Overview
overview
8Static
static
3Voice.ai-D...er.exe
windows7-x64
7Voice.ai-D...er.exe
windows10-2004-x64
8$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3Analysis
-
max time kernel
79s -
max time network
79s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05-08-2024 23:01
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
Voice.ai-Downloader.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Voice.ai-Downloader.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
26 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Voice.ai-Downloader.exe
-
Size
477KB
-
MD5
40ffaea0c96bc8fd1ac022ecf287980b
-
SHA1
c9ff64fecee39aa1a4f1c930d6b6ad423e1b1c14
-
SHA256
100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e
-
SHA512
cc0f2ff6b650644564d7469031c96fcaf93b9dd82318eda244abb65970d2e5697ba27bb0c62e31f4f654cc031ac7f19f0692f444674fd174f9acbc201c8944dd
-
SSDEEP
3072:ckBGWOsTIJgIDU5A/cNo68pMABlZQ2wpFD0ra42L5GYDxJ0ytta:c1ssjH5Mp2w7g+42LUS6
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Drivers directory 2 IoCs
description ioc Process File opened for modification C:\Windows\System32\drivers\drmk.sys DrvInst.exe File opened for modification C:\Windows\System32\drivers\portcls.sys DrvInst.exe -
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation VoiceAI.exe Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation VoiceAI.exe Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation VoiceAI.exe Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation vc2019.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voice.ai - Voice Changer.lnk VoiceAI-Installer.exe -
Executes dropped EXE 13 IoCs
pid Process 3136 VoiceAI-Installer.exe 3364 vc2019.exe 3420 vc2019.exe 3760 VC_redist.x64.exe 4768 VoiceAI.exe 632 VoiceAI.exe 4916 VoiceAI.exe 3640 VoiceAI.exe 4472 VoiceAI.exe 1816 VoiceAI.exe 1216 VoiceAI.exe 2164 VoiceAI.exe 5100 VoiceAI.exe -
Loads dropped DLL 64 IoCs
pid Process 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 3136 VoiceAI-Installer.exe 3136 VoiceAI-Installer.exe 3136 VoiceAI-Installer.exe 3420 vc2019.exe 412 VC_redist.x64.exe 4768 VoiceAI.exe 4768 VoiceAI.exe 4768 VoiceAI.exe 4768 VoiceAI.exe 3136 VoiceAI-Installer.exe 3136 VoiceAI-Installer.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 632 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 3640 VoiceAI.exe 3640 VoiceAI.exe 4472 VoiceAI.exe 4472 VoiceAI.exe 1216 VoiceAI.exe 1216 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 4916 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 1216 VoiceAI.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2aaf1df0-eb13-4099-9992-962bb4e596d1} = "\"C:\\ProgramData\\Package Cache\\{2aaf1df0-eb13-4099-9992-962bb4e596d1}\\VC_redist.x64.exe\" /burn.runonce" VC_redist.x64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe -
pid Process 2164 VoiceAI.exe 4472 VoiceAI.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\system32\mfc140cht.dll msiexec.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\SET849C.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0} DrvInst.exe File opened for modification C:\Windows\system32\msvcp140_2.dll msiexec.exe File opened for modification C:\Windows\system32\vcomp140.dll msiexec.exe File created C:\Windows\system32\vcamp140.dll msiexec.exe File created C:\Windows\system32\mfc140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140cht.dll msiexec.exe File created C:\Windows\system32\mfc140u.dll msiexec.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\voiceaidriver.inf DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File opened for modification C:\Windows\system32\msvcp140_1.dll msiexec.exe File opened for modification C:\Windows\system32\concrt140.dll msiexec.exe File opened for modification C:\Windows\system32\vcamp140.dll msiexec.exe File created C:\Windows\system32\msvcp140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140deu.dll msiexec.exe File created C:\Windows\system32\mfc140ita.dll msiexec.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\system32\mfc140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140fra.dll msiexec.exe File created C:\Windows\system32\mfc140fra.dll msiexec.exe File created C:\Windows\system32\vcomp140.dll msiexec.exe File created C:\Windows\system32\mfc140chs.dll msiexec.exe File created C:\Windows\system32\mfc140deu.dll msiexec.exe File created C:\Windows\system32\mfc140esn.dll msiexec.exe File created C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\SET849D.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\SET849E.tmp DrvInst.exe File created C:\Windows\system32\msvcp140_codecvt_ids.