File name:

VoicemeeterSetup_v1118.zip

Full analysis: https://app.any.run/tasks/fb8743d9-29ae-4ff5-a0a4-37da75c42134
Verdict: Malicious activity
Analysis date: November 14, 2024, 09:32:32
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

7CF68AC4678C93A95BFE4FDC9CB52FF1

SHA1:

18B817048A5526A55565B9F0DCCEFF5EE7069E2D

SHA256:

4CAFF8528010FB256F4021912BBEA2E213ABDD27DB1E4F0BE58124B63C2BBFF7

SSDEEP:

196608:M/K0eym05CORAZSgY4Qfdj9/KScWGFPW2zwZm2Wja9pGyFJa6HKMucUn:J015CORLgKfN9cLPumO9pw+KVr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6500)

    • Executing a file with an untrusted certificate

      • vbregsvr64.exe (PID: 6124)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • There is functionality for taking screenshot (YARA)

      • voicemeetersetup.exe (PID: 7156)

    • Creates or modifies Windows services

      • voicemeetersetup.exe (PID: 7156)
      • drvinst.exe (PID: 7040)

    • Drops a system driver (possible attempt to evade defenses)

      • voicemeetersetup.exe (PID: 7156)
      • drvinst.exe (PID: 6236)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

    • Checks Windows Trust Settings

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Reads security settings of Internet Explorer

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

    • Creates files in the driver directory

      • drvinst.exe (PID: 6236)

    • Creates/Modifies COM task schedule object

      • voicemeetersetup.exe (PID: 7156)

  • INFO

    • Creates files in the program directory

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

    • Manual execution by a user

      • voicemeetersetup.exe (PID: 7156)
      • voicemeetersetup.exe (PID: 3104)
      • msedge.exe (PID: 6684)

    • Checks supported languages

      • voicemeetersetup.exe (PID: 7156)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)
      • drvinst.exe (PID: 7040)

    • Reads the computer name

      • voicemeetersetup.exe (PID: 7156)
      • drvinst.exe (PID: 6236)
      • drvinst.exe (PID: 7040)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)

    • Reads the machine GUID from the registry

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Reads the software policy settings

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
      • drvinst.exe (PID: 6236)

    • Application launched itself

      • msedge.exe (PID: 6684)
      • msedge.exe (PID: 916)

    • Create files in a temporary directory

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 4076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:10:28 14:52:30
ZipCRC: 0xd256d3b4
ZipCompressedSize: 25377881
ZipUncompressedSize: 25922816
ZipFileName: voicemeetersetup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
38
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs voicemeetersetup.exe no specs THREAT voicemeetersetup.exe vbvoicemeetervaio_setup_x64.exe drvinst.exe drvinst.exe no specs vbregsvr64.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2448 --field-trial-handle=2200,i,16631045879372404798,13451372402053076168,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
916"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vb-audio.com/Voicemeeter/ThankYou.htmC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exevoicemeetersetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1584"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3104"C:\Users\admin\Desktop\voicemeetersetup.exe" C:\Users\admin\Desktop\voicemeetersetup.exeexplorer.exe
User:
admin
Company:
VB-AUDIO Software
Integrity Level:
MEDIUM
Description:
VB-AUDIO Voicemeeter Installer
Exit code:
3221226540
Version:
1, 1, 1, 8
Modules
Images
c:\users\admin\desktop\voicemeetersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3828"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2324 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3932"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3944"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2396 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4004"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5180 --field-trial-handle=2336,i,4090311970322027310,8365661792813997430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 955
Read events
9 081
Write events
868
Delete events
6

Modification events

(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\VoicemeeterSetup_v1118.zip
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6500) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7156) voicemeetersetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\VB-Audio\MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(7156) voicemeetersetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VB-MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(7156) voicemeetersetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\VB-Audio\MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(4076) VBVoicemeeterVAIO_Setup_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
Executable files
46
Suspicious files
75
Text files
54
Unknown types
0

Dropped files

PID
Process
Filename
Type
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.catbinary
MD5:F66F7FD3382B8957BC0FCEDEFFC27AB6
SHA256:185B20BDC85DD938E5B55365CA4DED7954990382286CA6AADAB830E38DAF6B0E
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\VBVoicemeeterVAIO_ControlPanel.exeexecutable
MD5:2EE6E73B9337D831E3AB1C7AC0B3AF8F
SHA256:EFB5C84AB1A387FC680BD06EC506945EF051EA81D7D4BD5B85CA7603091882EC
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.sysexecutable
MD5:7B5EE055A6EB1CDFED33D956D3A0DF99
SHA256:4A5F7AEFABC6AAD36326356DAFDA76726B2E71F0CC21922C54979395F1D0970C
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.infbinary
MD5:53818C8C4412DB29FE6CCCDC178697A0
SHA256:B11869666C8CA900315E7DD331761B714BDA10059A372F9CF47CD074520C8374
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\VBVoicemeeterVAIO_Setup_x64.exeexecutable
MD5:F2ADD656A75CD81ABF4A8980634E92A1
SHA256:28C6409A5CCEBB1F83DC25660D800F95C22CA5EFF05978F4E3BC780A50D37B61
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win10.catbinary
MD5:3D2F04211C4710B4CC056E2773D2C535
SHA256:887B919751BAECE787E4F31FE9F8BC47C79F992CFEF05FF6F3408A948EF68094
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64arm_win10.sysexecutable
MD5:4F738A07DBAE7B845A5A383118D5E8E2
SHA256:7852EF150E0B61206949BBBF5F6982D97333DBC3B84EB01CC79D727C6A6EBABB
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_vista.sysexecutable
MD5:9C7151F2C71A32B9A5C3B346115CCAC1
SHA256:920CF5BCFF0B07C256249ABAEA07A88EAB059CE8FDA4800F29A9F5328E94EB10
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win10.sysexecutable
MD5:2A2C5F2402DE818FB76417ABD4DF5402
SHA256:51FFD18BB1530FB0452087FB1430B9CAA70F94961C84A6C50F5F657E0BF35CA8
7156voicemeetersetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win7.catbinary
MD5:C198554A07C2BC2AD558FE2B1CE3F1AD
SHA256:03A42533F2C024DB1800F063F6403F4C27630DFAEDD061D215DDE1F8ADDADCFF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
60
DNS requests
34
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1584
RUXIMICS.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1584
RUXIMICS.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
unknown
GET
51.68.204.93:443
https://vb-audio.com/Voicemeeter/ThankYou.htm
unknown
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
POST
204
104.126.37.128:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1584
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.23.209.140:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1584
RUXIMICS.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
6944
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.140
  • 2.23.209.137
  • 2.23.209.135
  • 2.23.209.133
  • 2.23.209.143
  • 2.23.209.141
  • 2.23.209.130
  • 2.23.209.149
  • 2.23.209.142
  • 104.126.37.163
  • 104.126.37.186
  • 104.126.37.184
  • 104.126.37.168
  • 104.126.37.170
  • 104.126.37.185
  • 104.126.37.128
  • 104.126.37.179
  • 104.126.37.171
  • 104.126.37.152
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.153
  • 104.126.37.146
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
self.events.data.microsoft.com
  • 13.89.179.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
vb-audio.com
  • 51.68.204.93
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VoicemeeterSetup_v1118.zip