File name:

router-scan-master.zip

Full analysis: https://app.any.run/tasks/8cf2e5c2-4cf5-4b5c-8d97-cf32e1634d82
Verdict: Malicious activity
Analysis date: July 02, 2024, 17:25:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

D15C54F7863D7FE8237F925611A1C6C2

SHA1:

CE8C2694A8F55629BFAC00B9870D5F0B67859200

SHA256:

9261B5DCF56092D7834815FFF1DE26208AF2150C656E61B67FF73ECF37DF3DBB

SSDEEP:

98304:CbJ19OjBInz0jp0axf/IW7njvZ94kGS2etVybuG2hAGl2d0Y8u4IF8REq1RP5Cpa:PbYohkC61UwJm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • reg.exe (PID: 4636)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3720)
      • WinRAR.exe (PID: 2008)

    • Application launched itself

      • Skype.exe (PID: 1324)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 1324)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 3992)
      • Skype.exe (PID: 1324)
      • RouterScan.exe (PID: 6584)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 1324)

    • Connects to the server without a host name

      • RouterScan.exe (PID: 6584)

    • Connects to unusual port

      • RouterScan.exe (PID: 6584)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3720)
      • WinRAR.exe (PID: 2008)
      • msedge.exe (PID: 5632)

    • Checks supported languages

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 2248)
      • Skype.exe (PID: 2276)
      • Skype.exe (PID: 5428)
      • Skype.exe (PID: 6256)
      • Skype.exe (PID: 7016)
      • ShellExperienceHost.exe (PID: 3992)
      • TextInputHost.exe (PID: 6940)
      • RouterScan.exe (PID: 6584)
      • Skype.exe (PID: 7124)
      • identity_helper.exe (PID: 7116)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3720)
      • WinRAR.exe (PID: 2008)

    • Create files in a temporary directory

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)

    • Manual execution by a user

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)
      • notepad++.exe (PID: 6424)
      • RouterScan.exe (PID: 6584)
      • WinRAR.exe (PID: 2008)

    • Reads Environment values

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 6256)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 6256)
      • Skype.exe (PID: 5428)

    • Reads the computer name

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 2276)
      • Skype.exe (PID: 6256)
      • ShellExperienceHost.exe (PID: 3992)
      • Skype.exe (PID: 5428)
      • TextInputHost.exe (PID: 6940)
      • RouterScan.exe (PID: 6584)
      • Skype.exe (PID: 7124)
      • identity_helper.exe (PID: 7116)

    • Reads CPU info

      • Skype.exe (PID: 1324)

    • Checks proxy server information

      • Skype.exe (PID: 1324)

    • Process checks computer location settings

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 6256)
      • Skype.exe (PID: 7016)

    • Reads the software policy settings

      • Skype.exe (PID: 1324)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 7124)
      • RouterScan.exe (PID: 6584)

    • Checks transactions between databases Windows and Oracle

      • explorer.exe (PID: 2928)

    • Application launched itself

      • msedge.exe (PID: 4896)

    • Disables trace logs

      • explorer.exe (PID: 2928)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 2928)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 4896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2019:02:24 06:31:14
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: router-scan-master/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
63
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs explorer.exe no specs COpenControlPanel no specs routerscan.exe skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs notepad++.exe reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs COpenControlPanel no specs explorer.exe no specs shellexperiencehost.exe no specs textinputhost.exe no specs Network Common Connections Ui no specs winrar.exe routerscan.exe skype.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6592 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x308,0x30c,0x310,0x304,0x318,0x7ffda2825fd8,0x7ffda2825fe4,0x7ffda2825ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1324"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --share-file="C:\Users\admin\Desktop\router-scan-master\README.md"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
explorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2008"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\router-scan-master\prerelease.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2112"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2124C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
2204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5508 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2248"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=868d4f0b-b29b-4967-461d-2a3581a09553&uid=868d4f0b-b29b-4967-461d-2a3581a09553 --annotation=IsOfficialBuild=1 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.104.0.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.1.8 --initial-client-data=0x594,0x598,0x59c,0x590,0x5a0,0x7633398,0x76333a8,0x76333b4C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2276"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 --field-trial-handle=2168,i,140760016177398046,16776355893238672202,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1368 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
38 587
Read events
38 310
Write events
251
Delete events
26

