File name:

Voice-Desktop-Setup-1.3.1-WindowsX64.exe

Full analysis: https://app.any.run/tasks/b040d244-5ce5-421d-bd0d-36aa05d9fdfe
Verdict: Malicious activity
Analysis date: June 21, 2025, 05:13:05
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
electron-js
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

CB713976AEC59FEF8F0319454209D3A8

SHA1:

5FA532E4AF7AA6D6B2150230C695DFEFD150AE15

SHA256:

F5C87D2D0322484E8983C53DC736ACDFC9A578FB6FF1111F51EE1BBC5D2624D0

SSDEEP:

786432:Rzp5PWlW1Q3lnGVPHDUcIeCmLQeB1v6aYutovOfvK1GM:Rzp5Z1oGlopeCsQeBZ6Futm4K1GM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • The process creates files with name similar to system file names

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Get information on the list of running processes

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)
      • cmd.exe (PID: 4460)

    • Starts CMD.EXE for commands execution

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Creates a software uninstall entry

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Application launched itself

      • Voice Desktop.exe (PID: 6424)

    • There is functionality for taking screenshot (YARA)

      • Voice Desktop.exe (PID: 1636)

    • Drops 7-zip archiver for unpacking

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Reads security settings of Internet Explorer

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Process drops legitimate windows executable

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

  • INFO

    • The sample compiled with english language support

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Checks supported languages

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)
      • Voice Desktop.exe (PID: 1128)
      • Voice Desktop.exe (PID: 6424)
      • Voice Desktop.exe (PID: 1636)
      • Voice Desktop.exe (PID: 6264)
      • Voice Desktop.exe (PID: 6532)
      • Voice Desktop.exe (PID: 4112)

    • Reads the computer name

      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)
      • Voice Desktop.exe (PID: 6424)
      • Voice Desktop.exe (PID: 1636)
      • Voice Desktop.exe (PID: 1128)
      • Voice Desktop.exe (PID: 4112)

    • Reads Environment values

      • Voice Desktop.exe (PID: 6424)

    • Manual execution by a user

      • Voice Desktop.exe (PID: 6424)

    • Reads product name

      • Voice Desktop.exe (PID: 6424)

    • ELECTRON JS mutex has been found

      • Voice Desktop.exe (PID: 6424)

    • Creates files or folders in the user directory

      • Voice Desktop.exe (PID: 6424)
      • Voice Desktop.exe (PID: 1128)
      • Voice Desktop.exe (PID: 4112)
      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Checks proxy server information

      • Voice Desktop.exe (PID: 6424)
      • slui.exe (PID: 3956)

    • Process checks computer location settings

      • Voice Desktop.exe (PID: 6264)
      • Voice Desktop.exe (PID: 6424)
      • Voice Desktop.exe (PID: 6532)

    • Create files in a temporary directory

      • Voice Desktop.exe (PID: 6424)
      • Voice-Desktop-Setup-1.3.1-WindowsX64.exe (PID: 2192)

    • Reads the software policy settings

      • Voice Desktop.exe (PID: 6424)
      • slui.exe (PID: 3956)

    • Reads the machine GUID from the registry

      • Voice Desktop.exe (PID: 6424)
      • Voice Desktop.exe (PID: 4112)

