d046de99f4ca4a66911f81b2f6c0453a3c743c9b75bd8d722c46f10b365455d69d3e718d7ad16e20865025e0ceb6

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                          Filesize

                          412B

                          MD5

                          cccdd538bbe5fc6a88a8c2523ec14604

                          SHA1

                          f857fa0904fc94cf499d93384e840271208b49ab

                          SHA256

                          742328d1e0ab058e06d88aa6ddae54f6d924aa1bca1f31efda3c66bf6db561ad

                          SHA512

                          892a515af43b41263534e479f6c1b0ad4fc749ed66dc30430c764e50adbd2fb89baa3e744dd5054c5c9d649d885d8b7fa530cebb89a63c6ce8b310b0d73acb9e

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
                          Filesize

                          392B

                          MD5

                          8417f2fc3408f9439c5846b96a1e9470

                          SHA1

                          d1de81984356c16e3bb5d0af550f8413ae76bff5

                          SHA256

                          48757c3579014f1104ef70d243c706173fb1f8720083f74204d14d08cb994a08

                          SHA512

                          f327ce510368d9064b5a77925eea0f0a1e29553844607fe2f22f3ef4aa148496636eccd7610d295dd127f3d330cb932437ff55f5790e9dc598eda16be45d67dd

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\VoiceAI.exe.log
                          Filesize

                          1KB

                          MD5

                          b4e91d2e5f40d5e2586a86cf3bb4df24

                          SHA1

                          31920b3a41aa4400d4a0230a7622848789b38672

                          SHA256

                          5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

                          SHA512

                          968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          ffa07b9a59daf025c30d00d26391d66f

                          SHA1

                          382cb374cf0dda03fa67bd55288eeb588b9353da

                          SHA256

                          7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

                          SHA512

                          25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          8e1dd984856ef51f4512d3bf2c7aef54

                          SHA1

                          81cb28f2153ec7ae0cbf79c04c1a445efedd125f

                          SHA256

                          34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

                          SHA512

                          d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                          Filesize

                          288B

                          MD5

                          5b69ff879c3fcf4d4b7b24cb8c2ffce5

                          SHA1

                          6289c5525792e4c67a32092d955d316c2f3f5c90

                          SHA256

                          16c09d9c4d6efddbb7b645f2fd34de2757559d9fccef0917fd3fe4dce49365de

                          SHA512

                          e381e96639bc545c6fa09df622c253b088918826ffeaae92e2d5e2151168084e60898d1ed26f403686823e9e52ca40e8c91b91ede81252d5c6a457018d321bea

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          1KB

                          MD5

                          6db10243e9286c689616a243a3724414

                          SHA1

                          6860ec35864ec108277fde0a8fd65f741e23e0e5

                          SHA256

                          3f42a4c29e551aff438ce60e2c6c41e9707fe79c69323e00b961ec3b6104463c

                          SHA512

                          44d236c2f7e2b320e0d55a42f068ae81f68906702eb3af044274247a6122f5059d21766d2f8d94781e2321bdd16f9646ffda7a5c209ecb588e54211f3523fba9

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          558747e0891b8d64de12154fdafa09f7

                          SHA1

                          a30f2a9505f8602d5efe0e251ef009fa1b362f1c

                          SHA256

                          e6e8e7778db638ae6b18435b1b6d701091ff83fde35beb343bbcfa27ea992291

                          SHA512

                          eb39428acb29a1e3cef944ae2930f486c725218cd8adf42217a3a6631255f081f4391496fe0c9a94cbeb7b7cec104a01e26a35b9e31c12dd95b356ca4546d57e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          6ae651f42aa8d43eb49edba47d04a64e

                          SHA1

                          c1d77dc6d2a2bff6070d481db2fe882d2a774451

                          SHA256

                          883d9ff3c086f2ea4da2f05218e00a05a0c1f900f793ef353962a6324b42fc5c

                          SHA512

                          71aab8cac3fbcbf3cbd82471034dc7e5125aa58346d625191048e65f90a99c8f87fdab687f9f7348a428f55d76a39b26127e0bce83249ad9e5ec73e778d6ee77

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d106ddbd-a980-49fa-b1b7-e53d3921ad39.tmp
                          Filesize