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140jpn.dll msiexec.exe File created C:\Windows\system32\mfc140enu.dll msiexec.exe File created C:\Windows\system32\mfcm140.dll msiexec.exe File created C:\Windows\system32\msvcp140_atomic_wait.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140esn.dll msiexec.exe File created C:\Windows\system32\mfc140jpn.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140.dll msiexec.exe File created C:\Windows\system32\vccorlib140.dll msiexec.exe File created C:\Windows\system32\mfcm140u.dll msiexec.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\voiceaidriver.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\SET849D.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\VoiceAIDriver.cat DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.PNF VoiceAI.exe File created C:\Windows\system32\msvcp140_1.dll msiexec.exe File created C:\Windows\system32\vcruntime140.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm140u.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm140.dll msiexec.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\VoiceAIDriver.cat DrvInst.exe File created C:\Windows\system32\concrt140.dll msiexec.exe File created C:\Windows\system32\msvcp140_2.dll msiexec.exe File created C:\Windows\system32\vcruntime140_1.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140kor.dll msiexec.exe File created C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\SET849C.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{aaf9d8c0-669f-7741-8a12-ecec9b4e77b0}\SET849E.tmp DrvInst.exe File opened for modification C:\Windows\system32\vcruntime140_1.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140u.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140ita.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140chs.dll msiexec.exe File created C:\Windows\system32\mfc140kor.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll msiexec.exe File opened for modification C:\Windows\system32\vccorlib140.dll msiexec.exe File created C:\Windows\system32\mfc140rus.dll msiexec.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.sys DrvInst.exe File opened for modification C:\Windows\system32\vcruntime140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140enu.dll msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Voice.ai\locales\disabled\ar.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\es.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\AudioPX.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\BugSplatDotNet.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\Newtonsoft.Json.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\gu.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\hi.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\vi.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\gu.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\it.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\te.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\te.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\ru.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\gcrypt.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\VoiceAILib.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\am.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\fil.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\hr.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\pl.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\uk.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\meta Voice.ai-Downloader.exe File created C:\Program Files\Voice.ai\DriverManager.dll VoiceAI-Installer.exe File opened for modification C:\Program Files\Voice.ai\DriverManager.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\hu.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\ms.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\ja.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\CefSharp.Core.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\d3dcompiler_47.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\libGLESv2.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\tools\vc2019.exe VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\opensource\libgcrypt.txt VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\sw.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\fr.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\sw.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\VoiceAI-Installer.exe Voice.ai-Downloader.exe File created C:\Program Files\Voice.ai\CefSharp.Core.Runtime.dll VoiceAI-Installer.exe File opened for modification C:\Program Files\Voice.ai\gcrypt.