File name:

app.py

Full analysis: https://app.any.run/tasks/d3a68476-752e-4b54-b0e9-83c7654453cd
Verdict: Malicious activity
Analysis date: August 04, 2025, 15:49:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-script.python
File info: Python script, ASCII text executable, with CRLF line terminators
MD5:

97D2E53A9D0486B6231D96E93AAD4870

SHA1:

A17FDAE9A1AFB3CF57110876D925B05C48BB4DD2

SHA256:

36EF8A035886ADC14F67A321078A5BEDBB7506DEDC41EE9699F15D991DC8734D

SSDEEP:

24:WYt13LoRmjRxrCn3u1FIM+a38n5TFuc+GFSIH+TykjryFan:Pr3LJREn3Q7ITFAG0IeTykHyFan

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • net.exe (PID: 2812)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 4048)
      • powershell.exe (PID: 2924)
      • powershell.exe (PID: 1596)
      • powershell.exe (PID: 1240)
      • powershell.exe (PID: 2832)

    • Uses Task Scheduler to run other applications

      • ns9BBE.tmp (PID: 2992)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 3168)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)

    • Creates files in the driver directory

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • drvinst.exe (PID: 2708)
      • NPFInstall.exe (PID: 3920)

    • Executable content was dropped or overwritten

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • NPFInstall.exe (PID: 3920)
      • drvinst.exe (PID: 2708)

    • The process creates files with name similar to system file names

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)

    • Drops a system driver (possible attempt to evade defenses)

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • drvinst.exe (PID: 2708)
      • NPFInstall.exe (PID: 3920)

    • Creates a software uninstall entry

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)

    • Creates or modifies Windows services

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)

    • Stops a currently running service

      • sc.exe (PID: 3172)
      • sc.exe (PID: 4052)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3260)
      • cmd.exe (PID: 1800)

    • Starts CMD.EXE for commands execution

      • nsEA13.tmp (PID: 3952)
      • ns7F50.tmp (PID: 4012)
      • nsE9A4.tmp (PID: 2620)

    • Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

      • cmd.exe (PID: 3388)

    • Starts application with an unusual extension

      • npcap-1.77.exe (PID: 1948)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 3388)

    • Reads the Internet Settings

      • WMIC.exe (PID: 4092)
      • msiexec.exe (PID: 1576)

    • Windows service management via SC.EXE

      • sc.exe (PID: 3252)
      • sc.exe (PID: 1736)

    • Starts POWERSHELL.EXE for commands execution

      • nsEC08.tmp (PID: 2312)
      • nsF1A6.tmp (PID: 2680)
      • nsFCE5.tmp (PID: 2920)
      • nsF747.tmp (PID: 2608)
      • ns941B.tmp (PID: 3744)

    • Returns all items found within a container (POWERSHELL)

      • powershell.exe (PID: 2924)
      • powershell.exe (PID: 4048)
      • powershell.exe (PID: 1240)
      • powershell.exe (PID: 1596)

    • The process bypasses the loading of PowerShell profile settings

      • nsEC08.tmp (PID: 2312)
      • nsF1A6.tmp (PID: 2680)
      • nsF747.tmp (PID: 2608)
      • nsFCE5.tmp (PID: 2920)
      • ns941B.tmp (PID: 3744)

    • The process hide an interactive prompt from the user

      • nsEC08.tmp (PID: 2312)
      • nsF1A6.tmp (PID: 2680)
      • nsF747.tmp (PID: 2608)
      • nsFCE5.tmp (PID: 2920)
      • ns941B.tmp (PID: 3744)

    • Removes files via Powershell

      • powershell.exe (PID: 2924)
      • powershell.exe (PID: 1596)

    • Adds/modifies Windows certificates

      • certutil.exe (PID: 2744)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1116)
      • kfsnserv.exe (PID: 1624)
      • kfmond.exe (PID: 2380)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3596)
      • NPFInstall.exe (PID: 3920)

    • Reads security settings of Internet Explorer

      • NPFInstall.exe (PID: 3920)
      • msiexec.exe (PID: 1576)

    • Application launched itself

      • msiexec.exe (PID: 3168)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 3168)

    • Process uses IPCONFIG to get network configuration information

      • cmd.exe (PID: 2772)

