File name:

aii.600581001.exe

Full analysis: https://app.any.run/tasks/9d2b684f-fc6f-4a86-97f0-a0322d66189d
Verdict: Malicious activity
Analysis date: July 06, 2025, 04:45:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-sch
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

EE1270F123B91B69F21228BD546B6D62

SHA1:

7B77A81A2B6FBDDA69CC0352BFF0D4B6C2B1ADBA

SHA256:

018D886CD5A2926334827645867D8459F376C905699AF9B3B639C204E5AF6C1A

SSDEEP:

98304:kbiKZ1JB+3xKhoIwOqR3fdrWzTytrx9ZbWHBWQKwrp0Bxa1207Qf4oWXLZLJSa7W:OAwpRKBupFX+saSs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • aii.600581001.exe (PID: 2128)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 4816)
      • cmd.exe (PID: 2704)
      • cmd.exe (PID: 6140)
      • cmd.exe (PID: 1136)
      • cmd.exe (PID: 2680)

    • Modifies exclusions in Windows Defender

      • reg.exe (PID: 1880)
      • reg.exe (PID: 4788)
      • reg.exe (PID: 2348)
      • reg.exe (PID: 3872)
      • reg.exe (PID: 3396)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • The process executes via Task Scheduler

      • X3wDgt.exe (PID: 1204)
      • X3wDgt.exe (PID: 2388)
      • cmd.exe (PID: 4808)
      • cmd.exe (PID: 3572)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 5616)
      • cmd.exe (PID: 2280)

    • Creates files in the driver directory

      • aii.600581001.exe (PID: 7044)

    • Executable content was dropped or overwritten

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Drops a system driver (possible attempt to evade defenses)

      • aii.600581001.exe (PID: 7044)

    • Reads the date of Windows installation

      • X3wDgt.exe (PID: 2388)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 7064)
      • schtasks.exe (PID: 5104)
      • schtasks.exe (PID: 3476)
      • schtasks.exe (PID: 3488)
      • schtasks.exe (PID: 4104)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4808)
      • cmd.exe (PID: 3572)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 5616)
      • cmd.exe (PID: 2280)

    • Found strings related to reading or modifying Windows Defender settings

      • X3wDgt.exe (PID: 2388)

    • Starts CMD.EXE for commands execution

      • X3wDgt.exe (PID: 2388)

  • INFO

    • Checks supported languages

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 1204)
      • X3wDgt.exe (PID: 2388)

    • Creates files or folders in the user directory

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Reads the computer name

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Reads the machine GUID from the registry

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Checks proxy server information

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)
      • slui.exe (PID: 1984)

    • The sample compiled with english language support

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)

    • Reads the software policy settings

      • aii.600581001.exe (PID: 7044)
      • X3wDgt.exe (PID: 2388)
      • slui.exe (PID: 1984)

    • Launching a file from Task Scheduler

      • cmd.exe (PID: 2704)
      • cmd.exe (PID: 6140)
      • cmd.exe (PID: 4816)
      • cmd.exe (PID: 2680)
      • cmd.exe (PID: 1136)

    • Process checks computer location settings

      • X3wDgt.exe (PID: 2388)

    • Manual execution by a user

      • cmd.exe (PID: 2032)

    • Creates files in the program directory

      • X3wDgt.exe (PID: 2388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (91.4)
.exe | Generic Win/DOS Executable (4.2)
.exe | DOS Executable Generic (4.2)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:04:15 07:14:35+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware
PEType: PE32+
LinkerVersion: 11
CodeSize: 57344
InitializedDataSize: 163840
UninitializedDataSize: -
EntryPoint: 0x70b4
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
47
Malicious processes
1
Suspicious processes
12

Behavior graph

Click at the process to see the details
start aii.600581001.exe slui.exe x3wdgt.exe no specs x3wdgt.exe cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs aii.600581001.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
480\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1136"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FC:\Windows\System32\cmd.exeX3wDgt.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1204"C:\Users\admin\Documents\X3wDgt.exe"C:\Users\admin\Documents\X3wDgt.exesvchost.exe
User:
admin
Company:
Thales
Integrity Level:
HIGH
Description:
eToken readers management tool
Exit code:
0
Version:
10,9,3283,0
Modules
Images
c:\users\admin\documents\x3wdgt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1328SCHTASKS /Run /TN "Task1" C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1564\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1800SCHTASKS /Run /TN "Task1" C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1880reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\admin\Documents" /t REG_DWORD /d 0 /fC:\Windows\System32\reg.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1932SCHTASKS /Run /TN "Task1" C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1984C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2032cmd.exeC:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
Total events
11 762
Read events
11 750
Write events
12
Delete events
0