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\mr.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\bg.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\et.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\de.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\el.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\pt-BR.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\opensource\cefsharp.txt VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\opensource\naudio.txt VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\ja.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\sv.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\ta.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\am.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\CefSharp.WinForms.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\chrome_elf.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\version VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\opensource\newtonsoft.json.txt VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\ro.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\sr.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\bg.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\da.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\es.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\discord_game_sdk.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\zh-TW.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\libsndfile-1.dll VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\hu.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\sv.pak VoiceAI-Installer.exe File created C:\Program Files\Voice.ai\locales\disabled\ta.pak VoiceAI-Installer.exe -
Drops file in Windows directory 22 IoCs
description ioc Process File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\e586fce.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI77FC.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{A977984B-9244-49E3-BD24-43F0A8009667} msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File created C:\Windows\inf\oem3.inf DrvInst.exe File created C:\Windows\Installer\e586fbc.msi msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI71D0.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{A181A302-3F6D-4BAD-97A8-A426A6499D78} msiexec.exe File opened for modification C:\Windows\Installer\e586fcf.msi msiexec.exe File created C:\Windows\Installer\e586fe4.msi msiexec.exe File created C:\Windows\INF\c_media.PNF VoiceAI.exe File opened for modification C:\Windows\INF\setupapi.dev.log VoiceAI.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\inf\oem3.inf DrvInst.exe File opened for modification C:\Windows\Installer\e586fbc.msi msiexec.exe File created C:\Windows\Installer\e586fcf.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI79C2.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI7442.tmp msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vc2019.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Voice.ai-Downloader.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VoiceAI-Installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vc2019.exe -
Checks SCSI registry key(s) 3 TTPs 47 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID VoiceAI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom DrvInst.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID DrvInst.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags VoiceAI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs VoiceAI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 VoiceAI.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DrvInst.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000bf081c85bb6cd1e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000bf081c850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900bf081c85000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dbf081c85000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000bf081c8500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 VoiceAI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom VoiceAI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe -
