File name:

voicemeeterprosetup.exe

Full analysis: https://app.any.run/tasks/3f1ba502-7a79-4c77-8671-0817c3514a32
Verdict: Malicious activity
Analysis date: March 13, 2026, 15:40:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

6DCC4B896EC7446DCE3530C5B0CA7C0C

SHA1:

93112D9FCFA5BCCA7D4E9E240D180059C9922F41

SHA256:

AA55DEB32C78AC7D3ABB3310EB0E95BE28B469A54CF9EA0744A0727211019A71

SSDEEP:

393216:2tf/O8x37bqhunqM5E2KpK36cgzRTgxnu5UkGMbB16SrX+:2tfG85IunqkE5Iqlz+05UklbuEO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vbregsvr64.exe (PID: 6612)
      • vbregsvr64.exe (PID: 8876)
      • vbregsvr64.exe (PID: 7020)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)
      • voicemeeterprosetup.exe (PID: 5764)

    • Drops a system driver (possible attempt to evade defenses)

      • voicemeeterprosetup.exe (PID: 5764)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)
      • drvinst.exe (PID: 7664)

    • Creates or modifies Windows services

      • voicemeeterprosetup.exe (PID: 5764)

    • Creates/Modifies COM task schedule object

      • voicemeeterprosetup.exe (PID: 5764)
      • vbregsvr64.exe (PID: 8876)
      • vbregsvr64.exe (PID: 7020)
      • vbregsvr64.exe (PID: 6612)

  • INFO

    • Reads the computer name

      • voicemeeterprosetup.exe (PID: 5764)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)
      • drvinst.exe (PID: 3236)
      • drvinst.exe (PID: 7664)
      • identity_helper.exe (PID: 4336)

    • Creates files in the program directory

      • voicemeeterprosetup.exe (PID: 5764)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)

    • Checks supported languages

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)
      • voicemeeterprosetup.exe (PID: 5764)
      • drvinst.exe (PID: 7664)
      • drvinst.exe (PID: 3236)
      • vbregsvr64.exe (PID: 8876)
      • vbregsvr64.exe (PID: 7020)
      • vbregsvr64.exe (PID: 6612)
      • identity_helper.exe (PID: 4336)

    • Reads security settings of Internet Explorer

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)
      • voicemeeterprosetup.exe (PID: 5764)

    • The sample compiled with english language support

      • voicemeeterprosetup.exe (PID: 5764)
      • drvinst.exe (PID: 7664)
      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)

    • There is functionality for taking screenshot (YARA)

      • voicemeeterprosetup.exe (PID: 5764)

    • Create files in a temporary directory

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)

    • Reads the machine GUID from the registry

      • VBVoicemeeterVAIO_Setup_x64.exe (PID: 6596)
      • drvinst.exe (PID: 7664)

    • Application launched itself

      • msedge.exe (PID: 4696)
      • msedge.exe (PID: 5868)
      • msedge.exe (PID: 1960)

    • Creates a software uninstall entry

      • voicemeeterprosetup.exe (PID: 5764)

    • Manual execution by a user

      • msedge.exe (PID: 1960)

    • Reads Environment values

      • identity_helper.exe (PID: 4336)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:12:11 14:35:07+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 160256
InitializedDataSize: 43704832
UninitializedDataSize: -
EntryPoint: 0x1c575
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.1.2.2
ProductVersionNumber: 2.1.2.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: VB-AUDIO Voicemeeter Banana Installer.
CompanyName: VB-AUDIO Software
FileDescription: VB-AUDIO Voicemeeter Banana Installer
FileVersion: 2, 1, 2, 2
InternalName: VoicemeeterProSetup
LegalCopyright: V.Burel©2013-2025
OriginalFileName: VoicemeeterProSetup.exe
ProductName: VoicemeeterProSetup
ProductVersion: 2, 1, 2, 2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
182
Monitored processes
36
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start voicemeeterprosetup.exe vbvoicemeetervaio_setup_x64.exe drvinst.exe no specs drvinst.exe no specs vbregsvr64.exe no specs vbregsvr64.exe no specs vbregsvr64.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs voicemeeterprosetup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6912,i,3861761242046783319,10789920408520276610,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
524"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x284,0x288,0x28c,0x27c,0x294,0x7ffd7097f208,0x7ffd7097f214,0x7ffd7097f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1068"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2336,i,3861761242046783319,10789920408520276610,262144 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1524"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6320,i,3861761242046783319,10789920408520276610,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
1956"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5528,i,3861761242046783319,10789920408520276610,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --disable-quic --flag-switches-end --do-not-de-elevate --single-argument https://vb-audio.com/Voicemeeter/ThankYou.htmC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3236DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\WINDOWS\INF\oem9.inf" "oem9.inf:c14ce8840c48fa1f:VBCableInst.NTamd64:3.4.1.7:vbvoicemeetervaio," "43914f2f7" "00000000000001C0"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
3544"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7076,i,3861761242046783319,10789920408520276610,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3664"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2264,i,5797218647876788952,12560804071419046533,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4020"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x1e8,0x1c0,0x1e0,0x298,0x2a4,0x7ffd7097f208,0x7ffd7097f214,0x7ffd7097f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
13 499
Read events
12 578
Write events
914
Delete events
7

