URL:

https://androiddatahost.com/wp-content/uploads/Amlogic_USB_Burning_Tool_v3.2.8.zip

Full analysis: https://app.any.run/tasks/c33ac53b-f486-4494-b7e5-d8eb48ff4a20
Verdict: Malicious activity
Analysis date: February 25, 2024, 11:51:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3456252E45C408D5D3D9E2312BDF3884

SHA1:

906B635B79D177A6F965BD79E5BA2E7E4E763F95

SHA256:

BA270840410E34F0C661B99E7B74419B2977680D360FDEF675EB4F3D1238B75D

SSDEEP:

3:N8FMB4qIbOlAQy/snRXkRJbLVfUn:22B4qIbOlAZuxkR5Vcn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 2660)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Reads the Windows owner or organization settings

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Process drops legitimate windows executable

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Starts CMD.EXE for commands execution

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Reads security settings of Internet Explorer

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • The process drops C-runtime libraries

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Reads the Internet Settings

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Drops a system driver (possible attempt to evade defenses)

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Adds/modifies Windows certificates

      • dpscat.exe (PID: 2992)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 680)

    • Reads settings of System Certificates

      • dpscat.exe (PID: 2992)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2660)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 2660)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1584)

  • INFO

    • The process uses the downloaded file

      • iexplore.exe (PID: 2472)
      • WinRAR.exe (PID: 796)

    • Manual execution by a user

      • explorer.exe (PID: 2120)
      • WinRAR.exe (PID: 796)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)

    • Application launched itself

      • iexplore.exe (PID: 2472)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2472)

    • Checks supported languages

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 1572)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpscat.exe (PID: 2992)
      • drvinst.exe (PID: 2660)
      • dpinst32.exe (PID: 448)

    • Reads the computer name

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 1572)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpscat.exe (PID: 2992)
      • drvinst.exe (PID: 2660)
      • dpinst32.exe (PID: 448)

    • Create files in a temporary directory

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 2388)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 1860)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpinst32.exe (PID: 448)

    • Creates files in the program directory

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)
      • dpscat.exe (PID: 2992)

    • Creates a software uninstall entry

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2484)

    • Reads the machine GUID from the registry

      • dpscat.exe (PID: 2992)
      • dpinst32.exe (PID: 448)
      • drvinst.exe (PID: 2660)

    • Reads the software policy settings

      • dpscat.exe (PID: 2992)
      • drvinst.exe (PID: 2660)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 2660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
14
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe explorer.exe no specs winrar.exe no specs amlogic usb burning tool v3.2.8.exe amlogic usb burning tool v3.2.8.tmp no specs amlogic usb burning tool v3.2.8.exe amlogic usb burning tool v3.2.8.tmp cmd.exe no specs taskkill.exe no specs dpscat.exe dpinst32.exe drvinst.exe vssvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Amlogic\Aml_Burn_Tool\V3\Driver\dpinst32.exe"C:\Amlogic\Aml_Burn_Tool\V3\Driver\dpinst32.exe
Amlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Exit code:
256
Version:
2.1
Modules
Images
c:\amlogic\aml_burn_tool\v3\driver\dpinst32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
680"C:\Windows\system32\cmd.exe" /c taskkill /f /t /im Aml_Burn_Tool.exeC:\Windows\System32\cmd.exeAmlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
796"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8.zip" C:\Users\admin\Downloads\C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1572"C:\Users\admin\AppData\Local\Temp\is-VTQ7H.tmp\Amlogic USB Burning Tool v3.2.8.tmp" /SL5="$13016C,39316483,437760,C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" C:\Users\admin\AppData\Local\Temp\is-VTQ7H.tmp\Amlogic USB Burning Tool v3.2.8.tmpAmlogic USB Burning Tool v3.2.8.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-vtq7h.tmp\amlogic usb burning tool v3.2.8.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1584C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1860"C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
explorer.exe
User:
admin
Company:
Amlogic, Inc.
Integrity Level:
MEDIUM
Description:
V3_Aml_Burn_Tool Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\amlogic_usb_burning_tool_v3.2.8\amlogic usb burning tool v3.2.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2120"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2336taskkill /f /t /im Aml_Burn_Tool.exeC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2388"C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" /SPAWNWND=$A0240 /NOTIFYWND=$13016C C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
Amlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Amlogic, Inc.
Integrity Level:
HIGH
Description:
V3_Aml_Burn_Tool Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\amlogic_usb_burning_tool_v3.2.8\amlogic usb burning tool v3.2.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2472"C:\Program Files\Internet Explorer\iexplore.exe" "https://androiddatahost.com/wp-content/uploads/Amlogic_USB_Burning_Tool_v3.2.8.zip"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
40 512
Read events
40 277
Write events
193
Delete events
42