Modifies data under HKEY_USERS 59 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{A181A302-3F6D-4BAD-97A8-A426A6499D78}v14.31.31103\\packages\\vcRuntimeMinimum_amd64\\" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\PackageCode = "E49FE452611FCB64B91833BADDC6195B" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\Assignment = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A977984B-9244-49E3-BD24-43F0A8009667}v14.31.31103\\packages\\vcRuntimeAdditional_amd64\\" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\Clients = 3a0000000000 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\203A181AD6F3DAB4798A4A626A94D987 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voiceai\shell\open\command VoiceAI-Installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\PackageCode = "09139770F15A2384695CFEF667B84B3C" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B489779A44293E94DB42340F8A006976\Servicing_Key msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{A977984B-9244-49E3-BD24-43F0A8009667}v14.31.31103\\packages\\vcRuntimeAdditional_amd64\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{2aaf1df0-eb13-4099-9992-962bb4e596d1} VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103" VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\Media\1 = ";" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle\Version = "14.31.31103.0" VC_redist.x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle\Dependents\{2aaf1df0-eb13-4099-9992-962bb4e596d1} VC_redist.x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\203A181AD6F3DAB4798A4A626A94D987\VC_Runtime_Minimum msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} VC_redist.x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle\Dependents VC_redist.x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B489779A44293E94DB42340F8A006976\Provider msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14 VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.31,bundle\ = "{2aaf1df0-eb13-4099-9992-962bb4e596d1}" VC_redist.x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\PackageName = "vc_runtimeMinimum_x64.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B489779A44293E94DB42340F8A006976\Version = "236943743" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\B489779A44293E94DB42340F8A006976 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents VC_redist.x64.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\voiceai\shell VoiceAI-Installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\Language = "1033" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.31.31103" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\203A181AD6F3DAB4798A4A626A94D987\Servicing_Key msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A181A302-3F6D-4BAD-97A8-A426A6499D78}v14.31.31103\\packages\\vcRuntimeMinimum_amd64\\" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\voiceai\shell\open\command\ = "\"C:\\Program Files\\Voice.ai\\VoiceAI.exe\" \"%1\"" VoiceAI-Installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\203A181AD6F3DAB4798A4A626A94D987\Version = "236943743" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{A977984B-9244-49E3-BD24-43F0A8009667}" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{2aaf1df0-eb13-4099-9992-962bb4e596d1} VC_redist.x64.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 VoiceAI.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e VoiceAI.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 VoiceAI.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 VoiceAI.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e VoiceAI.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 2740 Voice.ai-Downloader.exe 1564 msiexec.exe 1564 msiexec.exe 1564 msiexec.exe 1564 msiexec.exe 1564 msiexec.exe 1564 msiexec.exe 1564 msiexec.exe 1564 msiexec.exe 3640 VoiceAI.exe 3640 VoiceAI.exe 4916 VoiceAI.exe 4916 VoiceAI.exe 1816 VoiceAI.exe 1816 VoiceAI.exe 1216 VoiceAI.exe 1216 VoiceAI.exe 4472 VoiceAI.exe 4472 VoiceAI.exe 2164 VoiceAI.exe 2164 VoiceAI.exe 5100 VoiceAI.exe 5100 VoiceAI.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeBackupPrivilege 3788 vssvc.exe Token: SeRestorePrivilege 3788 vssvc.exe Token: SeAuditPrivilege 3788 vssvc.exe Token: SeShutdownPrivilege 3760 VC_redist.x64.exe Token: SeIncreaseQuotaPrivilege 3760 VC_redist.x64.exe Token: SeSecurityPrivilege 1564 msiexec.exe Token: SeCreateTokenPrivilege 3760 VC_redist.x64.exe Token: SeAssignPrimaryTokenPrivilege 3760 VC_redist.x64.exe Token: SeLockMemoryPrivilege 3760 VC_redist.x64.exe Token: SeIncreaseQuotaPrivilege 3760 VC_redist.x64.exe Token: SeMachineAccountPrivilege 3760 VC_redist.x64.exe Token: SeTcbPrivilege 3760 VC_redist.x64.exe Token: SeSecurityPrivilege 3760 VC_redist.x64.exe Token: SeTakeOwnershipPrivilege 3760 VC_redist.x64.exe Token: SeLoadDriverPrivilege 3760 VC_redist.x64.exe Token: SeSystemProfilePrivilege 3760 VC_redist.x64.exe Token: SeSystemtimePrivilege 3760 VC_redist.x64.exe Token: SeProfSingleProcessPrivilege 3760 VC_redist.x64.exe Token: SeIncBasePriorityPrivilege 3760 VC_redist.x64.exe Token: SeCreatePagefilePrivilege 