Malware analysis voicewave_installer_20240128.952567.exe Malicious activity

Add for printing

File name:	voicewave_installer_20240128.952567.exe
Full analysis:	https://app.any.run/tasks/ba15084d-9812-48b0-bf62-d415153a284c
Verdict:	Malicious activity
Analysis date:	January 29, 2024, 02:44:46
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:	B9C9B4EDF5B65D3C91F8A4555587EBF2
SHA1:	9B09FB75266F44CA2A893D787BBE679AADD4F402
SHA256:	D101B0A989E1B3001A705A5151AA47E837B6070ED0C0823284A90518EDC17773
SSDEEP:	98304:87VERwrWzXcao6n7LoyEnZKDxUQAKDTS4MZ6N2mp5EaxbGnl+tNf/xUKkO:xh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - voicewave_installer_20240128.952567.exe (PID: 2692)
  - evw_free_easeus.exe (PID: 1408)
  - evw_free_easeus.tmp (PID: 2656)
  - devconX86.exe (PID: 1316)
  - drvinst.exe (PID: 956)
- Actions looks like stealing of personal data
  - evw_free_easeus.tmp (PID: 2656)
  - easeus.voicewave.exe (PID: 3476)
- Creates a writable file in the system directory
  - drvinst.exe (PID: 956)
SUSPICIOUS
- Executable content was dropped or overwritten
  - voicewave_installer_20240128.952567.exe (PID: 2692)
  - evw_free_easeus.exe (PID: 1408)
  - evw_free_easeus.tmp (PID: 2656)
  - devconX86.exe (PID: 1316)
  - drvinst.exe (PID: 956)
- Reads the Internet Settings
  - EDownloader.exe (PID: 1880)
  - AliyunWrapExe.Exe (PID: 568)
  - powershell.exe (PID: 3644)
  - evw_free_easeus.tmp (PID: 2656)
  - AliyunWrapExe.Exe (PID: 3804)
- Reads Internet Explorer settings
  - EDownloader.exe (PID: 1880)
- Reads Microsoft Outlook installation path
  - EDownloader.exe (PID: 1880)
- The process drops C-runtime libraries
  - evw_free_easeus.tmp (PID: 2656)
- Starts POWERSHELL.EXE for commands execution
  - evw_free_easeus.tmp (PID: 2656)
- Using PowerShell to operate with local accounts
  - powershell.exe (PID: 3644)
- Drops a system driver (possible attempt to evade defenses)
  - evw_free_easeus.tmp (PID: 2656)
  - devconX86.exe (PID: 1316)
  - drvinst.exe (PID: 956)
- Reads the Windows owner or organization settings
  - evw_free_easeus.tmp (PID: 2656)
- Process drops legitimate windows executable
  - evw_free_easeus.tmp (PID: 2656)
- Searches for installed software
  - EDownloader.exe (PID: 1880)
- Checks Windows Trust Settings
  - devconX86.exe (PID: 1316)
  - drvinst.exe (PID: 956)
- Reads security settings of Internet Explorer
  - devconX86.exe (PID: 1316)
- Reads settings of System Certificates
  - devconX86.exe (PID: 1316)
- Creates files in the driver directory
  - drvinst.exe (PID: 956)
INFO
- Checks supported languages
  - voicewave_installer_20240128.952567.exe (PID: 2692)
  - EDownloader.exe (PID: 1880)
  - InfoForSetup.exe (PID: 2780)
  - InfoForSetup.exe (PID: 2064)
  - AliyunWrapExe.Exe (PID: 568)
  - InfoForSetup.exe (PID: 2388)
  - InfoForSetup.exe (PID: 3400)
  - InfoForSetup.exe (PID: 3040)
  - InfoForSetup.exe (PID: 3052)
  - InfoForSetup.exe (PID: 128)
  - evw_free_easeus.exe (PID: 1408)
  - evw_free_easeus.tmp (PID: 2656)
  - FireWallAssist.exe (PID: 3480)
  - EUinApp.exe (PID: 3608)
  - FireWallAssist.exe (PID: 3928)
  - SetupUE.exe (PID: 4012)
  - InfoForSetup.exe (PID: 2996)
  - AliyunWrapExe.Exe (PID: 3804)
  - InfoForSetup.exe (PID: 2132)
  - InfoForSetup.exe (PID: 2044)
  - InfoForSetup.exe (PID: 3956)
