File name:

11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887

Full analysis: https://app.any.run/tasks/50ad53f2-f4d0-496d-b273-79f6947b17d3
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: December 28, 2024, 20:07:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
virlock
ransomware
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

C2C5B5E6B5C89C906D5761AB635BCE2D

SHA1:

3D906AA66808463F83E62866167FD8AFC22F44FE

SHA256:

11FD1D0A66085D6E45C7B989A183E50189FBC0F6FFE53361F0761781EB0AB887

SSDEEP:

49152:xzzo5HcpaTlmF5C2fk1hkZIQ8oxhBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB8IKy2e:R058kUrDkXEIQ8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • VIRLOCK mutex has been found

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • AuwkAYAk.exe (PID: 6592)

    • Changes the login/logoff helper path in the registry

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)

    • Changes the autorun value in the registry

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • AuwkAYAk.exe (PID: 6592)

    • Modifies files in the Chrome extension folder

      • AuwkAYAk.exe (PID: 6592)

    • Actions looks like stealing of personal data

      • AuwkAYAk.exe (PID: 6592)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)

    • Executable content was dropped or overwritten

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • AuwkAYAk.exe (PID: 6592)

    • Uses REG/REGEDIT.EXE to modify registry

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)

    • Mutex name with non-standard characters

      • AuwkAYAk.exe (PID: 6592)

  • INFO

    • Creates files in the program directory

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • AuwkAYAk.exe (PID: 6592)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • AuwkAYAk.exe (PID: 6592)

    • Checks supported languages

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • VMoMEAUk.exe (PID: 6576)
      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6640)
      • AuwkAYAk.exe (PID: 6592)
      • VMoMEAUk.exe (PID: 6884)
      • VMoMEAUk.exe (PID: 7024)

    • Reads the computer name

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • AuwkAYAk.exe (PID: 6592)

    • Create files in a temporary directory

      • 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe (PID: 6240)
      • AuwkAYAk.exe (PID: 6592)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • AuwkAYAk.exe (PID: 6592)

    • Creates files or folders in the user directory

      • AuwkAYAk.exe (PID: 6592)

    • Failed to create an executable file in Windows directory

      • AuwkAYAk.exe (PID: 6592)

    • Reads the machine GUID from the registry

      • AuwkAYAk.exe (PID: 6592)

    • Process checks computer location settings

      • AuwkAYAk.exe (PID: 6592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:05:12 17:27:48+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 5.12
CodeSize: 688128
InitializedDataSize: 40028
UninitializedDataSize: -
EntryPoint: 0x1000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #VIRLOCK 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe vmomeauk.exe no specs #VIRLOCK auwkayak.exe cmd.exe no specs conhost.exe no specs 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe no specs reg.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs conhost.exe no specs vmomeauk.exe no specs vmomeauk.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6240"C:\Users\admin\Desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe" C:\Users\admin\Desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6576"C:\Users\admin\CkYEMkkg\VMoMEAUk.exe"C:\Users\admin\CkYEMkkg\VMoMEAUk.exe11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\ckyemkkg\vmomeauk.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6592"C:\ProgramData\diwAkMYc\AuwkAYAk.exe"C:\ProgramData\diwAkMYc\AuwkAYAk.exe
11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\programdata\diwakmyc\auwkayak.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6600C:\WINDOWS\system32\cmd.exe /c "C:\Users\admin\Desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887"C:\Windows\SysWOW64\cmd.exe11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6608\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6640C:\Users\admin\Desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887C:\Users\admin\Desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.execmd.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6656reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1C:\Windows\SysWOW64\reg.exe11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6664reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2C:\Windows\SysWOW64\reg.exe11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6672\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6680reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /fC:\Windows\SysWOW64\reg.exe11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
1 270
Read events
1 266
Write events
4
Delete events
0