3760 VC_redist.x64.exe Token: SeCreatePermanentPrivilege 3760 VC_redist.x64.exe Token: SeBackupPrivilege 3760 VC_redist.x64.exe Token: SeRestorePrivilege 3760 VC_redist.x64.exe Token: SeShutdownPrivilege 3760 VC_redist.x64.exe Token: SeDebugPrivilege 3760 VC_redist.x64.exe Token: SeAuditPrivilege 3760 VC_redist.x64.exe Token: SeSystemEnvironmentPrivilege 3760 VC_redist.x64.exe Token: SeChangeNotifyPrivilege 3760 VC_redist.x64.exe Token: SeRemoteShutdownPrivilege 3760 VC_redist.x64.exe Token: SeUndockPrivilege 3760 VC_redist.x64.exe Token: SeSyncAgentPrivilege 3760 VC_redist.x64.exe Token: SeEnableDelegationPrivilege 3760 VC_redist.x64.exe Token: SeManageVolumePrivilege 3760 VC_redist.x64.exe Token: SeImpersonatePrivilege 3760 VC_redist.x64.exe Token: SeCreateGlobalPrivilege 3760 VC_redist.x64.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 632 VoiceAI.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 632 VoiceAI.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 632 VoiceAI.exe -
Suspicious use of WriteProcessMemory 45 IoCs
description pid Process procid_target PID 2740 wrote to memory of 3136 2740 Voice.ai-Downloader.exe 89 PID 2740 wrote to memory of 3136 2740 Voice.ai-Downloader.exe 89 PID 2740 wrote to memory of 3136 2740 Voice.ai-Downloader.exe 89 PID 3136 wrote to memory of 3364 3136 VoiceAI-Installer.exe 92 PID 3136 wrote to memory of 3364 3136 VoiceAI-Installer.exe 92 PID 3136 wrote to memory of 3364 3136 VoiceAI-Installer.exe 92 PID 3364 wrote to memory of 3420 3364 vc2019.exe 93 PID 3364 wrote to memory of 3420 3364 vc2019.exe 93 PID 3364 wrote to memory of 3420 3364 vc2019.exe 93 PID 3420 wrote to memory of 3760 3420 vc2019.exe 94 PID 3420 wrote to memory of 3760 3420 vc2019.exe 94 PID 3420 wrote to memory of 3760 3420 vc2019.exe 94 PID 3760 wrote to memory of 4656 3760 VC_redist.x64.exe 104 PID 3760 wrote to memory of 4656 3760 VC_redist.x64.exe 104 PID 3760 wrote to memory of 4656 3760 VC_redist.x64.exe 104 PID 4656 wrote to memory of 412 4656 VC_redist.x64.exe 105 PID 4656 wrote to memory of 412 4656 VC_redist.x64.exe 105 PID 4656 wrote to memory of 412 4656 VC_redist.x64.exe 105 PID 412 wrote to memory of 2180 412 VC_redist.x64.exe 106 PID 412 wrote to memory of 2180 412 VC_redist.x64.exe 106 PID 412 wrote to memory of 2180 412 VC_redist.x64.exe 106 PID 3136 wrote to memory of 4768 3136 VoiceAI-Installer.exe 107 PID 3136 wrote to memory of 4768 3136 VoiceAI-Installer.exe 107 PID 512 wrote to memory of 1856 512 svchost.exe 110 PID 512 wrote to memory of 1856 512 svchost.exe 110 PID 512 wrote to memory of 4208 512 svchost.exe 111 PID 512 wrote to memory of 4208 512 svchost.exe 111 PID 3136 wrote to memory of 4900 3136 VoiceAI-Installer.exe 112 PID 3136 wrote to memory of 4900 3136 VoiceAI-Installer.exe 112 PID 4944 wrote to memory of 632 4944 explorer.exe 114 PID 4944 wrote to memory of 632 4944 explorer.exe 114 PID 632 wrote to memory of 4916 632 VoiceAI.exe 115 PID 632 wrote to memory of 4916 632 VoiceAI.exe 115 PID 632 wrote to memory of 3640 632 VoiceAI.exe 116 PID 632 wrote to memory of 3640 632 VoiceAI.exe 116 PID 632 wrote to memory of 1816 632 VoiceAI.exe 117 PID 632 wrote to memory of 1816 632 VoiceAI.exe 117 PID 632 wrote to memory of 1216 632 VoiceAI.exe 118 PID 632 wrote to memory of 1216 632 VoiceAI.exe 118 PID 632 wrote to memory of 2164 632 VoiceAI.exe 119 PID 632 wrote to memory of 2164 632 VoiceAI.exe 119 PID 632 wrote to memory of 4472 632 VoiceAI.exe 120 PID 632 wrote to memory of 4472 632 VoiceAI.exe 120 PID 632 wrote to memory of 5100 632 VoiceAI.exe 121 PID 632 wrote to memory of 5100 632 VoiceAI.exe 121 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files\Voice.ai\VoiceAI-Installer.exe"C:\Program Files\Voice.ai\VoiceAI-Installer.exe" /path "C:\Program Files\Voice.ai"2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Program Files\Voice.ai\tools\vc2019.exe"C:\Program Files\Voice.ai\tools\vc2019.exe" /q /norestart3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Windows\Temp\{2C786CD1-41E0-4CAD-A413-CC1B6D216D8C}\.cr\vc2019.exe"C:\Windows\Temp\{2C786CD1-41E0-4CAD-A413-CC1B6D216D8C}\.cr\vc2019.exe" -burn.clean.room="C:\Program Files\Voice.ai\tools\vc2019.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /q /norestart4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3420 -
C:\Windows\Temp\{80E9639B-8F0E-4BB9-9972-68CB25E19897}\.be\VC_redist.x64.exe"C:\Windows\Temp\{80E9639B-8F0E-4BB9-9972-68CB25E19897}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E5921248-CDC4-4F1B-80B7-B3B69640C01E} {B6076F2A-8D3B-43A7-B6BB-8F1A6DA9A057} 34205⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3760 -
