URL:

https://androiddatahost.com/wp-content/uploads/Amlogic_USB_Burning_Tool_v3.2.8.zip

Full analysis: https://app.any.run/tasks/c33ac53b-f486-4494-b7e5-d8eb48ff4a20
Verdict: Malicious activity
Analysis date: February 25, 2024, 11:51:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3456252E45C408D5D3D9E2312BDF3884

SHA1:

906B635B79D177A6F965BD79E5BA2E7E4E763F95

SHA256:

BA270840410E34F0C661B99E7B74419B2977680D360FDEF675EB4F3D1238B75D

SSDEEP:

3:N8FMB4qIbOlAQy/snRXkRJbLVfUn:22B4qIbOlAZuxkR5Vcn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 2660)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • drvinst.exe (PID: 2660)
      • dpinst32.exe (PID: 448)

    • Reads the Windows owner or organization settings

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Process drops legitimate windows executable

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Reads security settings of Internet Explorer

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Starts CMD.EXE for commands execution

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Reads the Internet Settings

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 680)

    • Drops a system driver (possible attempt to evade defenses)

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • The process drops C-runtime libraries

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Reads settings of System Certificates

      • dpscat.exe (PID: 2992)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 2660)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2660)

    • Adds/modifies Windows certificates

      • dpscat.exe (PID: 2992)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1584)

  • INFO

    • Manual execution by a user

      • explorer.exe (PID: 2120)
      • WinRAR.exe (PID: 796)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)

    • Application launched itself

      • iexplore.exe (PID: 2472)

    • Checks supported languages

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 1572)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpscat.exe (PID: 2992)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • The process uses the downloaded file

      • iexplore.exe (PID: 2472)
      • WinRAR.exe (PID: 796)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2472)

    • Create files in a temporary directory

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpinst32.exe (PID: 448)

    • Reads the computer name

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 1572)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpscat.exe (PID: 2992)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Reads the machine GUID from the registry

      • dpscat.exe (PID: 2992)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Creates files in the program directory

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpscat.exe (PID: 2992)

    • Creates a software uninstall entry

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Reads the software policy settings

      • dpscat.exe (PID: 2992)
      • drvinst.exe (PID: 2660)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 2660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
14
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe explorer.exe no specs winrar.exe no specs amlogic usb burning tool v3.2.8.exe amlogic usb burning tool v3.2.8.tmp no specs amlogic usb burning tool v3.2.8.exe amlogic usb burning tool v3.2.8.tmp cmd.exe no specs taskkill.exe no specs dpscat.exe dpinst32.exe drvinst.exe vssvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Amlogic\Aml_Burn_Tool\V3\Driver\dpinst32.exe"C:\Amlogic\Aml_Burn_Tool\V3\Driver\dpinst32.exe
Amlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Exit code:
256
Version:
2.1
Modules
Images
c:\amlogic\aml_burn_tool\v3\driver\dpinst32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
680"C:\Windows\system32\cmd.exe" /c taskkill /f /t /im Aml_Burn_Tool.exeC:\Windows\System32\cmd.exeAmlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
796"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8.zip" C:\Users\admin\Downloads\C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1572"C:\Users\admin\AppData\Local\Temp\is-VTQ7H.tmp\Amlogic USB Burning Tool v3.2.8.tmp" /SL5="$13016C,39316483,437760,C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" C:\Users\admin\AppData\Local\Temp\is-VTQ7H.tmp\Amlogic USB Burning Tool v3.2.8.tmpAmlogic USB Burning Tool v3.2.8.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-vtq7h.tmp\amlogic usb burning tool v3.2.8.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1584C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1860"C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
explorer.exe
User:
admin
Company:
Amlogic, Inc.
Integrity Level:
MEDIUM
Description:
V3_Aml_Burn_Tool Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\amlogic_usb_burning_tool_v3.2.8\amlogic usb burning tool v3.2.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2120"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2336taskkill /f /t /im Aml_Burn_Tool.exeC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2388"C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" /SPAWNWND=$A0240 /NOTIFYWND=$13016C C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
Amlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Amlogic, Inc.
Integrity Level:
HIGH
Description:
V3_Aml_Burn_Tool Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\amlogic_usb_burning_tool_v3.2.8\amlogic usb burning tool v3.2.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2472"C:\Program Files\Internet Explorer\iexplore.exe" "https://androiddatahost.com/wp-content/uploads/Amlogic_USB_Burning_Tool_v3.2.8.zip"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
40 512
Read events
40 277
Write events
193
Delete events
42

Modification events

(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
124526528
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31090657
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
424687778
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31090657
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
314
Suspicious files
106
Text files
25
Unknown types
27