Modification events

(PID) Process:(6240) 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:VMoMEAUk.exe
Value:
C:\Users\admin\CkYEMkkg\VMoMEAUk.exe
(PID) Process:(6240) 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:AuwkAYAk.exe
Value:
C:\ProgramData\diwAkMYc\AuwkAYAk.exe
(PID) Process:(6240) 11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Operation:writeName:Userinit
Value:
C:\Windows\system32\userinit.exe,C:\ProgramData\diwAkMYc\AuwkAYAk.exe,
(PID) Process:(6592) AuwkAYAk.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:AuwkAYAk.exe
Value:
C:\ProgramData\diwAkMYc\AuwkAYAk.exe
Executable files
161
Suspicious files
12
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
624011fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeC:\ProgramData\diwAkMYc\AuwkAYAk.exeexecutable
MD5:509E5A5A22798F679C3233E902C962FF
SHA256:114A018EDCF3C05A7C69CE476CAC18FA545A9B0C8132CCB10886C88D33176FDA
6592AuwkAYAk.exeC:\Users\admin\CkYEMkkg\wcYI.exeexecutable
MD5:E5CAD7A2A8A107B244DEE469FF0C354D
SHA256:2FF095666C6394D0C954119D52D99BC65BABE2DDC50EC1E24CEAC7D573DA3A41
624011fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeC:\Users\admin\CkYEMkkg\VMoMEAUk.exeexecutable
MD5:66085C80A5883374259C1AB3FEDCFA44
SHA256:838BBF6BD2640F3B750865230C240208A2816E73CD14423D7099FEA3CF03BD75
6592AuwkAYAk.exeC:\ProgramData\Adobe\ARM\S\388\AdobeARMHelper.exeexecutable
MD5:DDC23CBDEE0100F7CD7B3BECDDB031FF
SHA256:5993DED411681BF0067DE10D59187E36B9731020D42DEBD0D6C9BB0CBDE4BD11
624011fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeC:\ProgramData\KwcQAIMs\rQwgoMok.exeexecutable
MD5:C0DA37AAF3EBCD62BFE1DC28D933B875
SHA256:9B89F02F332953152789F0273DA11DFF0A032ABE3715D6D4DE10DF9A0CED14BC
6592AuwkAYAk.exeC:\Users\admin\CkYEMkkg\zcUw.exeexecutable
MD5:E21DDE3A0746C513C8DCC5132C4B819A
SHA256:DB2B70D208394FC168833E976E96A0C44DAC336FE50EA88C72108C98A8129FF7
6592AuwkAYAk.exeC:\Users\admin\CkYEMkkg\lskG.exeexecutable
MD5:D3514D0A80D63128FD8B183FA6BAF769
SHA256:20E9A70662D7AF9663B570854B0C84941B85C6D59F538EE44F0FDA4835BFAA4C
6592AuwkAYAk.exeC:\Users\admin\CkYEMkkg\MUgE.exeexecutable
MD5:BC6527B763E181C9CAEF5B30F43972F0
SHA256:B2977A43188463EBD68573BBF1AD6401A34162DDCBD31E89543DC1587312E566
6592AuwkAYAk.exeC:\Users\admin\CkYEMkkg\jcgC.exeexecutable
MD5:2EF12F0B7BF321CA49E07B4BDA6976B9
SHA256:99B95117E8F01A8370945337CA27976DF85BC000B2600750E350142C4EED4934
624011fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887.exeC:\Users\admin\AppData\Local\Temp\JOAgMMUE.battext
MD5:92DDFED011511A3EE8DA905E93DE07D3
SHA256:E7EE1B256F001D506A9D3E411B089BA8492A03C57FD1208854E6CE351A7F7059
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
37
DNS requests
9
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2356
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2356
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6592
AuwkAYAk.exe
GET
142.250.185.174:80
http://142.250.185.174:80/
unknown
whitelisted
6592
AuwkAYAk.exe
GET
142.250.185.174:80
http://142.250.185.174:80/
unknown
whitelisted
6592
AuwkAYAk.exe
GET
142.250.185.174:80
http://142.250.185.174:80/
unknown
whitelisted
6592
AuwkAYAk.exe
GET
200
142.250.185.174:80
http://142.250.185.174:80/
unknown
malicious
6592
AuwkAYAk.exe
GET
200
142.250.185.174:80
http://142.250.185.174:80/
unknown
malicious
6592
AuwkAYAk.exe
GET
301
142.250.185.174:80
http://google.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2356
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2356
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
2356
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
api.bitcoincharts.com
  • 144.76.195.253
whitelisted
maps.google.com
  • 142.250.185.206
whitelisted
self.events.data.microsoft.com
  • 52.168.112.67
whitelisted

Threats

PID
Process
Class
Message
6592
AuwkAYAk.exe
Generic Protocol Command Decode
SURICATA HTTP missing Host header
6592
AuwkAYAk.exe
Generic Protocol Command Decode
SURICATA HTTP missing Host header
6592
AuwkAYAk.exe
Generic Protocol Command Decode
SURICATA HTTP missing Host header
6592
AuwkAYAk.exe
Generic Protocol Command Decode
SURICATA HTTP missing Host header
6592
AuwkAYAk.exe
Generic Protocol Command Decode
SURICATA HTTP missing Host header
6592
AuwkAYAk.exe
A Network Trojan was detected
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
11fd1d0a66085d6e45c7b989a183e50189fbc0f6ffe53361f0761781eb0ab887