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1076 -burn.embedded BurnPipe.{3681D9C6-0EAB-4A38-82B2-5FA280E934E0} {C867D650-2EFD-473E-809A-3380F5C0CBBB} 37606⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1076 -burn.embedded BurnPipe.{3681D9C6-0EAB-4A38-82B2-5FA280E934E0} {C867D650-2EFD-473E-809A-3380F5C0CBBB} 37607⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:412 -
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{08F56884-32DB-45BB-9E55-BCC0137C546D} {7777DB4B-E788-4ECD-83D9-49688694581C} 4128⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2180
-
-
-
-
-
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" installdriver3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies system certificate store
PID:4768
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" "C:\Program Files\Voice.ai\VoiceAI.exe"3⤵PID:4900
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3788
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵PID:3540
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1564
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:512 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0081f2b0-c905-5740-bb58-35d7dc982dee}\voiceaidriver.inf" "9" "46b7f3743" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\program files\voice.ai\voiceaidriver"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1856
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca11bfc96d40:VOICEAIDRIVER_SA:16.36.0.99:root\voiceaidriver," "46b7f3743" "0000000000000148"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
PID:4208
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=2508 --field-trial-handle=2656,i,2742722215811193775,18184148068626751201,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=6323⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4916
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:/Program Files/Voice.ai/VoiceAI.exe" discord 6323⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3640
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3264 --field-trial-handle=2656,i,2742722215811193775,18184148068626751201,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=6323⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1816
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3284 --field-trial-handle=2656,i,2742722215811193775,18184148068626751201,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=6323⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1216
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3532 --field-trial-handle=2656,i,2742722215811193775,18184148068626751201,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=632 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
- Network Service Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2164
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\Voice.ai\debug.log" --use-fake-ui-for-media-stream --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3548 --field-trial-handle=2656,i,2742722215811193775,18184148068626751201,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=632 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Network Service Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
-
C:\Program Files\Voice.ai\VoiceAI.exe"C:\Program Files\Voice.ai\VoiceAI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Program Files\Voice.ai\debug.log" --mojo-platform-channel-handle=3940 --field-trial-handle=2656,i,2742722215811193775,18184148068626751201,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=6323⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5100
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x5601⤵PID:2824
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5d709c6ce10935f0d5186ae44a06bbd9f
SHA1f5366dbad8ace9ce95c854011522ae96b8d2701d
SHA256cb1acf563e1cac5049cba2a9e1e47ba67a409702d3986baff6e7aad4fd2d929c
SHA51290d586c23cb37654a8d34cc9ca9ed3ce7dbd5229a00fff80bac1c61a5fb3b9c1b0b7ad3436cf7765d4fd5400d0b911431042a938d7f87be21fa942f0f424bf02
-
Filesize
19KB
MD5f92b04aeb9b567795d1c4450f95488b2
SHA1b6724a94dca235b70107173c213bcbc22a4a788d
SHA256785a66450e23662c9d885ddb6ff5eb3b21a190e05e5305dffcb9786d408dc917
SHA5127fc51777c63345e2cc1ca7f2966102ee678de3b0696f1745e7823ac1ba66f11e33d9a2d8b877255def4d82da3b42e20a0f282119c5c601e64738deb0ba2e1787
-
Filesize
21KB
MD5ad2fe89fd84f529219421a3328e6c4e4
SHA186e2a11325735ed004c8516280c4f6afa464cffc
SHA2561f0a9f85ad239abd053bd1b39fb8b29428bdfb9973d1c2dce4b3ecdd534c6722
SHA5125ea479e1a567d131082fc0a6dc7471682650b4a0dd294a4156231370bac1de77110c91b732b36ab5d9751fe3b392fdd80c5ab2ef8a9f8aebddb14ab3e7e9b432
-
Filesize
21KB