  - InfoForSetup.exe (PID: 2472)
  - EuDownload.exe (PID: 3052)
  - InfoForSetup.exe (PID: 2524)
  - easeus.voicewave.exe (PID: 3476)
  - EuDownload.exe (PID: 2372)
  - InfoForSetup.exe (PID: 3148)
  - devconX86.exe (PID: 1044)
  - devconX86.exe (PID: 1316)
  - easeus.evw.vchanger.exe (PID: 3132)
  - drvinst.exe (PID: 956)
  - drvinst.exe (PID: 996)
  - EuDownload.exe (PID: 1820)
  - EuDownload.exe (PID: 2068)
  - EuDownload.exe (PID: 3012)
  - EuDownload.exe (PID: 3696)
  - EuDownload.exe (PID: 3116)
- Reads the computer name
  - voicewave_installer_20240128.952567.exe (PID: 2692)
  - AliyunWrapExe.Exe (PID: 568)
  - EDownloader.exe (PID: 1880)
  - FireWallAssist.exe (PID: 3928)
  - FireWallAssist.exe (PID: 3480)
  - evw_free_easeus.tmp (PID: 2656)
  - InfoForSetup.exe (PID: 2996)
  - AliyunWrapExe.Exe (PID: 3804)
  - SetupUE.exe (PID: 4012)
  - easeus.voicewave.exe (PID: 3476)
  - EuDownload.exe (PID: 2372)
  - EuDownload.exe (PID: 3052)
  - devconX86.exe (PID: 1316)
  - easeus.evw.vchanger.exe (PID: 3132)
  - devconX86.exe (PID: 1044)
  - drvinst.exe (PID: 956)
  - drvinst.exe (PID: 996)
  - EuDownload.exe (PID: 1820)
  - EuDownload.exe (PID: 2068)
  - EuDownload.exe (PID: 3012)
  - EuDownload.exe (PID: 3116)
  - EuDownload.exe (PID: 3696)
- Create files in a temporary directory
  - InfoForSetup.exe (PID: 2388)
  - EDownloader.exe (PID: 1880)
  - voicewave_installer_20240128.952567.exe (PID: 2692)
  - AliyunWrapExe.Exe (PID: 568)
  - evw_free_easeus.exe (PID: 1408)
  - evw_free_easeus.tmp (PID: 2656)
  - easeus.voicewave.exe (PID: 3476)
  - devconX86.exe (PID: 1316)
  - easeus.evw.vchanger.exe (PID: 3132)
  - EuDownload.exe (PID: 1820)
  - EuDownload.exe (PID: 2068)
  - EuDownload.exe (PID: 3012)
  - EuDownload.exe (PID: 3696)
  - EuDownload.exe (PID: 3116)
- Reads the machine GUID from the registry
  - AliyunWrapExe.Exe (PID: 568)
  - EDownloader.exe (PID: 1880)
  - AliyunWrapExe.Exe (PID: 3804)
  - easeus.voicewave.exe (PID: 3476)
  - SetupUE.exe (PID: 4012)
  - devconX86.exe (PID: 1316)
  - drvinst.exe (PID: 956)
- Creates files or folders in the user directory
  - AliyunWrapExe.Exe (PID: 568)
  - AliyunWrapExe.Exe (PID: 3804)
  - easeus.evw.vchanger.exe (PID: 3132)
- Checks proxy server information
  - AliyunWrapExe.Exe (PID: 568)
  - EDownloader.exe (PID: 1880)
  - AliyunWrapExe.Exe (PID: 3804)
- Creates files in the program directory
  - evw_free_easeus.tmp (PID: 2656)
  - InfoForSetup.exe (PID: 2132)
  - EuDownload.exe (PID: 3052)
  - easeus.voicewave.exe (PID: 3476)
  - AliyunWrapExe.Exe (PID: 3804)
  - EuDownload.exe (PID: 2372)
  - easeus.evw.vchanger.exe (PID: 3132)
  - devconX86.exe (PID: 1316)
- Application launched itself
  - msedge.exe (PID: 2932)
  - msedge.exe (PID: 3620)
- Manual execution by a user
  - msedge.exe (PID: 3620)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (67.4)
.dll	\|	Win32 Dynamic Link Library (generic) (14.2)
.exe	\|	Win32 Executable (generic) (9.7)
.exe	\|	Generic Win/DOS Executable (4.3)
.exe	\|	DOS Executable Generic (4.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2018:01:30 04:57:48+01:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	26624
InitializedDataSize:	186368
UninitializedDataSize:	2048
EntryPoint:	0x338f
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