    • Node.js compiler has been detected

      • Voice Desktop.exe (PID: 1636)
      • Voice Desktop.exe (PID: 6424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.3.1.0
ProductVersionNumber: 1.3.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: jllankfo@ncsu.edu
FileDescription: An electron shell wrapper for the google voice app
FileVersion: 1.3.1
LegalCopyright: Copyright © 2022 jllankfo@ncsu.edu
ProductName: Voice Desktop
ProductVersion: 1.3.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
13
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start voice-desktop-setup-1.3.1-windowsx64.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs voice desktop.exe no specs voice desktop.exe no specs voice desktop.exe voice desktop.exe no specs comppkgsrv.exe no specs voice desktop.exe no specs slui.exe voice desktop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1128"C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,6734010905704767317,13039334910503025281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\voice-desktop-app" --mojo-platform-channel-handle=2104 /prefetch:8C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exe
Voice Desktop.exe
User:
admin
Company:
jllankfo@ncsu.edu
Integrity Level:
MEDIUM
Description:
Voice Desktop
Version:
1.3.1
Modules
Images
c:\users\admin\appdata\local\programs\voice-desktop-app\voice desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1636"C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exe" --type=gpu-process --field-trial-handle=1680,6734010905704767317,13039334910503025281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\admin\AppData\Roaming\voice-desktop-app" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exeVoice Desktop.exe
User:
admin
Company:
jllankfo@ncsu.edu
Integrity Level:
LOW
Description:
Voice Desktop
Version:
1.3.1
Modules
Images
c:\users\admin\appdata\local\programs\voice-desktop-app\voice desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1816tasklist /FI "USERNAME eq admin" /FI "IMAGENAME eq Voice Desktop.exe" C:\Windows\SysWOW64\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2192"C:\Users\admin\Desktop\Voice-Desktop-Setup-1.3.1-WindowsX64.exe" C:\Users\admin\Desktop\Voice-Desktop-Setup-1.3.1-WindowsX64.exe
explorer.exe
User:
admin
Company:
jllankfo@ncsu.edu
Integrity Level:
MEDIUM
Description:
An electron shell wrapper for the google voice app
Exit code:
0
Version:
1.3.1
Modules
Images
c:\users\admin\desktop\voice-desktop-setup-1.3.1-windowsx64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2632C:\WINDOWS\System32\find.exe "Voice Desktop.exe"C:\Windows\SysWOW64\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\find.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3956C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4112"C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exe" --type=gpu-process --field-trial-handle=1680,6734010905704767317,13039334910503025281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --user-data-dir="C:\Users\admin\AppData\Roaming\voice-desktop-app" --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3200 /prefetch:2C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exeVoice Desktop.exe
User:
admin
Company:
jllankfo@ncsu.edu
Integrity Level:
MEDIUM
Description:
Voice Desktop
Exit code:
0
Version:
1.3.1
Modules
Images
c:\users\admin\appdata\local\programs\voice-desktop-app\voice desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4460cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Voice Desktop.exe" | %SYSTEMROOT%\System32\find.exe "Voice Desktop.exe"C:\Windows\SysWOW64\cmd.exeVoice-Desktop-Setup-1.3.1-WindowsX64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4676C:\Windows\System32\CompPkgSrv.exe -EmbeddingC:\Windows\System32\CompPkgSrv.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Component Package Support Server
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\comppkgsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
Total events
9 670
Read events
9 639
Write events
13
Delete events
18

Modification events

(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:ShortcutName
Value:
Voice Desktop
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:DisplayName
Value:
Voice Desktop 1.3.1
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Uninstall Voice Desktop.exe" /currentuser
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Uninstall Voice Desktop.exe" /currentuser /S
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:DisplayVersion
Value:
1.3.1
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\voice-desktop-app\Voice Desktop.exe,0
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:Publisher
Value:
jllankfo@ncsu.edu
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:NoModify
Value:
1
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2192) Voice-Desktop-Setup-1.3.1-WindowsX64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02cbde96-4d47-53b4-bf1a-bd132c525c3d
Operation:writeName:EstimatedSize
Value:
194983
Executable files
26
Suspicious files
203
Text files
26
Unknown types
0