Modification events

(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\router-scan-master.zip
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
16
Suspicious files
134
Text files
298
Unknown types
0

Dropped files

PID
Process
Filename
Type
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\README.mdtext
MD5:C0D795D1E0B008CB6040DF479E57CFA8
SHA256:DE25ECDC84B5CEAC03BC354CA6B58DF4BAA732D059CD16E46F28AB8810479C74
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\auth_basic.txttext
MD5:1D0738B0287C2FD2473F385B48DC78CC
SHA256:263803D90B941E075F650177B79EC53E5E07E624C91620EC6429997F35F8624D
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\RouterScan.logtext
MD5:A8BD8E7691B4B651443DD2AFAA1E3334
SHA256:86BA3DCFA8F2FAE6B478FCE9745B3A65DB9DCE8356AA433E4F129746D8DEB72C
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\manual\window_exclusions.pngimage
MD5:445458767080CAFFE78E3485FBE073D0
SHA256:017130EE877058E66FE5488E624B46A96516DF248F8A34CE3BB5B437EC2C2F7D
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\code.csstext
MD5:34EEF673AAC538C9EA0AE0C7C0E2D67E
SHA256:0EE28931213A335AEF323461124ACF32DFAE3CF8D8D0CC3F73F01831B854422F
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\auth_form.txttext
MD5:9AF7CFB8090E48414B6041A2248A8F14
SHA256:2A278212B0AC2FCCA4572678021BC61D6E4EC558076F358DFF84069A0A1244AC
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\config.initext
MD5:6BDB22E1171FFCF6300729B9565C7D52
SHA256:BECFD4E6AB944E79312E6D63A5FEA7443C53B6CB5B3BC92BFEF89201D1EC6BD4
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\code.jstext
MD5:42F72119D75B2DB22E057B94B0AFDDCB
SHA256:AAA12EBFA199CF05CEE9E52DBFDF84CE1C3AF32FCEAD93C4FE351A8AF6E24AFC
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\manual\menu_table.pngimage
MD5:8764457F339A125AC67BB57D98961D4A
SHA256:79CBBB622DC431B03D00089BF5D74B290F7A97F8DF3BE504A42CF7C81FC0DC94
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\manual\window_import_clear.pngimage
MD5:68349DFB2D1FE56AEA55945CFAFB5E42
SHA256:E0E83DE8081C9E02E19A57D5C6B40C6088BDE82F9022577F3781A8A4030BC3BF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
5 498
DNS requests
70
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
5636
svchost.exe
GET
200
2.21.20.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5636
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
6516
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
6516
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
2612
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4016
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
4016
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5636
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
3580
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2072
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5636
svchost.exe
2.21.20.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
5636
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3040
OfficeClickToRun.exe
20.189.173.2:443
self.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3040
OfficeClickToRun.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.21.20.133
  • 2.21.20.137
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
self.events.data.microsoft.com
  • 20.189.173.2
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
3wifi.stascorp.com
  • 49.13.77.253
unknown
www.bing.com
  • 104.126.37.171
  • 104.126.37.186
  • 104.126.37.155
  • 104.126.37.163
  • 104.126.37.178
  • 104.126.37.161
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.170
  • 104.126.37.185
  • 104.126.37.129
  • 104.126.37.130
  • 104.126.37.128
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.145
  • 104.126.37.138
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.136
  • 104.126.37.137
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.74
  • 40.126.32.76
  • 40.126.32.140
  • 40.126.32.138
whitelisted
r.bing.com
  • 104.126.37.170
  • 104.126.37.155
  • 104.126.37.178
  • 104.126.37.161
  • 104.126.37.171
  • 104.126.37.179
  • 104.126.37.163
  • 104.126.37.177
  • 104.126.37.186
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted

Threats

PID
Process
Class
Message
6584
RouterScan.exe
Misc activity
ET INFO Cloudflare DNS Over HTTPS Certificate Inbound
6584
RouterScan.exe
Potentially Bad Traffic
ET INFO Unconfigured nginx Access
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
VerifyLibrary: error while getting certificate informations
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
router-scan-master.zip