119

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

128

/SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/evw/free/voicewave2.6.1_free.exe\",\"Pageid\":\"952567\",\"Testid\":\"\",\"Version\":\"free\",\"Versionnumber\":\"2.6.1\"}"

C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe

—

EDownloader.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\downloader_easeus\1.0.0\46free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

568

C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\aliyun\AliyunWrapExe.Exe

InfoForSetup.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\downloader_easeus\1.0.0\46free\aliyun\aliyunwrapexe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\downloader_easeus\1.0.0\46free\aliyun\aliyunwrap.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll

876

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1352,i,1188440511298948833,15837431497202935804,131072 /prefetch:3

C:\Program Files\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

956

DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{46030924-64b9-6e81-e5b8-7c57d4c65547}\virtualmic.inf" "0" "677c6effb" "000005D0" "WinSta0\Default" "00000550" "208" "c:\program files\easeus\voicewave\bin\driver\x86"

C:\Windows\System32\drvinst.exe

svchost.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Driver Installation Module

Exit code:

3758096964

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

984

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1352,i,1188440511298948833,15837431497202935804,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

996

DrvInst.exe "3" "201" "ROOT\MEDIA\0000" "" "" "677c6effb" "000005D0" "000005FC" "000005F8"

C:\Windows\System32\drvinst.exe

—

svchost.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Driver Installation Module

Exit code:

3758096921

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1044

"C:\Program Files\EaseUS\VoiceWave\bin\devconX86.exe" remove "Root\VirtualMic"

C:\Program Files\EaseUS\VoiceWave\bin\devconX86.exe

—

easeus.voicewave.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Device Console

Exit code:

Version:

10.0.22621.382 (WinBuild.160101.0800)

Modules

Images
c:\program files\easeus\voicewave\bin\devconx86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll

1112

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1352,i,1188440511298948833,15837431497202935804,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1316

"C:\Program Files\EaseUS\VoiceWave\bin\devconX86.exe" install "C:\Program Files\EaseUS\VoiceWave\bin\Driver\X86\VirtualMic.inf" "Root\VirtualMic"

C:\Program Files\EaseUS\VoiceWave\bin\devconX86.exe

easeus.voicewave.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Device Console

Exit code:

Version:

10.0.22621.382 (WinBuild.160101.0800)

Modules

Images
c:\program files\easeus\voicewave\bin\devconx86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll

1348

rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{3e58ec8a-ffa5-460b-858c-17daa641b3c7} "(null)"

C:\Windows\System32\rundll32.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows host process (Rundll32)

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll

Add for printing

Total events

14 557

Read events

14 385

Write events

166

Delete events

Modification events


(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCC67766-6201-4AD1-A6B8-2F4553C93D47}
Operation:	write	Name:	WpadDecisionReason
Value: 1
(PID) Process:	(568) AliyunWrapExe.Exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCC67766-6201-4AD1-A6B8-2F4553C93D47}
Operation:	write	Name:	WpadDecisionTime
Value: 54DA2A255D52DA01