  • INFO

    • Checks supported languages

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • nsEA13.tmp (PID: 3952)
      • ns7F50.tmp (PID: 4012)
      • NPFInstall.exe (PID: 2784)
      • nsE83C.tmp (PID: 2416)
      • nsE9A4.tmp (PID: 2620)
      • nsEC08.tmp (PID: 2312)
      • nsF1A6.tmp (PID: 2680)
      • nsF65A.tmp (PID: 2596)
      • nsF6D8.tmp (PID: 3944)
      • nsFCE5.tmp (PID: 2920)
      • ns12C.tmp (PID: 3644)
      • ns218.tmp (PID: 3600)
      • ns1AA.tmp (PID: 268)
      • ns382.tmp (PID: 1120)
      • ns296.tmp (PID: 148)
      • NPFInstall.exe (PID: 3380)
      • nsF747.tmp (PID: 2608)
      • NPFInstall.exe (PID: 3796)
      • ns40F.tmp (PID: 3872)
      • NPFInstall.exe (PID: 3920)
      • drvinst.exe (PID: 2708)
      • ns941B.tmp (PID: 3744)
      • msiexec.exe (PID: 3168)
      • msiexec.exe (PID: 1576)
      • ns9BBE.tmp (PID: 2992)
      • kfmond.exe (PID: 2380)
      • kfsnserv.exe (PID: 1624)
      • kfsensmonitor.exe (PID: 2408)

    • Manual execution by a user

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • WinPcap_4_1_3 (1).exe (PID: 3308)
      • npcap-1.77.exe (PID: 3436)
      • npcap-1.77.exe (PID: 1948)
      • msiexec.exe (PID: 1500)
      • cmd.exe (PID: 2772)

    • Reads Environment values

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)

    • Reads the computer name

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • NPFInstall.exe (PID: 2784)
      • NPFInstall.exe (PID: 3796)
      • NPFInstall.exe (PID: 3920)
      • drvinst.exe (PID: 2708)
      • msiexec.exe (PID: 3168)
      • kfsnserv.exe (PID: 1624)
      • kfmond.exe (PID: 2380)
      • msiexec.exe (PID: 1576)
      • kfsensmonitor.exe (PID: 2408)

    • Create files in a temporary directory

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • NPFInstall.exe (PID: 3920)
      • msiexec.exe (PID: 3168)

    • Creates files in the program directory

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • NPFInstall.exe (PID: 2784)

    • The sample compiled with english language support

      • WinPcap_4_1_3 (1).exe (PID: 2944)
      • npcap-1.77.exe (PID: 1948)
      • msiexec.exe (PID: 1500)
      • msiexec.exe (PID: 3168)

    • Reads the machine GUID from the registry

      • NPFInstall.exe (PID: 3920)
      • drvinst.exe (PID: 2708)
      • msiexec.exe (PID: 3168)
      • msiexec.exe (PID: 1576)

    • Reads the software policy settings

      • drvinst.exe (PID: 2708)
      • rundll32.exe (PID: 3596)
      • NPFInstall.exe (PID: 3920)
      • msiexec.exe (PID: 1500)
      • msiexec.exe (PID: 3168)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3596)
      • msiexec.exe (PID: 1500)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 2708)

    • Launching a file from Task Scheduler

      • ns9BBE.tmp (PID: 2992)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 3168)
      • msiexec.exe (PID: 1500)

    • Launching a file from a Registry key

      • msiexec.exe (PID: 3168)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3168)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
63
Malicious processes
6
Suspicious processes
7

Behavior graph

Click at the process to see the details
start rundll32.exe no specs winpcap_4_1_3 (1).exe no specs winpcap_4_1_3 (1).exe net.exe no specs net1.exe no specs npcap-1.77.exe no specs npcap-1.77.exe ns7f50.tmp no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs nse83c.tmp no specs npfinstall.exe no specs nse9a4.tmp no specs cmd.exe no specs sc.exe no specs sc.exe no specs nsea13.tmp no specs cmd.exe no specs sc.exe no specs sc.exe no specs nsec08.tmp no specs powershell.exe no specs nsf1a6.tmp no specs powershell.exe no specs certutil.exe no specs nsf65a.tmp no specs certutil.exe no specs nsf6d8.tmp no specs certutil.exe no specs nsf747.tmp no specs powershell.exe no specs nsfce5.tmp no specs powershell.exe no specs certutil.exe no specs ns12c.tmp no specs certutil.exe no specs ns1aa.tmp no specs certutil.exe no specs ns218.tmp no specs certutil.exe no specs ns296.tmp no specs npfinstall.exe no specs pnputil.exe no specs ns382.tmp no specs npfinstall.exe no specs ns40f.tmp no specs npfinstall.exe drvinst.exe rundll32.exe no specs vssvc.exe no specs ns941b.tmp no specs powershell.exe no specs ns9bbe.tmp no specs schtasks.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs kfmond.exe no specs kfsnserv.exe no specs kfsensmonitor.exe no specs cmd.exe no specs ipconfig.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
148"C:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\ns296.tmp" "C:\Program Files\Npcap\NPFInstall.exe" -n -cC:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\ns296.tmpnpcap-1.77.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsk7f20.tmp\ns296.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
268"C:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\ns1AA.tmp" certutil.exe -addstore -f "Root" "C:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25.sst"C:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\ns1AA.tmpnpcap-1.77.exe
User:
admin
Integrity Level:
HIGH
Exit code:
2148086027
Modules
Images
c:\users\admin\appdata\local\temp\nsk7f20.tmp\ns1aa.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
656SCHTASKS.EXE /Create /F /RU SYSTEM /SC ONSTART /TN npcapwatchdog /TR "'C:\Program Files\Npcap\CheckStatus.bat'" /NPC:\Windows\System32\schtasks.exens9BBE.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1116C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1120"C:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\ns382.tmp" "C:\Program Files\Npcap\NPFInstall.exe" -n -iwC:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\ns382.tmpnpcap-1.77.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsk7f20.tmp\ns382.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1240powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq '5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25'} | Sort-Object -Descending -Property FriendlyName | Select-Object -Skip 1 | Remove-Item"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exensF747.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
1500"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\kfsens40.msi" C:\Windows\System32\msiexec.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1560C:\Windows\System32\findstr.exe "^KB4474419"C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
1576C:\Windows\system32\MsiExec.exe -Embedding C917914919B2511B4718D4247243A4BB CC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1596powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "If (Get-ChildItem Cert:\LocalMachine\Root\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25){certutil.exe -verifystore 'Root' '5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25';If($LASTEXITCODE -ne 0){Remove-Item Cert:\LocalMachine\Root\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25}}"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exensFCE5.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
Total events
45 037
Read events
44 017
Write events
988
Delete events
32

