File name:

VoicemeeterSetup_v1118.zip

Full analysis: https://app.any.run/tasks/fb8743d9-29ae-4ff5-a0a4-37da75c42134
Verdict: Malicious activity
Analysis date: November 14, 2024, 09:32:32
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

7CF68AC4678C93A95BFE4FDC9CB52FF1

SHA1:

18B817048A5526A55565B9F0DCCEFF5EE7069E2D

SHA256:

4CAFF8528010FB256F4021912BBEA2E213ABDD27DB1E4F0BE58124B63C2BBFF7

SSDEEP:

196608:M/K0eym05CORAZSgY4Qfdj9/KScWGFPW2zwZm2Wja9pGyFJa6HKMucUn:J015CORLgKfN9cLPumO9pw+KVr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6500)

    • Executing a file with an untrusted certificate

      • vbregsvr64.exe (PID: 6124)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • voicemeetersetup.exe (PID: 7156)

    • Creates or modifies Windows services

      • voicemeetersetup.exe (PID: 7156)
      • drvinst.exe (PID: 7040)

    • Drops a system driver (possible attempt to evade defenses)

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Executable content was dropped or overwritten

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Reads security settings of Internet Explorer

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

    • Creates files in the driver directory

      • drvinst.exe (PID: 6236)

    • Creates/Modifies COM task schedule object

      • voicemeetersetup.exe (PID: 7156)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 6236)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

  • INFO

    • Manual execution by a user

      • voicemeetersetup.exe (PID: 7156)
      • voicemeetersetup.exe (PID: 3104)
      • msedge.exe (PID: 6684)

    • Reads the computer name

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 7040)
      • drvinst.exe (PID: 6236)

    • Checks supported languages

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)
      • drvinst.exe (PID: 7040)

    • Creates files in the program directory

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

    • Reads the software policy settings

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Reads the machine GUID from the registry

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Application launched itself

      • msedge.exe (PID: 916)
      • msedge.exe (PID: 6684)

    • Create files in a temporary directory

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:10:28 14:52:30
ZipCRC: 0xd256d3b4
ZipCompressedSize: 25377881
ZipUncompressedSize: 25922816
ZipFileName: voicemeetersetup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
38
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs voicemeetersetup.exe no specs THREAT voicemeetersetup.exe vbvoicemeetervaio_setup_x64.exe drvinst.exe drvinst.exe no specs vbregsvr64.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2448 --field-trial-handle=2200,i,16631045879372404798,13451372402053076168,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
916"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vb-audio.com/Voicemeeter/ThankYou.htmC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exevoicemeetersetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1584"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3104"C:\Users\admin\Desktop\voicemeetersetup.exe" C:\Users\admin\Desktop\voicemeetersetup.exeexplorer.exe
User:
admin
Company:
VB-AUDIO Software
Integrity Level:
MEDIUM
Description:
VB-AUDIO Voicemeeter Installer
Exit code:
3221226540
Version:
1, 1, 1, 8
Modules
Images
c:\users\admin\desktop\voicemeetersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3828"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2324 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3932"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3944"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2396 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4004"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5180 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 955
Read events
9 081
Write events
868
Delete events
6

Modification events

(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\VoicemeeterSetup_v1118.zip
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7156) voicemeetersetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\VB-Audio\MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(7156) voicemeetersetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VB-MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(7156) voicemeetersetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\VB-Audio\MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(4076) VBVoicemeeterVAIO_Setup_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
Executable files
46
Suspicious files
75
Text files
54
Unknown types
0

Dropped files

PID
Process
Filename
Type
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio64_win10.sysexecutable
MD5:8DDE138459B33B0C105EBCCC233A670F
SHA256:C8D985AD4E3B52A9E2F77F6DDE28EFFB66DAC9F607892855E89E87EC269677CF
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win10.sysexecutable
MD5:2A2C5F2402DE818FB76417ABD4DF5402
SHA256:51FFD18BB1530FB0452087FB1430B9CAA70F94961C84A6C50F5F657E0BF35CA8
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\VBVoicemeeterVAIO_ControlPanel.exeexecutable
MD5:2EE6E73B9337D831E3AB1C7AC0B3AF8F
SHA256:EFB5C84AB1A387FC680BD06EC506945EF051EA81D7D4BD5B85CA7603091882EC
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_vista.sysexecutable
MD5:9C7151F2C71A32B9A5C3B346115CCAC1
SHA256:920CF5BCFF0B07C256249ABAEA07A88EAB059CE8FDA4800F29A9F5328E94EB10
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.sysexecutable
MD5:7B5EE055A6EB1CDFED33D956D3A0DF99
SHA256:4A5F7AEFABC6AAD36326356DAFDA76726B2E71F0CC21922C54979395F1D0970C
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_xp.sysexecutable
MD5:73F55CA9693ABD0804D62F873D87137A
SHA256:3C391D730A3053E62EB503CD7693C2CFDC5B1BB9AFEB25757A4851774496F52B
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win7.sysexecutable
MD5:6894A36D7543AF839797E54DCA7E821D
SHA256:18936DE06D235042CF10B7CCADC074CD9FB6D4DC629CE62C7CB9BA48722FB259
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\VBVoicemeeterVAIO_Setup_x64.exeexecutable
MD5:F2ADD656A75CD81ABF4A8980634E92A1
SHA256:28C6409A5CCEBB1F83DC25660D800F95C22CA5EFF05978F4E3BC780A50D37B61
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win7.catbinary
MD5:C198554A07C2BC2AD558FE2B1CE3F1AD
SHA256:03A42533F2C024DB1800F063F6403F4C27630DFAEDD061D215DDE1F8ADDADCFF
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_vista.catbinary
MD5:26FCB7D43099043ADDFEEB4BF7773FB5
SHA256:3585B22F4F5851F58432DC6F9382089DC76AC161695A3D5AE4A67FDC3CCBE59D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
60
DNS requests
34
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1584
RUXIMICS.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1584
RUXIMICS.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
GET
51.68.204.93:443
https://vb-audio.com/Voicemeeter/ThankYou.htm
unknown
GET
200
204.79.197.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
1.66 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1584
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.23.209.140:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1584
RUXIMICS.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
6944
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.140
  • 2.23.209.137
  • 2.23.209.135
  • 2.23.209.133
  • 2.23.209.143
  • 2.23.209.141
  • 2.23.209.130
  • 2.23.209.149
  • 2.23.209.142
  • 104.126.37.163
  • 104.126.37.186
  • 104.126.37.184
  • 104.126.37.168
  • 104.126.37.170
  • 104.126.37.185
  • 104.126.37.128
  • 104.126.37.179
  • 104.126.37.171
  • 104.126.37.152
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.153
  • 104.126.37.146
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
self.events.data.microsoft.com
  • 13.89.179.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
vb-audio.com
  • 51.68.204.93
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VoicemeeterSetup_v1118.zip