Add for printing

Executable files

356

Suspicious files

197

Text files

1 190

Unknown types

Dropped files

PID	Process	Filename		Type
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\Spanish.ini		text
		MD5:145296CDE8F91D3D2E38825966DC06CB	SHA256:812B079B1988194AA67F5729BA4E945A81DB9B004A29500F9AD951DAEE097829
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\aliyun\AliyunWrapExe.exe		executable
		MD5:1B6DA142052F6736F7A657149DE75BEE	SHA256:015B2652280118C2C5016FEC99FC542E32FD39DDFC9DF513FE49677FC9BF6D42
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\Japanese.ini		text
		MD5:AD5ECE381DB4106E13640E46ADE6C460	SHA256:020526525424A57FEC4101997D272DFC2B83A8D57456C2C245A56D68E4B4E317
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\Italian.ini		text
		MD5:ECD3A477C69A9AC24C0CE38FA4EC6228	SHA256:31CA5A5F382CAEDAD0883FA8FF3D3CA039056497D8D9EA05AE82230CD0D63185
1880	EDownloader.exe	C:\Users\admin\AppData\Local\Temp\evw_free_easeus.exe.temp		—
		MD5:—	SHA256:—
1880	EDownloader.exe	C:\Users\admin\AppData\Local\Temp\evw_free_easeus.exe		—
		MD5:—	SHA256:—
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\EDownloader.exe		executable
		MD5:4EF50A03EDFEFBF87998B95C222B80F9	SHA256:21E80AF367881F498233263275C57C6063999111FF5105011EAFBACC00964230
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\skin.zip		compressed
		MD5:FAC982630F0164A0A84202D09FF449BB	SHA256:A19130389B44E30F7C54CA71A4A6C161B5B6A9E81EFDBC25BA976CE6628C2927
2692	voicewave_installer_20240128.952567.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\downloader.ico		image
		MD5:C1D33EAFC115D1AF1C829F8558F3321F	SHA256:09A774165078362F091EA3988E89F378EA05EA04A9F9BF84F8D1F55FA6CDC1FB
1880	EDownloader.exe	C:\Users\admin\AppData\Local\Temp\downloader_easeus\1.0.0\46free\EasyLog.log		text
		MD5:5E6720D90CA5BD12FF6E9D1A804DA3F5	SHA256:8D2ABAD41DF08287119B330D57BB2F7DA68AD49D1AC46A49434C6D1680BC205C

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

101

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
568	AliyunWrapExe.Exe	GET	200	163.171.156.15:80	http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=0	unknown	binary	21 b	unknown
568	AliyunWrapExe.Exe	POST	200	47.252.97.15:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_downloader/shards/lb	unknown	—	—	unknown
1880	EDownloader.exe	POST	200	143.204.98.3:80	http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/	unknown	binary	491 b	unknown
568	AliyunWrapExe.Exe	POST	200	47.252.97.15:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_downloader/shards/lb	unknown	—	—	unknown
568	AliyunWrapExe.Exe	POST	200	47.252.97.15:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_downloader/shards/lb	unknown	—	—	unknown
568	AliyunWrapExe.Exe	POST	200	47.252.97.15:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_downloader/shards/lb	unknown	—	—	unknown
568	AliyunWrapExe.Exe	POST	200	47.252.97.212:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_downloader/shards/lb	unknown	—	—	unknown
3804	AliyunWrapExe.Exe	POST	200	47.252.97.212:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_ip/shards/lb	unknown	—	—	unknown
568	AliyunWrapExe.Exe	POST	200	47.252.97.212:80	http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_voicewave_downloader/shards/lb	unknown	—	—	unknown
3804	AliyunWrapExe.Exe	GET	200	163.171.156.15:80	http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=0	unknown	binary	21 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
1880	EDownloader.exe	143.204.98.3:80	download.easeus.com	AMAZON-02	US	whitelisted
568	AliyunWrapExe.Exe	163.171.156.15:80	track.easeus.com	QUANTILNETWORKS	DE	unknown
568	AliyunWrapExe.Exe	47.252.97.15:80	easeusinfo.us-east-1.log.aliyuncs.com	Alibaba US Technology Co., Ltd.	US	unknown
1880	EDownloader.exe	18.66.112.6:443	d1.easeus.com	AMAZON-02	US	unknown
568	AliyunWrapExe.Exe	47.252.97.212:80	easeusinfo.us-east-1.log.aliyuncs.com	Alibaba US Technology Co., Ltd.	US	unknown
3804	AliyunWrapExe.Exe	163.171.156.15:80	track.easeus.com	QUANTILNETWORKS	DE	unknown
3804	AliyunWrapExe.Exe	47.252.97.212:80	easeusinfo.us-east-1.log.aliyuncs.com	Alibaba US Technology Co., Ltd.	US	unknown

