File name:

AnarchyEffects_VST_1.5.1.2_64bit.exe

Full analysis: https://app.any.run/tasks/2380ab10-c819-4ca4-81bb-8cf354e1335f
Verdict: Malicious activity
Analysis date: June 24, 2025, 11:13:31
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

806F2C23A4E2E418620265EB84E65C60

SHA1:

5C5ACB3118F3BF0586245020241202477CF81BB4

SHA256:

0429118B2D7CA9DA02A609B652D3A9A289210E1873616DAC1BD6F56E30C3ED9A

SSDEEP:

98304:TeSlB+MHn7wqJDIqTUSWBKI0jKzabpY7MAj2XoCkhWVT7F0Txh+MX9QCXFcF/18m:xtEB001W6w5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • The process creates files with name similar to system file names

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • Executable content was dropped or overwritten

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • Creates a software uninstall entry

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

  • INFO

    • Checks supported languages

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • Reads the computer name

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • Create files in a temporary directory

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • Creates files in the program directory

      • AnarchyEffects_VST_1.5.1.2_64bit.exe (PID: 2952)

    • Reads the software policy settings

      • slui.exe (PID: 6800)

    • Checks proxy server information

      • slui.exe (PID: 6800)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:52+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.5.1.2
ProductVersionNumber: 1.5.1.2
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
CompanyName: Anarchy Sound Software
FileDescription: AnarchyEffects VST Plug-Ins (64 bit)
FileVersion: 1.5.1.2
LegalCopyright: 2013 © Anarchy Sound Software, Gatis Ozols, Andrejs Eigus
ProductName: AnarchyEffects VST Plug-Ins (64 bit)
ProductVersion: 1.5.1.2
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start anarchyeffects_vst_1.5.1.2_64bit.exe slui.exe anarchyeffects_vst_1.5.1.2_64bit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2356"C:\Users\admin\Desktop\AnarchyEffects_VST_1.5.1.2_64bit.exe" C:\Users\admin\Desktop\AnarchyEffects_VST_1.5.1.2_64bit.exeexplorer.exe
User:
admin
Company:
Anarchy Sound Software
Integrity Level:
MEDIUM
Description:
AnarchyEffects VST Plug-Ins (64 bit)
Exit code:
3221226540
Version:
1.5.1.2
Modules
Images
c:\users\admin\desktop\anarchyeffects_vst_1.5.1.2_64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2952"C:\Users\admin\Desktop\AnarchyEffects_VST_1.5.1.2_64bit.exe" C:\Users\admin\Desktop\AnarchyEffects_VST_1.5.1.2_64bit.exe
explorer.exe
User:
admin
Company:
Anarchy Sound Software
Integrity Level:
HIGH
Description:
AnarchyEffects VST Plug-Ins (64 bit)
Exit code:
0
Version:
1.5.1.2
Modules
Images
c:\users\admin\desktop\anarchyeffects_vst_1.5.1.2_64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6800C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
3 604
Read events
3 595
Write events
9
Delete events
0

Modification events

(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AnarchyEffectsVst
Operation:writeName:Plugin_Path_64bit
Value:
C:\Program Files (x86)\VST PlugIns
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:DisplayName
Value:
AnarchyEffects VST Plug-Ins (64 bit) (1.5.1.2)
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:DisplayVersion
Value:
1.5.1.2
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:Publisher
Value:
Anarchy-Rhythms.com
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:URLInfoAbout
Value:
http://www.anarchy-rhythms.com/
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:HelpLink
Value:
info@anarchy-rhythms.com
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\AnarchyEffects\uninstall(64bit).exe"
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:NoModify
Value:
1
(PID) Process:(2952) AnarchyEffects_VST_1.5.1.2_64bit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnarchyEffects64bit
Operation:writeName:NoRepair
Value:
1
Executable files
8
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Users\admin\AppData\Local\Temp\nsa5CB7.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Users\admin\AppData\Local\Temp\nsa5CB7.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Users\admin\AppData\Local\Temp\nsa5CB7.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Program Files (x86)\AnarchyEffects\uninstall(64bit).exeexecutable
MD5:7ED0EA182A477921FCCBFCDFE142A45C
SHA256:F811796654B25F09DBE773B9DE6D32CF36499E3F26EA819A061AA747ECD1CAE4
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Program Files (x86)\VST PlugIns\Convoluter.dllexecutable
MD5:207CEBA831137A5C1CAF546BB8FDC6B0
SHA256:948858BB5214E4F7E1F5718B7A479C070970EBC86BE7D59E269061928E2C3A91
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Program Files (x86)\VST PlugIns\Harmonic Adder.dllexecutable
MD5:36240C4A335C3E240669BB277636C599
SHA256:3399D1AA7B124BAEF4C54FAC0B2842E7B27DD380EC808A20B8B4085F5E71BDBF
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Program Files (x86)\VST PlugIns\Length Separator.dllexecutable
MD5:A15BD9B6361198DE69607D5A1B32B88D
SHA256:C86855D1B3295BB26DE0249948C16CF1A7AA767B470A7F5560076EBDEFF3E08F
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Program Files (x86)\VST PlugIns\Spectral Autopan.dllexecutable
MD5:D2AA47ACFFF67BEDC7FD6CE9C9B5ED58
SHA256:226B882C470D0F3BB06BBF4656AE95527F6963FC0A4689CDA895D370AFFB099C
2952AnarchyEffects_VST_1.5.1.2_64bit.exeC:\Program Files (x86)\VST PlugIns\Corkscrew.dllexecutable
MD5:51777BF192401F28CDD6850E2F837500
SHA256:1E6D56348305B4083FEA463D086992ED4C86BB116440FC812E5138F5E987C371
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
22
DNS requests
7
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4680
RUXIMICS.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4680
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4680
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4680
RUXIMICS.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4680
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
self.events.data.microsoft.com
  • 20.189.173.17
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AnarchyEffects_VST_1.5.1.2_64bit.exe