                          5KB

                          MD5

                          e1b6b6dd56744e6c430abdc82401b202

                          SHA1

                          f2f7f0ba122c6536cd86d75fe9573a7ff77a5473

                          SHA256

                          380fb1a8291d8324b4d821ad2a8a6aaadbf7d3cb332c1ae1af94a47fd3e33a1e

                          SHA512

                          879ef3d61920655c234f8dc267ac73141192dd5e03348bc9d2a1342bc750b625af7d9b696b7fe5ebf0d8f4fabbc6848504853f664a42f7c1c8426fd029b3072b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          206702161f94c5cd39fadd03f4014d98

                          SHA1

                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                          SHA256

                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                          SHA512

                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          11KB

                          MD5

                          421be7e0d50343363ce62b0b858e46a1

                          SHA1

                          b9d771dc0b18e48855b2f186bee238732ecc75e0

                          SHA256

                          a6ad096d1781f1a476a768bc263e93e23a8c20838c7305e291fa3f85c15e81c4

                          SHA512

                          1386121617ab90fdc61a64b7cd158305783603d63e30f434abbce92c6c134bbb4d461095e5c1a74ec5d98593e6e6521a9fcb4c8fbf5152aae440b69770d992e5

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          11KB

                          MD5

                          5061f7035d0c41681727dfbe0d05a8a3

                          SHA1

                          a430891542db9f7875ca6ea71e933bfb0c57d62d

                          SHA256

                          59814c9617d151e640b72a33f9cafdaac9247f45918caf91a591a41c883cd42b

                          SHA512

                          2370320056112e9e7e92b4531185aaaa966b09c196930a5c235d20e272bc932029a71c458bc9d45e92c032b1c7afe7bfc05c37ab1df92c94759bce3abf5b4bf1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                          Filesize

                          264KB

                          MD5

                          f50f89a0a91564d0b8a211f8921aa7de

                          SHA1

                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                          SHA256

                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                          SHA512

                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PCRE1VQT\user-event[1].json
                          Filesize

                          16B

                          MD5

                          7363e85fe9edee6f053a4b319588c086

                          SHA1

                          a15e2127145548437173fc17f3e980e3f3dee2d0

                          SHA256

                          c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

                          SHA512

                          a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240504054148_000_vcRuntimeMinimum_x64.log
                          Filesize

                          2KB

                          MD5

                          7ca8443c2c7d8ddba9f9821ea1dbc2fd

                          SHA1

                          72e64a8802014116a6f88be5e916e6decf21308c

                          SHA256

                          29ba5839836bc1e58a868a8fd5259c243f0cfc87e08800e4e3d97ca45eba408b

                          SHA512

                          9b853de797798cf13eee522e9520f1962e5e3ce8c732127f7954d4e020cac946b4889451435d62db8d90520d49438b6c15e12fb95e1323f3782b2250dba08e57

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240504054148_001_vcRuntimeAdditional_x64.log
                          Filesize

                          2KB

                          MD5

                          bd6a015050acadce16a20dcfadcc1b9f

                          SHA1

                          bff4718bb8d049e0d47f8a36da5a691eab98ff5e

                          SHA256

                          162d924b5d3641d6ee928b06f75a8fba60593fe45904b4afd441dd1c30bea215

                          SHA512

                          313264840c2ffbb4386067e24e227c9952f2503fa96d15680372b4255d00d938458dedd823d1208fcef61dfac15345f3e403809f0d5d37115edc65c886572fb9

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\nsj377C.tmp\INetC.dll
                          Filesize

                          21KB

                          MD5

                          2b342079303895c50af8040a91f30f71

                          SHA1

                          b11335e1cb8356d9c337cb89fe81d669a69de17e

                          SHA256

                          2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

                          SHA512

                          550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\nsj377C.tmp\System.dll
                          Filesize

                          12KB

                          MD5

                          792b6f86e296d3904285b2bf67ccd7e0

                          SHA1

                          966b16f84697552747e0ddd19a4ba8ab5083af31

                          SHA256

                          c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

                          SHA512

                          97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\nsj377C.tmp\nsProcess.dll
                          Filesize

                          4KB

                          MD5

                          05450face243b3a7472407b999b03a72

                          SHA1

                          ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

                          SHA256

                          95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

                          SHA512

                          f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\nstDAF1.tmp\nsDialogs.dll
                          Filesize

                          9KB

                          MD5

                          f5b0c649b0cfc103fb113d013d48cacb

                          SHA1

                          f89286966000cb053b7e94100c76ec6d1129af07

                          SHA256

                          a87bd092fa5bc00661525455b9f866b68c14c29224520c4e38f56f47234cfc1e

                          SHA512

                          e184101a03ee1c8896efb0029a02a23e46d422bc0f250ef15349c8214d44156afe2b5f739d8a2339bc2d1c05984fc55651c36c71897cd4b14f41dd37a25cfb01