DNS requests

Domain	IP	Reputation
download.easeus.com	143.204.98.3 143.204.98.21 143.204.98.43 143.204.98.38	unknown
track.easeus.com	163.171.156.15	unknown
easeusinfo.us-east-1.log.aliyuncs.com	47.252.97.15 47.252.97.14 47.252.97.13 47.252.97.12 47.252.97.11 47.252.97.10 47.252.97.9 47.252.97.8 47.252.97.212	unknown
d1.easeus.com	18.66.112.6 18.66.112.125 18.66.112.38 18.66.112.111	unknown
multimedia.easeus.com	104.18.2.193 104.18.3.193	unknown
config.edge.skype.com	13.107.42.16	whitelisted
edge.microsoft.com	204.79.197.239 13.107.21.239	whitelisted
nav-edge.smartscreen.microsoft.com	20.166.151.106	whitelisted
data-edge.smartscreen.microsoft.com	20.23.107.164	whitelisted
www.easeus.com	104.18.18.71 104.18.19.71	whitelisted

Threats

No threats detected

Add for printing

Process	Message
EDownloader.exe	[2724]-02:44:56:485 ParseCmdLine param=EXEDIR=C:\Users\admin\AppData\Local\Temp \|\|\| EXENAME=voicewave_installer_20240128.952567.exe \|\|\| DOWNLOAD_VERSION=free \|\|\| PRODUCT_VERSION=1.0.0 \|\|\| INSTALL_TYPE=0
EDownloader.exe	[2724]-02:44:56:516 Install recomand return=259
EDownloader.exe	[2724]-02:44:56:813 Install recomand return=259
EDownloader.exe	[2316]-02:44:56:844 PostData Start download url=http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/ param=exeNumber=952567&lang=English&pcVersion=home&pid=46&tid=1&version=free
EDownloader.exe	[2316]-02:44:57:954 Json parse Data Start
EDownloader.exe	[2724]-02:44:57:954 download parm : exeNumber=952567&lang=English&pcVersion=home&pid=46&tid=1&version=free
EDownloader.exe	[2316]-02:44:57:954 Json parse Data end
EDownloader.exe	[2724]-02:44:57:954 CHttpHelper::GetDownloadInfo 45 download info code:0
EDownloader.exe	[2724]-02:44:57:954 download url : http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/
EDownloader.exe	[2724]-02:44:57:954 Install recomand return=259

General Info

voicewave_installer_20240128.952567.exe

B9C9B4EDF5B65D3C91F8A4555587EBF2

9B09FB75266F44CA2A893D787BBE679AADD4F402

D101B0A989E1B3001A705A5151AA47E837B6070ED0C0823284A90518EDC17773

98304:87VERwrWzXcao6n7LoyEnZKDxUQAKDTS4MZ6N2mp5EaxbGnl+tNf/xUKkO:xh

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Actions looks like stealing of personal data

Creates a writable file in the system directory

SUSPICIOUS

Executable content was dropped or overwritten

Reads the Internet Settings

Reads Internet Explorer settings

Reads Microsoft Outlook installation path

The process drops C-runtime libraries

Starts POWERSHELL.EXE for commands execution

Using PowerShell to operate with local accounts

Drops a system driver (possible attempt to evade defenses)

Reads the Windows owner or organization settings

Process drops legitimate windows executable

Searches for installed software

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Reads settings of System Certificates

Creates files in the driver directory

INFO

Checks supported languages

Reads the computer name

Create files in a temporary directory

Reads the machine GUID from the registry

Creates files or folders in the user directory

Checks proxy server information

Creates files in the program directory

Application launched itself

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings