File name:

router-scan-master.zip

Full analysis: https://app.any.run/tasks/8cf2e5c2-4cf5-4b5c-8d97-cf32e1634d82
Verdict: Malicious activity
Analysis date: July 02, 2024, 17:25:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

D15C54F7863D7FE8237F925611A1C6C2

SHA1:

CE8C2694A8F55629BFAC00B9870D5F0B67859200

SHA256:

9261B5DCF56092D7834815FFF1DE26208AF2150C656E61B67FF73ECF37DF3DBB

SSDEEP:

98304:CbJ19OjBInz0jp0axf/IW7njvZ94kGS2etVybuG2hAGl2d0Y8u4IF8REq1RP5Cpa:PbYohkC61UwJm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • reg.exe (PID: 4636)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3720)
      • WinRAR.exe (PID: 2008)

    • Application launched itself

      • Skype.exe (PID: 1324)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 1324)

    • Reads security settings of Internet Explorer

      • Skype.exe (PID: 1324)
      • ShellExperienceHost.exe (PID: 3992)
      • RouterScan.exe (PID: 6584)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 1324)

    • Connects to the server without a host name

      • RouterScan.exe (PID: 6584)

    • Connects to unusual port

      • RouterScan.exe (PID: 6584)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3720)
      • WinRAR.exe (PID: 2008)

    • Checks supported languages

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 2248)
      • Skype.exe (PID: 2276)
      • Skype.exe (PID: 5428)
      • Skype.exe (PID: 6256)
      • Skype.exe (PID: 7016)
      • ShellExperienceHost.exe (PID: 3992)
      • TextInputHost.exe (PID: 6940)
      • RouterScan.exe (PID: 6584)
      • Skype.exe (PID: 7124)
      • identity_helper.exe (PID: 7116)

    • Manual execution by a user

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)
      • notepad++.exe (PID: 6424)
      • WinRAR.exe (PID: 2008)
      • RouterScan.exe (PID: 6584)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3720)
      • WinRAR.exe (PID: 2008)
      • msedge.exe (PID: 5632)

    • Create files in a temporary directory

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)

    • Reads the computer name

      • RouterScan.exe (PID: 4104)
      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 2276)
      • Skype.exe (PID: 6256)
      • ShellExperienceHost.exe (PID: 3992)
      • TextInputHost.exe (PID: 6940)
      • RouterScan.exe (PID: 6584)
      • Skype.exe (PID: 7124)
      • identity_helper.exe (PID: 7116)
      • Skype.exe (PID: 5428)

    • Reads Environment values

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 6256)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 6256)
      • Skype.exe (PID: 5428)

    • Reads CPU info

      • Skype.exe (PID: 1324)

    • Checks proxy server information

      • Skype.exe (PID: 1324)

    • Process checks computer location settings

      • Skype.exe (PID: 1324)
      • Skype.exe (PID: 6256)
      • Skype.exe (PID: 7016)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 1324)
      • RouterScan.exe (PID: 6584)
      • Skype.exe (PID: 7124)

    • Reads the software policy settings

      • Skype.exe (PID: 1324)

    • Disables trace logs

      • explorer.exe (PID: 2928)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 2928)

    • Checks transactions between databases Windows and Oracle

      • explorer.exe (PID: 2928)

    • Application launched itself

      • msedge.exe (PID: 4896)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 4896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2019:02:24 06:31:14
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: router-scan-master/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
63
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs explorer.exe no specs COpenControlPanel no specs routerscan.exe skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs notepad++.exe reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs COpenControlPanel no specs explorer.exe no specs shellexperiencehost.exe no specs textinputhost.exe no specs Network Common Connections Ui no specs winrar.exe routerscan.exe skype.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6592 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x308,0x30c,0x310,0x304,0x318,0x7ffda2825fd8,0x7ffda2825fe4,0x7ffda2825ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1324"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --share-file="C:\Users\admin\Desktop\router-scan-master\README.md"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
explorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2008"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\router-scan-master\prerelease.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2112"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2124C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
2204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5508 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2248"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=868d4f0b-b29b-4967-461d-2a3581a09553&uid=868d4f0b-b29b-4967-461d-2a3581a09553 --annotation=IsOfficialBuild=1 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.104.0.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.1.8 --initial-client-data=0x594,0x598,0x59c,0x590,0x5a0,0x7633398,0x76333a8,0x76333b4C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2276"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 --field-trial-handle=2168,i,140760016177398046,16776355893238672202,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1368 --field-trial-handle=2328,i,9324306938919757548,18330556820892876161,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
38 587
Read events
38 310
Write events
251
Delete events
26