Modification events

(PID) Process:(5764) voicemeeterprosetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\VB-Audio\MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(5764) voicemeeterprosetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VB-MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(5764) voicemeeterprosetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\VB-Audio\MultiCable
Operation:writeName:VBVoicemeeterVAIO_LoopBack
Value:
1
(PID) Process:(6596) VBVoicemeeterVAIO_Setup_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
(PID) Process:(3236) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{DFF21FE3-F70F-11D0-B917-00A0C9223196}\Name
Operation:writeName:Owners
Value:
oem9.inf
(PID) Process:(3236) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{DFF21FE3-F70F-11D0-B917-00A0C9223196}
Operation:writeName:Display
Value:
00000000
(PID) Process:(3236) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{DFF21FE3-F70F-11D0-B917-00A0C9223196}\Display
Operation:writeName:Owners
Value:
oem9.inf
(PID) Process:(3236) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{DFF21FE4-F70F-11D0-B917-00A0C9223196}
Operation:writeName:Name
Value:
Wave
(PID) Process:(3236) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{DFF21FE4-F70F-11D0-B917-00A0C9223196}\Name
Operation:writeName:Owners
Value:
oem9.inf
(PID) Process:(3236) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{DFF21FE4-F70F-11D0-B917-00A0C9223196}
Operation:writeName:Display
Value:
00000000
Executable files
75
Suspicious files
68
Text files
163
Unknown types
0

Dropped files

PID
Process
Filename
Type
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64arm_win10.sysexecutable
MD5:FF58D109F86F0BF8C0E4972B6A29B566
SHA256:82D9F56A9E4A51D322032BF776011E9EB92E50F7C6D436169C07648B8669C79A
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.infbinary
MD5:1156383213A6A152C29A24D991CCF663
SHA256:EC0C3295284B35E977E6CCD1E964A98D50EF7C3C1F0ADE722993EBFA613ECF6D
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\VBVoicemeeterVAIO_ControlPanel.exeexecutable
MD5:D773D44DC98035A368B8FD7419387F6E
SHA256:DCFB29B3B6B230B5B2C07349B142BAEDE1A63719341D47C1093ACA561C1E3560
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win10.sysexecutable
MD5:2A2C5F2402DE818FB76417ABD4DF5402
SHA256:51FFD18BB1530FB0452087FB1430B9CAA70F94961C84A6C50F5F657E0BF35CA8
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win7.sysexecutable
MD5:6894A36D7543AF839797E54DCA7E821D
SHA256:18936DE06D235042CF10B7CCADC074CD9FB6D4DC629CE62C7CB9BA48722FB259
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_vista.catbinary
MD5:26FCB7D43099043ADDFEEB4BF7773FB5
SHA256:3585B22F4F5851F58432DC6F9382089DC76AC161695A3D5AE4A67FDC3CCBE59D
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_win10.catbinary
MD5:3D2F04211C4710B4CC056E2773D2C535
SHA256:887B919751BAECE787E4F31FE9F8BC47C79F992CFEF05FF6F3408A948EF68094
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.catbinary
MD5:77F1688D4B28F657B08E77160418FDB5
SHA256:964B04A45B8FBB62B97D012608453265D6D2305378A2ABC8F95E5D23C93F30BE
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbvoicemeetervaio64_win10.sysexecutable
MD5:9127EFB0A17DD9A0ED1DD722B83FFF64
SHA256:12EE8D2BC7309B519E967D48894028B2A4BF44857AEB3FD18236BA24D6463BAA
5764voicemeeterprosetup.exeC:\Program Files (x86)\VB\Voicemeeter\vbaudio_vmvaio_xp.sysexecutable
MD5:73F55CA9693ABD0804D62F873D87137A
SHA256:3C391D730A3053E62EB503CD7693C2CFDC5B1BB9AFEB25757A4851774496F52B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
166
TCP/UDP connections
79
DNS requests
56
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
144
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
144
svchost.exe
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5568
SearchApp.exe
POST
204
2.16.204.154:443
https://www.bing.com/threshold/xls.aspx?t=5&dl=1&wsbc=1
NL
whitelisted
7736
slui.exe
POST
500
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
512 b
whitelisted
6080
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
2.75 Kb
whitelisted
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
2.75 Kb
whitelisted
6080
msedge.exe
GET
200
37.59.51.186:443
https://shop.vb-audio.com/thkcss.php?page=voicemeeter
FR
unknown
GET
200
13.107.213.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
144
svchost.exe
23.32.238.107:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
144
svchost.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6768
MoUsoCoreWorker.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6712
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
144
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.204.154:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
self.events.data.microsoft.com
  • 51.105.71.137
  • 52.138.229.66
whitelisted
google.com
  • 172.217.208.113
  • 172.217.208.102
  • 172.217.208.139
  • 172.217.208.138
  • 172.217.208.101
  • 172.217.208.100
whitelisted
crl.microsoft.com
  • 23.32.238.107
  • 23.32.238.153
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
www.bing.com
  • 2.16.204.154
  • 2.16.204.155
  • 2.16.204.160
  • 2.16.204.151
  • 2.16.204.158
  • 2.16.204.157
  • 2.16.204.156
  • 2.16.204.159
  • 2.16.204.161
  • 2.16.204.134
  • 2.16.204.137
  • 2.16.204.138
  • 2.16.204.135
  • 2.16.204.139
  • 2.16.204.136
  • 2.16.204.152
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
vb-audio.com
  • 144.217.77.144
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
voicemeeterprosetup.exe