Dropped files

PID
Process
Filename
Type
2472iexplore.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8.zip
MD5:
SHA256:
796WinRAR.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
MD5:
SHA256:
3348iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:3C7FE4EF6C5CA4E55B004DE741D614EA
SHA256:7DA2C0DC2E1C013F020826529A6FA2A2F4B6829553F115894EE790AF16840C44
3348iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C39CA9F3C1E29A95E83D140288CD78AA_C95EAF222F8C552B8A51D84B0A749002binary
MD5:A3D3F8E0F760BC80954D969E71A81DE3
SHA256:1DB464484DCDFE476ED9933616EB9E67BA4B2CDB9C23200888CF3E4BAE40BEC4
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Amlogic_USB_Burning_Tool_v3.2.8[1].zipcompressed
MD5:AE84A0C0F8F0A8FC5AE80302E91A8D8B
SHA256:F19DE52C089F872C11AF758F6958DD9A0CFC8FBD1DE1E220F815920EB2239964
2472iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{45119817-D3D4-11EE-AE0A-12A9866C77DE}.datbinary
MD5:F31A49F632B0E373CE90F6780E06DF6B
SHA256:85F1271722EC674D04D9AC8D155EBD64A24FBB9782B596D7EE66150F1B30AC29
3348iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562der
MD5:D9B2F49553884778A0F682A83321C576
SHA256:0458989634E3B38F1A466C135155198F080B265FA71CE257E00F7601CD1CD291
796WinRAR.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Latest Version.urlurl
MD5:5DDB3218A4FF05952A88CF517326F92A
SHA256:0BDFB7E990F6E46F08D2A0828D437F1AD170490E0D788C95B280334BD55441FF
2388Amlogic USB Burning Tool v3.2.8.exeC:\Users\admin\AppData\Local\Temp\is-09GUT.tmp\Amlogic USB Burning Tool v3.2.8.tmpexecutable
MD5:23D2B5F3A53654CE94ECBA0307EDAC73
SHA256:C82E73DD92B231437393BEB67DDE15E99163C3F1EF457809FE8C4A61CBFF91B6
2472iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:E92996737650DF7C1AFF74597DB799C6
SHA256:28784D5D7493A832AFCF858B27A4DA59C1CBD7B0942CA595CDE6D5F34A345443
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
16
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3348
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41
unknown
unknown
3348
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b0325f31ae0f9b6
unknown
unknown
3348
iexplore.exe
GET
200
192.124.249.24:80
http://ocsp.starfieldtech.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCQDmZP4f8TnvHA%3D%3D
unknown
binary
2.10 Kb
unknown
3348
iexplore.exe
GET
200
192.124.249.24:80
http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D
unknown
binary
2.05 Kb
unknown
1080
svchost.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a414549a770d7263
unknown
compressed
65.2 Kb
unknown
1080
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c503292d7802e201
unknown
compressed
65.2 Kb
unknown
2472
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9aee5c2adfb08fdb
unknown
unknown
2472
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d416ea50f343b89b
unknown
unknown
2472
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3348
iexplore.exe
192.124.249.38:443
androiddatahost.com
SUCURI-SEC
US
unknown
3348
iexplore.exe
173.222.108.210:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
3348
iexplore.exe
192.124.249.24:80
ocsp.starfieldtech.com
SUCURI-SEC
US
unknown
1080
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2472
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted
2472
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2472
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
androiddatahost.com
  • 192.124.249.38
whitelisted
ctldl.windowsupdate.com
  • 173.222.108.210
  • 173.222.108.226
  • 93.184.221.240
whitelisted
ocsp.starfieldtech.com
  • 192.124.249.24
  • 192.124.249.36
  • 192.124.249.41
  • 192.124.249.22
  • 192.124.249.23
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
Process
Message
dpscat.exe
dpscat.exe
Actual section to install: libusbDevice_WinUSB.NTx86
dpscat.exe
Found Hwid: USB\VID_1B8E&PID_C004
dpscat.exe
Copyright(c) 2012 Travis Lee Robinson. (DUAL BSD/GPL)
dpscat.exe
Portions Copyright(c) Pete Batard. (LGPL)
dpscat.exe
Hash calculated for: .\x86\winusbcoinstaller2.dll
dpscat.exe
Using PE guid..
dpscat.exe
Hash added..
dpscat.exe
Hash calculated for: .\x86\wdfcoinstaller01009.dll
dpscat.exe
Using PE guid..
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://androiddatahost.com/wp-content/uploads/Amlogic_USB_Burning_Tool_v3.2.8.zip