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Code Cache\js\index-dir\the-real-index
                          Filesize

                          48B

                          MD5

                          a3b76221527e644bd0e672141d56e444

                          SHA1

                          a4b00877bba8cc985eef1f7a0cfc269b625fe94e

                          SHA256

                          92bd5d32c740f16e76ab4b5a8e0f605b00c779c3b73d90898fcea5b1bfca2c02

                          SHA512

                          ddaa5446754a0f866a901fe6726cf300977f6a4d837e9db65d532ed4ee160914c658f9eb80c641985fc46ba7e407955515b6c319be7f5b325e787a418bcc2088

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Code Cache\js\index-dir\the-real-index
                          Filesize

                          312B

                          MD5

                          838232df33130add93feaa0d02f92c9c

                          SHA1

                          478f9893e4e8e158cb2f766791122e428b2d5b77

                          SHA256

                          63c567c3f91b7dca0f34efe489c0491a61d6b093fe39b1ed5c2e6d6432c60499

                          SHA512

                          e20bf6581e7299aec9557154d9db59a63cada17cb6a0fb1c180fad85d06b7859aeefc5daae73bdafbacc1a2e54bf7ee59c7981d34ef01d08e541d4418acb469b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Local Storage\leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Voice.ai\Cache\Session Storage\MANIFEST-000001
                          Filesize

                          41B

                          MD5

                          5af87dfd673ba2115e2fcf5cfdb727ab

                          SHA1

                          d5b5bbf396dc291274584ef71f444f420b6056f1

                          SHA256

                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                          SHA512

                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                          Download Submit

                        • C:\Windows\SYSTEM32\VCRUNTIME140.dll
                          Filesize

                          95KB

                          MD5

                          7415c1cc63a0c46983e2a32581daefee

                          SHA1

                          5f8534d79c84ac45ad09b5a702c8c5c288eae240

                          SHA256

                          475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

                          SHA512

                          3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

                          Download Submit

                        • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\.ba\logo.png
                          Filesize

                          1KB

                          MD5

                          d6bd210f227442b3362493d046cea233

                          SHA1

                          ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                          SHA256

                          335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                          SHA512

                          464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                          Download Submit

                        • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\.ba\wixstdba.dll
                          Filesize

                          191KB

                          MD5

                          eab9caf4277829abdf6223ec1efa0edd

                          SHA1

                          74862ecf349a9bedd32699f2a7a4e00b4727543d

                          SHA256

                          a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                          SHA512

                          45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                          Download Submit

                        • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
                          Filesize

                          5.4MB

                          MD5

                          6ce5097b19cf57527651840bb438adf3

                          SHA1

                          49d0b725e5819a076562fd007490eca0bbb69003

                          SHA256

                          f24a3bc5df7e7c07c0d13f46348c989eae7f597f428b20cc9044bba47785b7f0

                          SHA512

                          9152301c4f87018d166b624d73919fc2da7e7ef74b2c1ecf8ad01c31c2b2239013cc3bc22237c81940ae96a5fd1b3698d260c3d3e0a9d0318cdc053e28328d83

                          Download Submit

                        • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\cab5046A8AB272BF37297BB7928664C9503
                          Filesize

                          879KB

                          MD5

                          8e288dd0b5e0468ed8ae01ee566e77e8

                          SHA1

                          fbd11237ae3300a2202444d339601d1ac6bbf310

                          SHA256

                          c80addc870825e9a1aa9281e105e583973ec2846bbd74f1e97cb60911ba7a2e1

                          SHA512

                          facc72bdcdd5de47c0d18ecb5288962b04d9e4924a9a07ee807a3bf0eaa77eac05f086906b680bcf97c3bad5fab0038b47c0e09cd2bbec1d0709eba015bc1c04

                          Download Submit

                        • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\vcRuntimeAdditional_x64
                          Filesize

                          180KB

                          MD5

                          e6df9f55e20905f77b136844a3844dd6

                          SHA1

                          b7c1fb12bda508a62fdd9ffa9e870cae50605aaa

                          SHA256

                          f8745f3523ea73806d591fa4e666e86c30c7e5240a07211a0c11a7633d16c4f0

                          SHA512

                          7c71c2b9a7d3d768d1686cb037362efb9e38c50b652bfaeb22cf86c6c47a85962f9893cbf5e2f86880c9c8fc8bc0278edeb47088813e022ef05d7db15efc0713