Modification events

(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
124526528
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31090657
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
424687778
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31090657
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
314
Suspicious files
106
Text files
25
Unknown types
27

Dropped files

PID
Process
Filename
Type
2472iexplore.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8.zip
MD5:
SHA256:
796WinRAR.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
MD5:
SHA256:
3348iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C39CA9F3C1E29A95E83D140288CD78AA_C95EAF222F8C552B8A51D84B0A749002der
MD5:B6F16CB64A54A4154886A53EA410A9FC
SHA256:60009B5AC4C70C0F51B75132D93E8F59455D9EB50AC7E515A275A79962EA5E3A
3348iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C39CA9F3C1E29A95E83D140288CD78AA_C95EAF222F8C552B8A51D84B0A749002binary
MD5:A3D3F8E0F760BC80954D969E71A81DE3
SHA256:1DB464484DCDFE476ED9933616EB9E67BA4B2CDB9C23200888CF3E4BAE40BEC4
2472iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF6EEE92A6EFF9B8E6.TMPbinary
MD5:A54F0CBB47BBB4F31EC4D2C3DD356230
SHA256:A36A18692E6CEF6C58C5BAE629C2D10342F14DA5641424F89409217CD3558E06
2472iexplore.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8.zip.uednp5o.partial:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Amlogic_USB_Burning_Tool_v3.2.8[1].zipcompressed
MD5:AE84A0C0F8F0A8FC5AE80302E91A8D8B
SHA256:F19DE52C089F872C11AF758F6958DD9A0CFC8FBD1DE1E220F815920EB2239964
3348iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562der
MD5:D9B2F49553884778A0F682A83321C576
SHA256:0458989634E3B38F1A466C135155198F080B265FA71CE257E00F7601CD1CD291
796WinRAR.exeC:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Driver\Download.urlurl
MD5:4FD87762C9B9E79C86764CC0C68FDBCB
SHA256:B29061450E51F38F5CF31CEF5C9C4F958867344542D7CA8F2D8DEA80D0490A15
2472iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{45119817-D3D4-11EE-AE0A-12A9866C77DE}.datbinary
MD5:F31A49F632B0E373CE90F6780E06DF6B
SHA256:85F1271722EC674D04D9AC8D155EBD64A24FBB9782B596D7EE66150F1B30AC29
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
16
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3348
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41
unknown
unknown
2472
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
3348
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b0325f31ae0f9b6
unknown
unknown
3348
iexplore.exe
GET
200
192.124.249.24:80
http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D
unknown
binary
2.05 Kb
unknown
3348
iexplore.exe
GET
200
192.124.249.24:80
http://ocsp.starfieldtech.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCQDmZP4f8TnvHA%3D%3D
unknown
binary
2.10 Kb
unknown
1080
svchost.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a414549a770d7263
unknown
compressed
65.2 Kb
unknown
2472
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9aee5c2adfb08fdb
unknown
unknown
1080
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c503292d7802e201
unknown
compressed
65.2 Kb
unknown
2472
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d416ea50f343b89b
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3348
iexplore.exe
192.124.249.38:443
androiddatahost.com
SUCURI-SEC
US
unknown
3348
iexplore.exe
173.222.108.210:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
3348
iexplore.exe
192.124.249.24:80
ocsp.starfieldtech.com
SUCURI-SEC
US
unknown
1080
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2472
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted
2472
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2472
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
androiddatahost.com
  • 192.124.249.38
whitelisted
ctldl.windowsupdate.com
  • 173.222.108.210
  • 173.222.108.226
  • 93.184.221.240
whitelisted
ocsp.starfieldtech.com
  • 192.124.249.24
  • 192.124.249.36
  • 192.124.249.41
  • 192.124.249.22
  • 192.124.249.23
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
Process
Message
dpscat.exe
dpscat.exe
Actual section to install: libusbDevice_WinUSB.NTx86
dpscat.exe
Found Hwid: USB\VID_1B8E&PID_C004
dpscat.exe
Copyright(c) 2012 Travis Lee Robinson. (DUAL BSD/GPL)
dpscat.exe
Portions Copyright(c) Pete Batard. (LGPL)
dpscat.exe
Hash calculated for: .\x86\winusbcoinstaller2.dll
dpscat.exe
Using PE guid..
dpscat.exe
Hash added..
dpscat.exe
Hash calculated for: .\x86\wdfcoinstaller01009.dll
dpscat.exe
Using PE guid..
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://androiddatahost.com/wp-content/uploads/Amlogic_USB_Burning_Tool_v3.2.8.zip