MD58340782e88ec8e23a0bf1e2d4d3db3fe
SHA1e256c62fe70f55846e7dbced958243376314ff1f
SHA25647f8e7e7400e3e2613158c2cf2c88f82458d031d9b27ec0a4d4778b0c77dab8a
SHA512c4745fca80811bda98b1223d452d02fff66ccdde80255da1125f135e105e23250657f46fd1fac98f66dbba121fc59c4e5415ef50c5c89d5db8c357c06dcca39d
-
Filesize
426KB
MD5621b743e7c8f399ddc1b85fa20abe3dd
SHA1fe578bf934b40285cab078c36652d6e678500214
SHA2564e12a69518507d362125e60531077dd2c4a2176cf487f620b5a812a32ce4f7b9
SHA5123df19387c8cd24adede85ff2122c94b1765aa7a0ffa67735bb99ccf46cad2523e959b597c985bd790867ad685e6f6ced8b3bbf77e6d1b62feafbe044ca737444
-
Filesize
1.0MB
MD569f79d227400c5c5a17e4fe6b5719009
SHA1d7ace396db95eced9b4f98badc4282f359999d28
SHA2567be25c5ddbbad217fcb40dbef92ba783bb8a155d3db48cde5a4c32e13761cbf7
SHA51249262793c3b64fd454522381856761e456999d36e84ee228a894cefa4e19473302e9d7941d49b3a4d6faed98b136a18d60fb1dfdeaf4119f6fddb4c82da6f24c
-
Filesize
83KB
MD584efdeb4b69067ce023b4f8c13d47aaa
SHA15d47146102f7e52e8a935651d5acc367147d9f5c
SHA256473ffb68b425a83f0465fe4c5d5c1ae26862fb907469a5dd03640d9c7ee18372
SHA51203ea586cc30181f92c65673481e694323c1fff9422ef829986d19f27a5ab8add61502a2a024a19303d7244edcf895d99d5649d898d2f07ea3e85aa8ea1a197d4
-
Filesize
4.0MB
MD5a22ed8950371d6021f9628ece195e7f8
SHA10e6e7d001498ebeccd59db3333c346d25dd9ea98
SHA256d5353a336fa2eccf73fdcdfd6153e197cda113dd05f78cb2324047d791eeddc1
SHA5124b0e73834c2edf3d4f83d692b54fcbe95299f207d74983bb270ec567bdb8df5333211217b4880de18ae570632ad90e4679d0c96eb888828f2ce7bba7e9131dc0
-
Filesize
14KB
MD5fa4ddfa2231dc2c50e26794ae7356e0b
SHA1463f4c2ac4f7505f2361c7853505b19fbe08f257
SHA256a3554efa382a84130393a4d8656b31f06b20b9387e27fcba978162213fb7be90
SHA512be11de31cdea93320a03892b572b17985a66d8b8483d1568afcba9d6cd73cfc8f86c628736d9c8649cb9af0acba17dc26c14fef55b2951520236f650b5a55946
-
Filesize
23B
MD56997abf8c138e85961f89ee82ae53532
SHA132e7d5b03035f8e6597493168003890c0a3ed29a
SHA2560fbae5806b1bc5bf6f68ae6bc0975be1ec56e27edcb4a572792246e2aa8d1ccf
SHA512b176783b0c4c6503d8274484b7584acd8d7a9a29b73da63f9a01184f54e7fc7aef330301c6b97a717aa22bc96547aa8156dd432c5b15107e4b23cfa7b23da17a
-
Filesize
24.1MB
MD54a85bfd44f09ef46679fafcb1bab627a
SHA17741a5cad238ce3e4ca7756058f2a67a57fee9d1
SHA25637ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b
SHA512600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98
-
Filesize
1KB
MD57fb5fa1534dcf77f2125b2403b30a0ee
SHA1365d96812a69ac0a4611ea4b70a3f306576cc3ea
SHA25633a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f
SHA512a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
Filesize1KB
MD5c1286ee0b3887a890b02a827c0b4a56e
SHA1533fcebfc042f00e51bf7089f1c645d51e6f4bfc
SHA25620c1d3af5eaa07a7c1987ccabd4d38480dd2d9398209c750280e8f0d5f7a82fc
SHA512070663d8fccc0c2858ed3e134f0c02e0cc2dee00830d339c9dc5fefeabb41b2d00cac3758750997085441d37d2b839f9fe3e1859d34e82149b4f638bd7898795
-
Filesize
436B
MD5971c514f84bba0785f80aa1c23edfd79
SHA1732acea710a87530c6b08ecdf32a110d254a54c8
SHA256f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA51243dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_EF52C1EC85F21F31CC0157A5C8803013
Filesize484B
MD54eefd763e3c4eb3943f5cb8f352b3483
SHA168e61b4eab3fd8764e25421b90f117ea7e22abfd
SHA2568a58729c4bafbaeaf4db94753e6c81b05085ea849b6788891023c7437d9b5081
SHA51244339e994943930b568e2bca2dc13c7afc3cadce3e64330ae9723b556b031acdbeb5e4e52f021124c42ff8fda3b985bc6e3317035b0f2d50a5602afd903e0f59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
Filesize174B
MD53f9ed1fe2a60ff169a7924f82aa444ec
SHA1372a5efcaeacba98cbb4fcb91dcc5284a242650a
SHA256c0ffa2c1c484e0edd34a7232076693451f4f9b1e858232dd0837822b3ad3484a
SHA51279c5ac3c60db65768492d15249a3c353ba6fb777223c851c2ccd20840e3438d99e061e41008cad89e9582ac37c37376cbca973d99c68205be65b5b3c5f9faefd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
Filesize482B
MD552721d6bba939eb5aee44593aac88c3d
SHA1c6e07e09f7cc1e9efde9a73022065bd6b2322ada
SHA2568a2288da215de4ff59ae4a6642326011aaf310408317c0b011347b426c627df9
SHA51274c7195b06e12bfa4728e6124739df876a4ded8e267b04181e821b58a6ba7075c913b86e29d103239ce27f495ee48d056ed01577e94837230a66b865106e09b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
Filesize170B
MD52f19cc99fe03b6d28855e712a615459f
SHA1b70f3946bcf298e04efaafb323edd1e983213851
SHA25682e4a51dadc7d4ab2a537060eb092f8c1ac1893fe43a946d5a3a9be0b4e41498
SHA512e944c9e03da1a9d30632acb5b8f69862e9911d308ba0394873fe9ea6311ab5c6fac24255ffbc93f55a95629f818c24ec55d2b8f39e8c59fdc68eef8f9a72ea57
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
16B
MD57363e85fe9edee6f053a4b319588c086
SHA1a15e2127145548437173fc17f3e980e3f3dee2d0
SHA256c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
