File name:

mdx-VueScan_Pro_9.7.90.rar

Full analysis: https://app.any.run/tasks/4cf70ae2-4b88-4667-a682-2a9198974955
Verdict: Malicious activity
Analysis date: December 10, 2023, 21:46:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

234B5256CA9E4ED9627B0B42AB548056

SHA1:

89D9F7CA2C9E9FFD6A55A2B64E9F4841D2FEC4F5

SHA256:

CD05145A5386CD53BD323CC2D8B31F6234F1C85B9B7103C24EA1BDF5C62BB625

SSDEEP:

98304:egGcvQUkAo7SaFBTIVItXfcKzhvRObB+/vDzp8EzCZSWE40s+l42yXEuYeDYDvB/:aSkPGnGWXneldreO3TPVVEHspt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • vuescan.exe (PID: 3964)
      • vuex3297.exe (PID: 3940)
      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 600)
      • vuex3297.exe (PID: 2836)
      • vuescan.exe (PID: 2168)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 2984)

  • SUSPICIOUS

    • Reads the Internet Settings

      • vuescan.exe (PID: 3964)
      • vuescan.exe (PID: 2168)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2984)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3448)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 2984)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3528)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • vuescan.exe (PID: 3964)
      • vuescan.exe (PID: 2168)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • vuescan.exe (PID: 3964)
      • vuescan.exe (PID: 2168)

    • Starts CMD.EXE for commands execution

      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 600)

    • Executing commands from a ".bat" file

      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 600)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 2544)

    • Creates a software uninstall entry

      • vuescan.exe (PID: 2168)

  • INFO

    • Manual execution by a user

      • vuex3297.exe (PID: 2600)
      • wmpnscfg.exe (PID: 2988)
      • vuex3297.exe (PID: 3940)
      • msedge.exe (PID: 3988)
      • msedge.exe (PID: 2556)
      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 280)
      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 600)
      • vuex3297.exe (PID: 544)
      • vuex3297.exe (PID: 2836)
      • msedge.exe (PID: 3260)

    • Reads the machine GUID from the registry

      • vuescan.exe (PID: 3964)
      • drvinst.exe (PID: 2984)
      • vuex3297.exe (PID: 2836)
      • vuescan.exe (PID: 2168)
      • vuex3297.exe (PID: 3940)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2988)
      • drvinst.exe (PID: 2984)
      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 600)
      • vuescan.exe (PID: 2168)
      • vuex3297.exe (PID: 2836)
      • vuex3297.exe (PID: 3940)
      • vuescan.exe (PID: 3964)

    • Creates files in the program directory

      • vuescan.exe (PID: 3964)
      • vuex3297.exe (PID: 2836)
      • vuex3297.exe (PID: 3940)

    • Create files in a temporary directory

      • vuescan.exe (PID: 3964)
      • PnPutil.exe (PID: 4036)
      • VueScan x32 v9.7.70 Patcher v1.0.exe (PID: 600)
      • vuescan.exe (PID: 2168)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3048)

    • Reads the computer name

      • drvinst.exe (PID: 2984)
      • wmpnscfg.exe (PID: 2988)
      • vuex3297.exe (PID: 2836)
      • vuescan.exe (PID: 2168)
      • vuex3297.exe (PID: 3940)
      • vuescan.exe (PID: 3964)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3528)

    • Application launched itself

      • msedge.exe (PID: 1752)
      • msedge.exe (PID: 3988)
      • msedge.exe (PID: 2336)
      • msedge.exe (PID: 2556)
      • msedge.exe (PID: 3348)
      • msedge.exe (PID: 3260)

