File name:

VRCKit_Setup_0.2.3.exe

Full analysis: https://app.any.run/tasks/0d0f6543-fba8-41b7-a22e-b2db156cce48
Verdict: Malicious activity
Analysis date: July 20, 2025, 21:37:46
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

B1AFA659DC869703CE41C4FE68501E60

SHA1:

2DCE7F01C54F8745BD1F5E2E0ED5ADB8A805EEC1

SHA256:

3DDD3BBF7A9DB77B3AF60D09E99F29C3681225593F19B07EC40F0A6252C4DCE4

SSDEEP:

786432:9gb/iJQJJGjdZrtBVkP9g0GZa5RdVcXr62FdexV:eb/iJQJJGjv6P990a5nVuTFdexV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Executable content was dropped or overwritten

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Get information on the list of running processes

      • VRCKit_Setup_0.2.3.exe (PID: 6236)
      • cmd.exe (PID: 2504)

    • Creates a software uninstall entry

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Reads security settings of Internet Explorer

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Drops 7-zip archiver for unpacking

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Process drops legitimate windows executable

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Application launched itself

      • VRCKit.exe (PID: 1728)

    • Starts CMD.EXE for commands execution

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

  • INFO

    • Checks supported languages

      • VRCKit_Setup_0.2.3.exe (PID: 6236)
      • VRCKit.exe (PID: 1728)
      • VRCKit.exe (PID: 3768)
      • VRCKit.exe (PID: 4036)
      • VRCKit.exe (PID: 5244)
      • VRCKit.exe (PID: 2228)

    • Reads the computer name

      • VRCKit_Setup_0.2.3.exe (PID: 6236)
      • VRCKit.exe (PID: 1728)
      • VRCKit.exe (PID: 4036)
      • VRCKit.exe (PID: 3768)
      • VRCKit.exe (PID: 5244)
      • VRCKit.exe (PID: 2228)

    • The sample compiled with english language support

      • VRCKit_Setup_0.2.3.exe (PID: 6236)

    • Create files in a temporary directory

      • VRCKit_Setup_0.2.3.exe (PID: 6236)
      • VRCKit.exe (PID: 1728)

    • Creates files or folders in the user directory

      • VRCKit.exe (PID: 1728)
      • VRCKit_Setup_0.2.3.exe (PID: 6236)
      • VRCKit.exe (PID: 3768)
      • VRCKit.exe (PID: 2228)

    • Reads the machine GUID from the registry

      • VRCKit.exe (PID: 1728)
      • VRCKit.exe (PID: 2228)

    • Checks proxy server information

      • VRCKit.exe (PID: 1728)
      • slui.exe (PID: 7044)

    • Reads product name

      • VRCKit.exe (PID: 5244)

    • Process checks computer location settings

      • VRCKit.exe (PID: 5244)
      • VRCKit.exe (PID: 1728)

    • Reads Environment values

      • VRCKit.exe (PID: 5244)

    • Manual execution by a user

      • VRCKit.exe (PID: 1728)

    • Reads the software policy settings

      • slui.exe (PID: 7044)