SHA512a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85
-
Filesize
2KB
MD5852702b5310a722e77876e56c0c9cd87
SHA102ffcd9967f2f6d52eae15876466cd15f19641c9
SHA25699ad30037b0eef42d080fcdd16002f1fc91637679d0d37a7bf1dcdc0baf9a132
SHA5121befc06d6deee9e7176289c7af3070afe73b2fbac627abdc52ab64d42814537945f954febd4c2c70b1112b19184a4417de37a6968dc416d6c5a21cf93de4bea0
-
Filesize
2KB
MD52d91599b3f612a92d214c7610b436eda
SHA101386dd6867cb7e9fb8da05c8881bfddeea5e40c
SHA256a753520272e81a732192fdae57b5031842b4d2bffacd603874dc99d70923fd20
SHA512f09c363ffaf44e716a1481e6ac7b16b45e505684cb42186ef0fd6408750cc98dc8266249519893046b64ab6f7c04981420a17b8dc2a89b7c189640f678dddef2
-
Filesize
9KB
MD5f5b0c649b0cfc103fb113d013d48cacb
SHA1f89286966000cb053b7e94100c76ec6d1129af07
SHA256a87bd092fa5bc00661525455b9f866b68c14c29224520c4e38f56f47234cfc1e
SHA512e184101a03ee1c8896efb0029a02a23e46d422bc0f250ef15349c8214d44156afe2b5f739d8a2339bc2d1c05984fc55651c36c71897cd4b14f41dd37a25cfb01
-
Filesize
21KB
MD52b342079303895c50af8040a91f30f71
SHA1b11335e1cb8356d9c337cb89fe81d669a69de17e
SHA2562d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f
SHA512550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47
-
Filesize
12KB
MD5792b6f86e296d3904285b2bf67ccd7e0
SHA1966b16f84697552747e0ddd19a4ba8ab5083af31
SHA256c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917
SHA51297edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c
-
Filesize
4KB
MD505450face243b3a7472407b999b03a72
SHA1ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
SHA25695fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
SHA512f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
-
Filesize
33KB
MD5a81ea6b02d432c02090bb2feb47c7088
SHA1e7fa9b6ef565191d297ec48c7605a0193419ede4
SHA256b05dee42264199d791c62531858b80a456a60ebdfbc6d81e25a90cdd81baf186
SHA5129d805552128577aeecec170ea200245aa9818d0bcb8cc1419f954f68d47d1dd2df99efbaa76a810fc0d0078c681c9bdf9c831beee504c69a398c9ed87cef6643
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
95KB
MD57415c1cc63a0c46983e2a32581daefee
SHA15f8534d79c84ac45ad09b5a702c8c5c288eae240
SHA256475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1
SHA5123d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf
-
Filesize
635KB
MD59bd591625766a7330708b2c6380dc1d7
SHA118018a3d12278187a8dc26eae538a799511bbdfc
SHA25621503f265452414f3960b33ba000ab2cbe0a335901e3a585b0935ac4806fdd79
SHA51258c90b7889d92f31e76d0559258023cb4693982288721c3c7fcd820e40f6c1ee972d9ffd3c95016c2126314a260da5faabdeb1a8528eb23d469a7ecbe391c1a5
-
Filesize
1KB
MD5d6bd210f227442b3362493d046cea233
SHA1ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b
-
Filesize
191KB
MD5eab9caf4277829abdf6223ec1efa0edd
SHA174862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA51245b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
Filesize
5.4MB
MD56ce5097b19cf57527651840bb438adf3
SHA149d0b725e5819a076562fd007490eca0bbb69003
SHA256f24a3bc5df7e7c07c0d13f46348c989eae7f597f428b20cc9044bba47785b7f0
SHA5129152301c4f87018d166b624d73919fc2da7e7ef74b2c1ecf8ad01c31c2b2239013cc3bc22237c81940ae96a5fd1b3698d260c3d3e0a9d0318cdc053e28328d83
-
Filesize
879KB
MD58e288dd0b5e0468ed8ae01ee566e77e8
SHA1fbd11237ae3300a2202444d339601d1ac6bbf310
SHA256c80addc870825e9a1aa9281e105e583973ec2846bbd74f1e97cb60911ba7a2e1
SHA512facc72bdcdd5de47c0d18ecb5288962b04d9e4924a9a07ee807a3bf0eaa77eac05f086906b680bcf97c3bad5fab0038b47c0e09cd2bbec1d0709eba015bc1c04
-
Filesize
180KB
MD5e6df9f55e20905f77b136844a3844dd6
SHA1b7c1fb12bda508a62fdd9ffa9e870cae50605aaa
SHA256f8745f3523ea73806d591fa4e666e86c30c7e5240a07211a0c11a7633d16c4f0
SHA5127c71c2b9a7d3d768d1686cb037362efb9e38c50b652bfaeb22cf86c6c47a85962f9893cbf5e2f86880c9c8fc8bc0278edeb47088813e022ef05d7db15efc0713
-
Filesize
180KB
MD5143a2b9f1c0ebc3421b52e9adcb4db2e
SHA106e01b8cc855fd9a31f99b430f8c8745e706c677
SHA2565d0416e45819d555ad27e5efc1aeeb465cbb8e2937b3221852bea0f7d9c3a954
SHA5127e17309cdaa856bd1bf17535e0f65db585226262a1c9ffcaadb19eb0822a578ad9036487870b97fc86b7167848f69d495aa51c380ba9890a71f8f9a94061fa05
-
Filesize
71KB
MD590e4c7c347839c09c8f7f45de3f4fda1
SHA118c5a6fae8c9292702d62e9ad2da1e24336f72c6
SHA25674c4c2f122d48548019314fe15a331b81bfc10408b0d6f471dee94e37fe3c1bc
SHA5122cf37738f112026eeb68636423e619be5e34cae7734ab1cab5d8cc799af7509d2ffca09b566cbe46bb47f54981042099e857660acc2ab24558715408c011bd58
-
Filesize
12KB
MD526f1832c761580eab272ae065f644005
SHA1bdd7eb53423659de315d88ad5bb557ffdf5593a5
SHA256bae9e5bbff837d0ebb43ca1ff1a275474d8e50832a590a957afc8d3ee1e5f560
SHA512a0c5c4fa7dcc9d4347a521863b9ba4fd2f5eda4d49f70498c4e89c54b59b7773835796e0cc83470c191e1231c69885d22efe823a3a96b2b971ccd1473e2630eb
