File name:

scp_visual.exe.zip

Full analysis: https://app.any.run/tasks/24b64194-e30a-4bc4-b3b0-2fbfbaf67963
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: December 11, 2024, 08:46:53
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
evasion
ransomware
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

6CCFC286DCF77A37A9B2AE41036A8CE6

SHA1:

381DD90D2D1C1DFE6C55DB559839DC17FA3F5C81

SHA256:

108BAAC62A51AC89C781568BB728385949812F0D7F9B3C8E5FE570A45FA71313

SSDEEP:

768:3+NbgPurrzjEy6V8mkNevM+gVOcmoZvKSzAybdH9om0Cieqln:BPcoDkn+5oZvKSzH9omvjg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6476)

    • Renames files like ransomware

      • scp_visual.exe (PID: 6176)

    • Starts CMD.EXE for self-deleting

      • scp_visual.exe (PID: 6176)

    • Deletes shadow copies

      • cmd.exe (PID: 4592)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • scp_visual.exe (PID: 4264)
      • scp_visual.exe (PID: 6176)

    • Executes as Windows Service

      • vds.exe (PID: 6360)
      • wbengine.exe (PID: 7140)
      • VSSVC.exe (PID: 6260)

    • Start notepad (likely ransomware note)

      • scp_visual.exe (PID: 6176)

    • Checks Windows Trust Settings

      • scp_visual.exe (PID: 6176)

    • Checks for external IP

      • svchost.exe (PID: 2192)
      • scp_visual.exe (PID: 6176)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 2324)

    • Sets range of bytes to zero

      • fsutil.exe (PID: 2744)

    • Starts CMD.EXE for commands execution

      • scp_visual.exe (PID: 6176)

    • Application launched itself

      • scp_visual.exe (PID: 4264)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6476)

    • Reads the machine GUID from the registry

      • scp_visual.exe (PID: 4264)
      • OfficeClickToRun.exe (PID: 6816)
      • scp_visual.exe (PID: 6176)

    • The process uses the downloaded file

      • scp_visual.exe (PID: 4264)
      • WinRAR.exe (PID: 6476)
      • scp_visual.exe (PID: 6176)

    • Manual execution by a user

      • scp_visual.exe (PID: 4264)

    • Reads the computer name

      • scp_visual.exe (PID: 4264)
      • OfficeClickToRun.exe (PID: 6816)

    • Checks supported languages

      • scp_visual.exe (PID: 4264)
      • OfficeClickToRun.exe (PID: 6816)
      • scp_visual.exe (PID: 6176)

    • Process checks computer location settings

      • scp_visual.exe (PID: 4264)
      • scp_visual.exe (PID: 6176)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 4724)
      • notepad.exe (PID: 2380)

    • Executes as Windows Service

      • OfficeClickToRun.exe (PID: 6816)

    • Reads Microsoft Office registry keys

      • OfficeClickToRun.exe (PID: 6816)

    • Checks proxy server information

      • OfficeClickToRun.exe (PID: 6816)
      • scp_visual.exe (PID: 6176)

    • Creates files in the program directory

      • scp_visual.exe (PID: 6176)

    • Reads the software policy settings

      • scp_visual.exe (PID: 6176)

    • Reads Windows Product ID

      • scp_visual.exe (PID: 6176)

    • Sends debugging messages

      • wbadmin.exe (PID: 6732)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 2024:11:21 21:47:30
ZipCRC: 0x98ab0491
ZipCompressedSize: 31768
ZipUncompressedSize: 50688
ZipFileName: scp_visual.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
20
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs scp_visual.exe no specs scp_visual.exe cmd.exe no specs conhost.exe no specs vssadmin.exe no specs vssvc.exe no specs wbadmin.exe wbengine.exe no specs vdsldr.exe no specs vds.exe no specs wmic.exe no specs officeclicktorun.exe notepad.exe no specs svchost.exe cmd.exe no specs conhost.exe no specs ping.exe no specs fsutil.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2324C:\WINDOWS\system32\cmd.exe /c ping 1.1.1.1 -n 5 & fsutil file setZeroData offset=0 length=131072 "C:\Users\admin\Downloads\scp_visual.exe" & del /q /f "C:\Users\admin\Downloads\scp_visual.exe"C:\Windows\SysWOW64\cmd.exescp_visual.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2380"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\+README-WARNING+.txtC:\Windows\SysWOW64\notepad.exescp_visual.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
2744fsutil file setZeroData offset=0 length=131072 "C:\Users\admin\Downloads\scp_visual.exe" C:\Windows\SysWOW64\fsutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
fsutil.exe
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\fsutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3744\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4264"C:\Users\admin\Downloads\scp_visual.exe" C:\Users\admin\Downloads\scp_visual.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\downloads\scp_visual.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4384\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4592"C:\WINDOWS\system32\cmd.exe"C:\Windows\System32\cmd.exescp_visual.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
4724wmic shadowcopy deleteC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
5576C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
Total events
5 208
Read events
5 178
Write events
17
Delete events
13