Modification events

(PID) Process:(7044) aii.600581001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7044) aii.600581001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7044) aii.600581001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7044) aii.600581001.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\JDBCC
Operation:writeName:data
Value:
6767517553326237414F335836424270316870686164485949474B6B786F47452A2F26FEA69311D145DEFEFE929F9F908490D09C8D96FEFECDDDFEFECFCEC7D0C6C6FEFE
(PID) Process:(1880) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\Users\admin\Documents
Value:
0
(PID) Process:(4788) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\ProgramData
Value:
0
(PID) Process:(2348) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\Users
Value:
0
(PID) Process:(3872) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\Program Files (x86)
Value:
0
(PID) Process:(2388) X3wDgt.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2388) X3wDgt.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
5
Suspicious files
5
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
7044aii.600581001.exe\Device\Mup:\localhost\pipe\atsvc
MD5:
SHA256:
2388X3wDgt.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\FOM-51[1].jpg
MD5:
SHA256:
7044aii.600581001.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\a[1].gifimage
MD5:7AF26B296715B679817DB8F2BC81CF61
SHA256:EC5AAFAE259A514340C65BD581E5C5D14CC7CA56E639223A7FC871AC12257928
7044aii.600581001.exeC:\Users\admin\Documents\eToken.dllexecutable
MD5:6AE9D616340302CDC6D7281B4ACD9751
SHA256:5764279F978F0A1200993ECD0C5927B77D1657F0A7FFB5665A8D2EB6A28E6974
7044aii.600581001.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\b[1].gifimage
MD5:13E05500C7D6372C50091A56CB1EB698
SHA256:3C6D987704BE11CE13F2EA7D56F9C3A6247C4F2718FD6DCD3389803A4B175845
7044aii.600581001.exeC:\Users\admin\Documents\perfi.dbbinary
MD5:D5533F499FBA4458AD5339A0DFBC5458
SHA256:8219609D48456BABF9F5A3E1974B4DB5463DD240383D87E4233605DDDCDA8E02
7044aii.600581001.exeC:\Users\admin\Documents\cache.datimage
MD5:2BC2D7728A4E61768F2AF334B82CCE91
SHA256:765094BC41E9FF862E52FAFAE0518E7E965F36FB0219D20D620A764F241D8CD8
7044aii.600581001.exeC:\Windows\SysWOW64\drivers\189atohci.sysexecutable
MD5:4A44BBA4378EF9D7639E287576383E6B
SHA256:3547CED5ABA570748D3AFC0B1C50D4303DA5A7310BB184ACFFDC0E4A2A6DF2D0
7044aii.600581001.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\s[1].datbinary
MD5:73AB8EA90A1C6F615E31D91F29703A35
SHA256:54E1C3EAFE57E68153C41F8E78A2BD959DCCC8A40C9CD4484E27D10E399418D3
2388X3wDgt.exeC:\Users\Public\Music\destopbak.inibinary
MD5:55A54008AD1BA589AA210D2629C1DF41
SHA256:4BF5122F344554C53BDE2EBB8CD2B7E3D1600AD631C385A5D7CCE23C7785459A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
23
DNS requests
10
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
GET
200
112.74.1.157:443
https://shi5ce.oss-cn-shenzhen.aliyuncs.com/a.gif
unknown
GET
200
112.74.1.157:443
https://shi5ce.oss-cn-shenzhen.aliyuncs.com/tad
unknown
binary
512 b
GET
200
112.74.1.157:443
https://shi5ce.oss-cn-shenzhen.aliyuncs.com/c.gif
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
5944
MoUsoCoreWorker.exe
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5944
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5808
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 2.20.245.139
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
shi5ce.oss-cn-shenzhen.aliyuncs.com
  • 112.74.1.157
unknown
nm25.oss-cn-hangzhou.aliyuncs.com
  • 118.178.60.98
unknown
x1.c.lencr.org
  • 2.23.197.184
whitelisted
self.events.data.microsoft.com
  • 51.105.71.137
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
7044
aii.600581001.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
2388
X3wDgt.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2388
X3wDgt.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
aii.600581001.exe