    • Process checks computer location settings

      • vuescan.exe (PID: 2168)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
136
Monitored processes
73
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs vuex3297.exe no specs vuex3297.exe vuescan.exe pnputil.exe no specs wmpnscfg.exe no specs drvinst.exe no specs rundll32.exe no specs vssvc.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs vuescan x32 v9.7.70 patcher v1.0.exe no specs vuescan x32 v9.7.70 patcher v1.0.exe cmd.exe no specs fltmc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs vuex3297.exe no specs vuex3297.exe vuescan.exe pnputil.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1368,i,12956743296138118120,14909269631011602191,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
188"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1356,i,18103541649232398708,5930399916007421554,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
276"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xf0,0x69eff598,0x69eff5a8,0x69eff5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
280"C:\Users\admin\Desktop\VueScan x32 v9.7.70 Patcher v1.0.exe" C:\Users\admin\Desktop\VueScan x32 v9.7.70 Patcher v1.0.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\vuescan x32 v9.7.70 patcher v1.0.exe
c:\windows\system32\ntdll.dll
280"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1612 --field-trial-handle=1244,i,6755532444517481299,3709066196193259236,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
544"C:\Users\admin\Desktop\vuex3297.exe" C:\Users\admin\Desktop\vuex3297.exeexplorer.exe
User:
admin
Company:
Hamrick Software
Integrity Level:
MEDIUM
Description:
VueScan Installer
Exit code:
3221226540
Version:
9.7.90
Modules
Images
c:\users\admin\desktop\vuex3297.exe
c:\windows\system32\ntdll.dll
556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1296,i,10964279499571723094,9084942547435378843,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
600"C:\Users\admin\Desktop\VueScan x32 v9.7.70 Patcher v1.0.exe" C:\Users\admin\Desktop\VueScan x32 v9.7.70 Patcher v1.0.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\vuescan x32 v9.7.70 patcher v1.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\dup2patcher.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
788"C:\Windows\system32\pnputil.exe" -i -a "C:\Users\admin\AppData\Local\Temp\VueScan\scadrv60.inf"C:\Windows\System32\PnPutil.exevuescan.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft PnP Utility - Tool to add, delete and enumerate driver packages.
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\pnputil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\setupapi.dll
900"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="VueScan (canon-bjnp2-In)" protocol=UDP dir=in localport=8612 program="C:\Program Files\VueScan\vuescan.exe" action=allow description="Inbound rule for VueScan to allow searching network for legacy Canon scanners."C:\Windows\System32\netsh.exevuescan.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
Total events
32 215
Read events
31 632
Write events
568
Delete events
15

Modification events

(PID) Process:(3048) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3048) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
15
Suspicious files
207
Text files
129
Unknown types
0