Modification events

(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\scp_visual.exe.zip
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(6476) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
Executable files
1
Suspicious files
304
Text files
72
Unknown types
6

Dropped files

PID
Process
Filename
Type
6176scp_visual.exeC:\found.000\dir0000.chk\UpdateSessionOrchestration.016.etl.[C8E7DCE6].[studiocp25@hotmail.com].scpgpg
MD5:D532F0FC4A797BC5380EC0AEE6ABB311
SHA256:161D8B845E421AF7A231EEE328F45FFF0C45AC74D94231D0942217C5F77A31FB
6176scp_visual.exeC:\Users\admin\Downloads\associatescorporation.png.[C8E7DCE6].[studiocp25@hotmail.com].scpbinary
MD5:0630017F94E99ECB2FDE03568C8F97DE
SHA256:9649413353F3197C27729A40772AC367229EC76CE1C0A147CCED892A9F148406
6476WinRAR.exeC:\Users\admin\Downloads\scp_visual.exeexecutable
MD5:605F80F837E82C891C7FE7BBEA34F5C8
SHA256:1B242153C890019BC4AC43FD4FA3D685BC8E634B98F64587736D7E3B00BAD1DE
6176scp_visual.exeC:\found.000\dir0000.chk\UpdateSessionOrchestration.037.etl.[C8E7DCE6].[studiocp25@hotmail.com].scpbinary
MD5:50FFF4F35970915EA7190E873AAEABBE
SHA256:C379DFF4B9670FDA2FD480E237A5A161C6E46B244366D708CBC434E5E903CEB3
6176scp_visual.exeC:\Users\admin\Downloads\openare.jpg.[C8E7DCE6].[studiocp25@hotmail.com].scpbinary
MD5:9DBB9B5E020D15A3E88B8001B697A164
SHA256:4FA7141CBA9C84DCC2ACFD2ADBFFC5271780D41E121CDE13C2C57368D03CBB21
6176scp_visual.exeC:\found.000\dir0000.chk\UpdateSessionOrchestration.058.etl.[C8E7DCE6].[studiocp25@hotmail.com].scpbinary
MD5:16E3E67603C13ABA19E07179077FA4C8
SHA256:FDEC255380FC8427419F7FA7FA3934DB6919309A3761441F46A8DCD1A76ED788
6176scp_visual.exeC:\Users\admin\Downloads\relationsengineering.jpg.[C8E7DCE6].[studiocp25@hotmail.com].scpbinary
MD5:F25211773652A0B749D493DDE4852D29
SHA256:4FC4BBB0E9199729E3790CAA2C58582CEC926A38C7863BF2FFCAD0B951A8164E
6176scp_visual.exeC:\$WinREAgent\Rollback.xml.[C8E7DCE6].[studiocp25@hotmail.com].scpbinary
MD5:9135B96F32ED2DC29C61E81890C35096
SHA256:C55FF36AA9CD7AC66A279A415A6765CC9ECA35AFBE33F02712936C0E9293E4CA
6176scp_visual.exeC:\Users\admin\Downloads\+README-WARNING+.txttext
MD5:A716283E6A49F42EC7706DEDE1AA007C
SHA256:F1BFAA1AF9F871DB2BEA5FE25EB87D0BFF0B5B70211866BA3D81EDA1D0B7B173
6176scp_visual.exeC:\$WinREAgent\Backup\+README-WARNING+.txttext
MD5:A716283E6A49F42EC7706DEDE1AA007C
SHA256:F1BFAA1AF9F871DB2BEA5FE25EB87D0BFF0B5B70211866BA3D81EDA1D0B7B173
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
36
DNS requests
22
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4536
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4536
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6704
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6288
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6176
scp_visual.exe
GET
200
142.250.181.227:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6176
scp_visual.exe
GET
200
142.250.181.227:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4536
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4536
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
2.16.204.149:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.bing.com
  • 2.16.204.149
  • 2.16.204.150
  • 2.16.204.160
  • 2.16.204.158
  • 2.16.204.157
  • 2.16.204.148
  • 2.16.204.152
  • 2.16.204.132
  • 2.16.204.147
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.71
  • 40.126.31.71
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.4
  • 20.190.159.2
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
6176
scp_visual.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
1 ETPRO signatures available at the full report
Process
Message
wbadmin.exe
Invalid parameter passed to C runtime function.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
scp_visual.exe.zip