Modification events

(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NPF
Operation:writeName:Start
Value:
2
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:DisplayName
Value:
WinPcap 4.1.3
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:UninstallString
Value:
C:\Program Files\WinPcap\uninstall.exe
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:Publisher
Value:
Riverbed Technology, Inc.
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:URLInfoAbout
Value:
http://www.riverbed.com/
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:URLUpdateInfo
Value:
http://www.winpcap.org
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:VersionMajor
Value:
4
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:VersionMinor
Value:
1
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:DisplayVersion
Value:
4.1.0.2980
(PID) Process:(2944) WinPcap_4_1_3 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
Operation:writeName:DisplayIcon
Value:
C:\Program Files\WinPcap\uninstall.exe
Executable files
64
Suspicious files
41
Text files
226
Unknown types
33

Dropped files

PID
Process
Filename
Type
2944WinPcap_4_1_3 (1).exeC:\Users\admin\AppData\Local\Temp\nse6379.tmp\UserInfo.dllexecutable
MD5:7579ADE7AE1747A31960A228CE02E666
SHA256:564C80DEC62D76C53497C40094DB360FF8A36E0DC1BDA8383D0F9583138997F5
2944WinPcap_4_1_3 (1).exeC:\Program Files\WinPcap\install.logtext
MD5:6A69C0B7A263CDC8D261F73C406DB6BB
SHA256:30DD77859CDD3854DD387CBA3D1419F68B8D21C046D00A0F4D2619627CD90C73
2944WinPcap_4_1_3 (1).exeC:\Users\admin\AppData\Local\Temp\nse6379.tmp\modern-header.bmpimage
MD5:D8F59A707B2A5000C7903595EDDC3D48
SHA256:C0E284FDE834FE8A6F90504DBA7ABFF25B1E7DD4611483341203FD3EFC5DE8A6
2944WinPcap_4_1_3 (1).exeC:\Users\admin\AppData\Local\Temp\nse6379.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
2944WinPcap_4_1_3 (1).exeC:\Users\admin\AppData\Local\Temp\nse6379.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
2944WinPcap_4_1_3 (1).exeC:\Users\admin\AppData\Local\Temp\nse6379.tmp\ExecDos.dllexecutable
MD5:A7CD6206240484C8436C66AFB12BDFBF
SHA256:69AC56D2FDF3C71B766D3CC49B33B36F1287CC2503310811017467DFCB455926
2944WinPcap_4_1_3 (1).exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\Uninstall WinPcap 4.1.3.lnklnk
MD5:C9D20A705F484FFF5576D00C1CD7390B
SHA256:BE704F094C5DF6A8FC7E0861E564E137C8729585CE37B7B0225B58C3B1ACE070
2944WinPcap_4_1_3 (1).exeC:\Users\admin\AppData\Local\Temp\nse6379.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
2944WinPcap_4_1_3 (1).exeC:\Windows\System32\wpcap.dllexecutable
MD5:4633B298D57014627831CCAC89A2C50B
SHA256:B967E4DCE952F9232592E4C1753516081438702A53424005642700522055DBC9
1948npcap-1.77.exeC:\Users\admin\AppData\Local\Temp\nsk7F20.tmp\System.dllexecutable
MD5:F020A8D9EDE1FB2AF3651AD6E0AC9CB1
SHA256:7EFE73A8D32ED1B01727AD4579E9EEC49C9309F2CB7BF03C8AFA80D70242D1C0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
8
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
app.py