    • Node.js compiler has been detected

      • VRCKit.exe (PID: 1728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.2.3.0
ProductVersionNumber: 0.2.3.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Kıraç Armağan Önal
FileDescription: VRCKit
FileVersion: 0.2.3
LegalCopyright: Copyright © 2024-2025 VRCKit
ProductName: VRCKit
ProductVersion: 0.2.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
134
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vrckit_setup_0.2.3.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs slui.exe vrckit.exe vrckit.exe no specs vrckit.exe vrckit.exe no specs vrckit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1660\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1728"C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe" C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe
explorer.exe
User:
admin
Company:
Kıraç Armağan Önal
Integrity Level:
MEDIUM
Description:
VRCKit
Version:
0.2.3
Modules
Images
c:\users\admin\appdata\local\programs\vrckit\vrckit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2228"C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --user-data-dir="C:\Users\admin\AppData\Roaming\vrckit" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3692,i,4730799668382090021,11801337634493242751,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:8C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exeVRCKit.exe
User:
admin
Company:
Kıraç Armağan Önal
Integrity Level:
MEDIUM
Description:
VRCKit
Exit code:
0
Version:
0.2.3
Modules
Images
c:\users\admin\appdata\local\programs\vrckit\vrckit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\combase.dll
2504"C:\WINDOWS\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq VRCKit.exe" /FO csv | "C:\WINDOWS\system32\find.exe" "VRCKit.exe"C:\Windows\SysWOW64\cmd.exeVRCKit_Setup_0.2.3.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3768"C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\vrckit" --field-trial-handle=2032,i,4730799668382090021,11801337634493242751,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:3C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe
VRCKit.exe
User:
admin
Company:
Kıraç Armağan Önal
Integrity Level:
MEDIUM
Description:
VRCKit
Version:
0.2.3
Modules
Images
c:\users\admin\appdata\local\programs\vrckit\vrckit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4036"C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\vrckit" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1808,i,4730799668382090021,11801337634493242751,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exeVRCKit.exe
User:
admin
Company:
Kıraç Armağan Önal
Integrity Level:
LOW
Description:
VRCKit
Version:
0.2.3
Modules
Images
c:\users\admin\appdata\local\programs\vrckit\vrckit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4664"C:\WINDOWS\system32\find.exe" "VRCKit.exe"C:\Windows\SysWOW64\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\find.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5244"C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\vrckit" --app-user-model-id=rest.armagan.vrckit --app-path="C:\Users\admin\AppData\Local\Programs\vrckit\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3052,i,4730799668382090021,11801337634493242751,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3048 /prefetch:1C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exeVRCKit.exe
User:
admin
Company:
Kıraç Armağan Önal
Integrity Level:
MEDIUM
Description:
VRCKit
Version:
0.2.3
Modules
Images
c:\users\admin\appdata\local\programs\vrckit\vrckit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\dbghelp.dll
6236"C:\Users\admin\Desktop\VRCKit_Setup_0.2.3.exe" C:\Users\admin\Desktop\VRCKit_Setup_0.2.3.exe
explorer.exe
User:
admin
Company:
Kıraç Armağan Önal
Integrity Level:
MEDIUM
Description:
VRCKit
Exit code:
0
Version:
0.2.3
Modules
Images
c:\users\admin\desktop\vrckit_setup_0.2.3.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7004tasklist /FI "USERNAME eq admin" /FI "IMAGENAME eq VRCKit.exe" /FO csv C:\Windows\SysWOW64\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
6 058
Read events
6 026
Write events
14
Delete events
18

Modification events

(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
121
(PID) Process:(1728) VRCKit.exeKey:HKEY_CLASSES_ROOT\vrckit
Operation:writeName:URL Protocol
Value:
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\vrckit
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:ShortcutName
Value:
VRCKit
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:DisplayName
Value:
VRCKit 0.2.3
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\vrckit\Uninstall VRCKit.exe" /currentuser
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\vrckit\Uninstall VRCKit.exe" /currentuser /S
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:DisplayVersion
Value:
0.2.3
(PID) Process:(6236) VRCKit_Setup_0.2.3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\905156c4-e6f7-567c-8307-0e8b950bc2f9
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\vrckit\VRCKit.exe,0
Executable files
21
Suspicious files
201
Text files
12
Unknown types
0

Dropped files

PID
Process
Filename
Type
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\app-64.7z
MD5:
SHA256:
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\7z-out\icudtl.dat
MD5:
SHA256:
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\7z-out\LICENSE.electron.txttext
MD5:4D42118D35941E0F664DDDBD83F633C5
SHA256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\7z-out\locales\ar.pakbinary
MD5:EDE9E9C5E57699E51836C82C45D84F8E
SHA256:5D33EEF0B37EF42DCDC7857BE9A2D6478ED2DBD9A297D9C507E2ADED8489E267
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\7z-out\chrome_100_percent.pakbinary
MD5:001AA2A7D5DCAF2D0987804A37E21DB9
SHA256:0B84B7680630DD51CB36A2FCDD7CC3B031636FE6B91F81772822BE9E514132FE
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\7z-out\locales\bn.pakbinary
MD5:58DE6FBA6BD9AA1048184FE5B6D83131
SHA256:C9796601FF3EBF43751C2FCA26CA9FC220FDB440A9E83CE321E0DF3EB8740929
6236VRCKit_Setup_0.2.3.exeC:\Users\admin\AppData\Local\Temp\nsl8C2A.tmp\SpiderBanner.dllexecutable
MD5:17309E33B596BA3A5693B4D3E85CF8D7
SHA256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
97
DNS requests
25
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
400
20.190.160.4:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
20.190.160.4:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
POST
400
40.126.32.140:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
40.126.32.68:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
40.126.32.72:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
  • 2.16.241.12
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.160.14
  • 20.190.160.17
  • 20.190.160.65
  • 20.190.160.130
  • 40.126.32.68
  • 40.126.32.72
  • 40.126.32.133
  • 20.190.160.3
  • 40.126.32.140
  • 40.126.32.134
  • 20.190.160.5
  • 20.190.160.4
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
self.events.data.microsoft.com
  • 20.189.173.15
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3768
VRCKit.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3768
VRCKit.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VRCKit_Setup_0.2.3.exe