Dropped files

PID
Process
Filename
Type
3048WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3048.30423\VueScan x32 v9.7.70 Patcher v1.0.exeexecutable
MD5:A27B3DC0D44C1018411208EF12CA4B13
SHA256:5DFA4303E259A1413D42908A766EA98C9E0213B01E5B3A8D7633C91ED60825D3
3940vuex3297.exeC:\Program Files\VueScan\vuescan.exeexecutable
MD5:3A33C7B34ADB19AB0B266183C11D608B
SHA256:A47E5A86B120C20BEE08759AEFB5FA73270C3162E0D8BFCD61334E3431C8C482
3964vuescan.exeC:\Users\Public\Desktop\VueScan x32.lnkbinary
MD5:A48F438A050C02028B9F49B1E54B11BA
SHA256:EFD60246877C0D3E5AE8E26816A363BAC01C26FCD39B4C16ACCE17935C213169
3964vuescan.exeC:\Users\admin\AppData\Local\Temp\VUE397F.tmpexecutable
MD5:3062807F1C4D249EE3898808D77D86A7
SHA256:1C2EDC6E546066682B7C5F44A265425C7C5E4D5F092726C2EE5387991375B0A5
3964vuescan.exeC:\Users\admin\AppData\Local\Temp\VUE3910.tmpbinary
MD5:BBEA06D54F2C8B6BC8F1944DB4900297
SHA256:4C47C63C018F2C0ACAD6A5C2632529ECB03B6F4FFCA28D1B565F8504D2B8870D
2984drvinst.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
3964vuescan.exeC:\Users\admin\AppData\Local\Temp\VueScan\scadrv60.infbinary
MD5:E038B607E4D2883044DCB39A4D2C8B45
SHA256:83D5BD102028DF7D85019246D824D54CE4E66F058F72AB36CCB63428D50A197C
3964vuescan.exeC:\Users\admin\AppData\Local\Temp\VUE3AAA.tmpbinary
MD5:8BA0900A274AF0237D8583D778627944
SHA256:C0548423C7F9C64230D4838499E9EA1E559253E89A3361629DA181BD473CFBC3
3964vuescan.exeC:\Users\admin\AppData\Local\Temp\VueScan\scadrv60.catbinary
MD5:8BA0900A274AF0237D8583D778627944
SHA256:C0548423C7F9C64230D4838499E9EA1E559253E89A3361629DA181BD473CFBC3
4036PnPutil.exeC:\Users\admin\AppData\Local\Temp\{6770d220-cf06-7367-f9f1-0c70d39c1d37}\SET4287.tmpbinary
MD5:E038B607E4D2883044DCB39A4D2C8B45
SHA256:83D5BD102028DF7D85019246D824D54CE4E66F058F72AB36CCB63428D50A197C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
100
DNS requests
93
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3964
vuescan.exe
GET
200
13.227.219.128:80
http://static.hamrick.com/feedback_v1.txt
unknown
text
38 b
unknown
3964
vuescan.exe
GET
200
13.227.219.128:80
http://static.hamrick.com/vuescan_version.txt
unknown
text
6 b
unknown
3964
vuescan.exe
GET
200
167.172.25.29:80
http://stats.hamrick.com/v1/submit?EventName=Install&InstallTime=1702244827&VueScanVersion=VueScan%209%20x32%20(9.7.90)&UserID=8a9679ce-2b26-4112-a5db-e39093583628&SessionID=84b4b46c-6265-479f-af0f-e22657b39016&EventTime=1702244828&Platform=Windows&Registered=No
unknown
text
3 b
unknown
3964
vuescan.exe
GET
200
104.131.17.148:80
http://www.hamrick.com/cgi-bin/validate.cgi?email=inet@hamrick.com&SerialNumber=12345
unknown
text
19 b
unknown
3964
vuescan.exe
GET
200
167.172.25.29:80
http://stats.hamrick.com/v1/submit?EventName=Startup&InstallTime=1702244827&VueScanVersion=VueScan%209%20x32%20(9.7.90)&UserID=8a9679ce-2b26-4112-a5db-e39093583628&SessionID=84b4b46c-6265-479f-af0f-e22657b39016&EventTime=1702244846&Edition=Unregistered&Platform=Windows&PlatformVersion=6.1&PlatformBuild=7601&PlatformArch=x32&NumberOfCPUs=4&DefaultLanguage=en&CurrentLanguage=en
unknown
text
3 b
unknown
3964
vuescan.exe
GET
200
167.172.25.29:80
http://stats.hamrick.com/v1/submit?EventName=Event&InstallTime=1702244827&VueScanVersion=VueScan%209%20x32%20(9.7.90)&UserID=8a9679ce-2b26-4112-a5db-e39093583628&SessionID=84b4b46c-6265-479f-af0f-e22657b39016&EventTime=1702244852&UserInterface=0&Menu=Help%20%7C%20About
unknown
text
3 b
unknown
3964
vuescan.exe
GET
200
167.172.25.29:80
http://stats.hamrick.com/v1/submit?EventName=Event&InstallTime=1702244827&VueScanVersion=VueScan%209%20x32%20(9.7.90)&UserID=8a9679ce-2b26-4112-a5db-e39093583628&SessionID=84b4b46c-6265-479f-af0f-e22657b39016&EventTime=1702244853&UserInterface=0&Menu=Help%20%7C%20Tips
unknown
text
3 b
unknown
3964
vuescan.exe
GET
200
167.172.25.29:80
http://stats.hamrick.com/v1/submit?EventName=Event&InstallTime=1702244827&VueScanVersion=VueScan%209%20x32%20(9.7.90)&UserID=8a9679ce-2b26-4112-a5db-e39093583628&SessionID=84b4b46c-6265-479f-af0f-e22657b39016&EventTime=1702244852&UserInterface=0&Menu=Help%20%7C%20Update
unknown
text
3 b
unknown
2168
vuescan.exe
GET
200
13.227.219.128:80
http://static.hamrick.com/vuescan_version.txt
unknown
text
6 b
unknown
2168
vuescan.exe
GET
200
13.227.219.128:80
http://static.hamrick.com/feedback_v1.txt
unknown
text
38 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3964
vuescan.exe
13.227.219.128:80
static.hamrick.com
AMAZON-02
US
unknown
3964
vuescan.exe
167.172.25.29:80
stats.hamrick.com
DIGITALOCEAN-ASN
US
unknown
3964
vuescan.exe
104.131.17.148:80
www.hamrick.com
DIGITALOCEAN-ASN
US
unknown
224.0.0.1:8612
unknown
3964
vuescan.exe
224.0.0.251:5353
unknown
2960
msedge.exe
104.131.17.148:443
www.hamrick.com
DIGITALOCEAN-ASN
US
unknown

DNS requests

Domain
IP
Reputation
static.hamrick.com
  • 13.227.219.128
  • 13.227.219.22
  • 13.227.219.15
  • 13.227.219.66
whitelisted
www.hamrick.com
  • 104.131.17.148
unknown
stats.hamrick.com
  • 167.172.25.29
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.105.95.163
  • 20.103.180.120
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.103.180.120
whitelisted
www.googletagmanager.com
  • 142.250.181.232
whitelisted
tag.perfectaudience.com
  • 151.101.2.217
  • 151.101.66.217
  • 151.101.130.217
  • 151.101.194.217
whitelisted
region1.google-analytics.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted

Threats

Found threats are available for the paid subscriptions
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mdx-VueScan_Pro_9.7.90.rar