                          Download Submit

                        • C:\Windows\Temp\{8F752782-4EF9-4F80-BCC5-776238339D51}\vcRuntimeMinimum_x64
                          Filesize

                          180KB

                          MD5

                          143a2b9f1c0ebc3421b52e9adcb4db2e

                          SHA1

                          06e01b8cc855fd9a31f99b430f8c8745e706c677

                          SHA256

                          5d0416e45819d555ad27e5efc1aeeb465cbb8e2937b3221852bea0f7d9c3a954

                          SHA512

                          7e17309cdaa856bd1bf17535e0f65db585226262a1c9ffcaadb19eb0822a578ad9036487870b97fc86b7167848f69d495aa51c380ba9890a71f8f9a94061fa05

                          Download Submit

                        • C:\Windows\Temp\{9F8474F1-A454-4A1C-9AAD-D211AB94A864}\.cr\vc2019.exe
                          Filesize

                          635KB

                          MD5

                          9bd591625766a7330708b2c6380dc1d7

                          SHA1

                          18018a3d12278187a8dc26eae538a799511bbdfc

                          SHA256

                          21503f265452414f3960b33ba000ab2cbe0a335901e3a585b0935ac4806fdd79

                          SHA512

                          58c90b7889d92f31e76d0559258023cb4693982288721c3c7fcd820e40f6c1ee972d9ffd3c95016c2126314a260da5faabdeb1a8528eb23d469a7ecbe391c1a5

                          Download Submit

                        • \??\c:\PROGRA~1\voice.ai\VOICEA~1\voiceaidriver.sys
                          Filesize

                          71KB

                          MD5

                          90e4c7c347839c09c8f7f45de3f4fda1

                          SHA1

                          18c5a6fae8c9292702d62e9ad2da1e24336f72c6

                          SHA256

                          74c4c2f122d48548019314fe15a331b81bfc10408b0d6f471dee94e37fe3c1bc

                          SHA512

                          2cf37738f112026eeb68636423e619be5e34cae7734ab1cab5d8cc799af7509d2ffca09b566cbe46bb47f54981042099e857660acc2ab24558715408c011bd58

                          Download Submit

                        • \??\c:\program files\voice.ai\voiceaidriver\VoiceAIDriver.cat
                          Filesize

                          12KB

                          MD5

                          26f1832c761580eab272ae065f644005

                          SHA1

                          bdd7eb53423659de315d88ad5bb557ffdf5593a5

                          SHA256

                          bae9e5bbff837d0ebb43ca1ff1a275474d8e50832a590a957afc8d3ee1e5f560

                          SHA512

                          a0c5c4fa7dcc9d4347a521863b9ba4fd2f5eda4d49f70498c4e89c54b59b7773835796e0cc83470c191e1231c69885d22efe823a3a96b2b971ccd1473e2630eb

                          Download Submit

                        • memory/2480-676-0x0000027855110000-0x00000278552D2000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/2480-670-0x0000027852D60000-0x0000027852F21000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/2480-666-0x0000027839F30000-0x0000027839F3A000-memory.dmp

                          Filesize

                          40KB

                          Download

                        • memory/2480-667-0x000002783A0E0000-0x000002783A15C000-memory.dmp

                          Filesize

                          496KB

                          Download

                        • memory/2480-669-0x0000027839F50000-0x0000027839F60000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2480-668-0x0000027839F70000-0x0000027839F82000-memory.dmp

                          Filesize

                          72KB

                          Download

                        • memory/2480-740-0x0000027857350000-0x0000027857878000-memory.dmp

                          Filesize

                          5.2MB

                          Download

                        • memory/2480-739-0x0000027856C60000-0x0000027856CD0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2736-499-0x00000000002C0000-0x0000000000337000-memory.dmp

                          Filesize

                          476KB

                          Download

                        • memory/2948-461-0x00000000002C0000-0x0000000000337000-memory.dmp

                          Filesize

                          476KB

                          Download

                        • memory/3332-551-0x000002D54D770000-0x000002D54DB5C000-memory.dmp

                          Filesize

                          3.9MB

                          Download

                        • memory/3332-555-0x000002D568020000-0x000002D56808C000-memory.dmp

                          Filesize

                          432KB

                          Download

                        • memory/3332-557-0x000002D568340000-0x000002D568444000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/4092-688-0x0000026118970000-0x0000026118A8C000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4480-498-0x00000000002C0000-0x0000000000337000-memory.dmp

                          Filesize

                          476KB

                          Download