Dropped files

PID
Process
Filename
Type
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\app-64.7z
MD5:
SHA256:
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\7z-out\icudtl.dat
MD5:
SHA256:
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\7z-out\locales\am.pakbinary
MD5:D3C12CBCFD29ADB63F8314FE0FD3F8EC
SHA256:D61B254715FD71356B55A700B4B818C050507DED9F7474225E6E1AA1825616B5
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\7z-out\locales\bn.pakbinary
MD5:35C3DDC2656D79AF4B6F84F5C222ACBF
SHA256:C5316A524046786F7B05993B35BD4BCBEAA397B3750302E029671214E1AC5EF4
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\7z-out\chrome_100_percent.pakbinary
MD5:109EE8FFD715C63E3E2248C2AD5CA559
SHA256:B581F176C6BDBF8A152947FB37AF9C0E6D7651616408CB7312B336C37A704580
2192Voice-Desktop-Setup-1.3.1-WindowsX64.exeC:\Users\admin\AppData\Local\Temp\nsw78BB.tmp\7z-out\chrome_200_percent.pakbinary
MD5:3E50E56E351309566B7E3E5A5CA7C7B6
SHA256:ABD207D3E55F0250B27CE23F2A15B0A5FF6F769C08F54E705E2FD0273DCA5F1E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
62
DNS requests
24
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
302
142.250.185.174:443
https://voice.google.com/
unknown
GET
302
142.250.185.174:443
https://voice.google.com/u/0/about
unknown
GET
302
142.250.185.174:443
https://voice.google.com/about
unknown
GET
200
142.250.185.106:443
https://fonts.googleapis.com/css?family=Material+Icons|Material+Icons+Outlined|Google+Sans:400,500,700|Google+Sans+Text:400,500,700|Google+Sans+Display:400,500,700|Roboto:400,500,700&display=swap
unknown
text
86.5 Kb
whitelisted
GET
200
142.250.185.174:443
https://workspace.google.com/products/voice/
unknown
html
341 Kb
whitelisted
GET
200
142.250.186.161:443
https://lh3.googleusercontent.com/qFK9rG7FIJxhtRB5Wdxo0NK3tHhJ8iHMC37Z8e-rr6NpCGZm76V_xP_DuIn30uaKvaj3GIGkx6w5P3gw-nc3v8vMGJztEii40RrC=e365-pa-nu-rw-w1416
unknown
image
227 Kb
whitelisted
GET
200
142.250.74.195:443
https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css
unknown
text
8.82 Kb
whitelisted
GET
200
142.250.186.161:443
https://lh3.googleusercontent.com/FPjT1CvI7MbvZjNnqFguyvCduuhG3pq_NlyfsD_O-um8u_PbsmTonNd8OgTpG-e05jV291tVRC7HMJb1h9fJPO2PrkgRJCXwXwA1Yg=e365-pa-nu-rw-w1472
unknown
image
186 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1128
Voice Desktop.exe
142.250.186.78:443
voice.google.com
GOOGLE
US
whitelisted
1128
Voice Desktop.exe
142.250.185.174:443
workspace.google.com
GOOGLE
US
whitelisted
1128
Voice Desktop.exe
216.58.206.42:443
fonts.googleapis.com
GOOGLE
US
whitelisted
1128
Voice Desktop.exe
142.250.186.161:443
lh3.googleusercontent.com
GOOGLE
US
whitelisted
1128
Voice Desktop.exe
142.250.74.195:443
www.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
voice.google.com
  • 142.250.186.78
whitelisted
workspace.google.com
  • 142.250.185.174
whitelisted
lh3.googleusercontent.com
  • 142.250.186.161
whitelisted
fonts.googleapis.com
  • 216.58.206.42
whitelisted
www.gstatic.com
  • 142.250.74.195
whitelisted
storage.googleapis.com
  • 142.250.181.251
  • 172.217.16.219
  • 216.58.206.59
  • 216.58.212.155
  • 142.250.185.187
  • 172.217.23.123
  • 142.250.185.219
  • 172.217.18.123
  • 142.250.186.123
  • 216.58.206.91
  • 142.250.186.59
  • 142.250.185.155
  • 142.250.186.91
  • 142.250.185.251
  • 142.250.185.91
  • 142.250.185.123
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Voice-Desktop-Setup-1.3.1-WindowsX64.exe