Modification events

(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\router-scan-master.zip
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(3720) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
16
Suspicious files
134
Text files
298
Unknown types
0

Dropped files

PID
Process
Filename
Type
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\RouterScan.exeexecutable
MD5:7431B3763F2825B8B67F34BA4008FE74
SHA256:E97DA4284459149541EF261A6DE0BEC7EF8A3D2D28D3384B7B256C089D524690
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\README.mdtext
MD5:C0D795D1E0B008CB6040DF479E57CFA8
SHA256:DE25ECDC84B5CEAC03BC354CA6B58DF4BAA732D059CD16E46F28AB8810479C74
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\manual\window_exclusions.pngimage
MD5:445458767080CAFFE78E3485FBE073D0
SHA256:017130EE877058E66FE5488E624B46A96516DF248F8A34CE3BB5B437EC2C2F7D
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\auth_form.txttext
MD5:9AF7CFB8090E48414B6041A2248A8F14
SHA256:2A278212B0AC2FCCA4572678021BC61D6E4EC558076F358DFF84069A0A1244AC
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\code.jstext
MD5:42F72119D75B2DB22E057B94B0AFDDCB
SHA256:AAA12EBFA199CF05CEE9E52DBFDF84CE1C3AF32FCEAD93C4FE351A8AF6E24AFC
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\auth_digest.txttext
MD5:77562F5B74E005E732FC9A2ABFB598D3
SHA256:DC934228B21724D02C1C2B6B3C0F57DCFA77F0CE7BC71AB20F576058963DAFC9
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\code.csstext
MD5:34EEF673AAC538C9EA0AE0C7C0E2D67E
SHA256:0EE28931213A335AEF323461124ACF32DFAE3CF8D8D0CC3F73F01831B854422F
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\config.initext
MD5:6BDB22E1171FFCF6300729B9565C7D52
SHA256:BECFD4E6AB944E79312E6D63A5FEA7443C53B6CB5B3BC92BFEF89201D1EC6BD4
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\RouterScan.logtext
MD5:A8BD8E7691B4B651443DD2AFAA1E3334
SHA256:86BA3DCFA8F2FAE6B478FCE9745B3A65DB9DCE8356AA433E4F129746D8DEB72C
3720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3720.46275\router-scan-master\help\data\manual\menu_main.pngimage
MD5:6EA94AA073E42F7E79885831DA173462
SHA256:25FE2D89C8D99B9D8B6D3FFA9CA095A49283CA4A9E23FA9FAC34C755CAA66819
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
5 498
DNS requests
70
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5636
svchost.exe
GET
200
2.21.20.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5636
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
6516
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
6516
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
2612
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4016
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
256
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5636
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
3580
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2072
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5636
svchost.exe
2.21.20.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
5636
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3040
OfficeClickToRun.exe
20.189.173.2:443
self.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3040
OfficeClickToRun.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.21.20.133
  • 2.21.20.137
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
self.events.data.microsoft.com
  • 20.189.173.2
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
3wifi.stascorp.com
  • 49.13.77.253
unknown
www.bing.com
  • 104.126.37.171
  • 104.126.37.186
  • 104.126.37.155
  • 104.126.37.163
  • 104.126.37.178
  • 104.126.37.161
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.170
  • 104.126.37.185
  • 104.126.37.129
  • 104.126.37.130
  • 104.126.37.128
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.145
  • 104.126.37.138
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.136
  • 104.126.37.137
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.74
  • 40.126.32.76
  • 40.126.32.140
  • 40.126.32.138
whitelisted
r.bing.com
  • 104.126.37.170
  • 104.126.37.155
  • 104.126.37.178
  • 104.126.37.161
  • 104.126.37.171
  • 104.126.37.179
  • 104.126.37.163
  • 104.126.37.177
  • 104.126.37.186
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted

Threats

PID
Process
Class
Message
6584
RouterScan.exe
Misc activity
ET INFO Cloudflare DNS Over HTTPS Certificate Inbound
6584
RouterScan.exe
Potentially Bad Traffic
ET INFO Unconfigured nginx Access
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
VerifyLibrary: error while getting certificate informations
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
router-scan-master.zip