File name:

AcWinRT.ps1

Full analysis: https://app.any.run/tasks/522512f4-c7a4-44d8-9f41-52c994646d22
Verdict: Malicious activity
Analysis date: October 21, 2024, 11:26:01
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (65527), with CRLF line terminators
MD5:

764C43128170E2762E2B5B8D5FB89800

SHA1:

31E232F33AC925B25B26989E0D41667503ED8E65

SHA256:

2EC59B8763ADC00F41E18D05C25B425BD212AE788CC00EDA99E9C0CEC5FC2D1E

SSDEEP:

24576:5tfWNyLYWbuoq4Ow0lrS1znNnKJeQmRzYAFU8bhqgnTKdrrwBRjJgQHaJs2h61I4:5AN09aS1zNaqUldYBVJmJtFRspsXEhX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 5172)
      • powershell.exe (PID: 4436)
      • powershell.exe (PID: 1784)
      • powershell.exe (PID: 1568)
      • powershell.exe (PID: 5444)
      • powershell.exe (PID: 7856)
      • powershell.exe (PID: 6244)
      • powershell.exe (PID: 7952)
      • powershell.exe (PID: 4548)
      • powershell.exe (PID: 7964)
      • powershell.exe (PID: 8064)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 4436)
      • powershell.exe (PID: 5444)
      • powershell.exe (PID: 1568)
      • powershell.exe (PID: 7964)
      • powershell.exe (PID: 7952)
      • powershell.exe (PID: 6244)
      • powershell.exe (PID: 8064)
      • powershell.exe (PID: 7856)
      • powershell.exe (PID: 4548)

    • Changes powershell execution policy (Bypass)

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Deletes shadow copies

      • powershell.exe (PID: 7952)

  • SUSPICIOUS

    • The process executes Powershell scripts

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Uses REG/REGEDIT.EXE to modify registry

      • powershell.exe (PID: 5172)
      • powershell.exe (PID: 5444)

    • Starts POWERSHELL.EXE for commands execution

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 5172)

    • Uses ICACLS.EXE to modify access control lists

      • powershell.exe (PID: 1568)

    • The process hide an interactive prompt from the user

      • powershell.exe (PID: 1784)

    • The process bypasses the loading of PowerShell profile settings

      • powershell.exe (PID: 1784)

    • Application launched itself

      • powershell.exe (PID: 1784)

    • Likely accesses (executes) a file from the Public directory

      • icacls.exe (PID: 7188)
      • icacls.exe (PID: 7948)

  • INFO

    • UPX packer has been detected

      • AcWinRT.exe (PID: 6132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 050
Monitored processes
178
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start powershell.exe conhost.exe no specs reg.exe no specs reg.exe no specs THREAT acwinrt.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs wmic.exe no specs powershell.exe no specs conhost.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5172"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass C:\Users\admin\Desktop\AcWinRT.ps1C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2432\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2928"C:\WINDOWS\system32\reg.exe" add hkcr\.CHORTLocker\DefaultIcon /ve /d c:\Programdata\icon.ico /fC:\Windows\System32\reg.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1884"C:\WINDOWS\system32\reg.exe" add hklm\SOFTWARE\Classes\.CHORTLocker\DefaultIcon /ve /d c:\Programdata\icon.ico /fC:\Windows\System32\reg.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
6132"C:\Programdata\AcWinRT.exe" e9b40486fe5358ba3dfb8e9d3e06fa63 C:\ProgramData\AcWinRT.exe
powershell.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\programdata\acwinrt.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5956\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeAcWinRT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1784powershell -exec bypass -file c:\programdata\APP01.ps1C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAcWinRT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
5444"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -noninteractive -noprofile -file c:\programdata\APP001.ps1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
1744\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1568"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -noninteractive -noprofile -file c:\programdata\APP002.ps1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
Total events
54 682
Read events
54 682
Write events
0
Delete events
0

Modification events

No data
Executable files
22
Suspicious files
3 077
Text files
638
Unknown types
4

Dropped files

PID
Process
Filename
Type
1784powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_kwojsmhr.dxn.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1784powershell.exeC:\ProgramData\APP007.ps1text
MD5:8CDB7E3A2B548CA0AF2C4AB19634F20A
SHA256:256D063436FF8DC88EA21682C6B19EB9CD0EB1FC79A63DCF66B6F6FABEEFF996
1784powershell.exeC:\ProgramData\APP001.ps1text
MD5:6F03D204ECBEF764F94134A0C16580C8
SHA256:8A22063B69F23F5FBAD3668730E85724EC4DC323790547D2DB4BA06B6A5F8BD0
5172powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_ovmok4bp.py5.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1784powershell.exeC:\ProgramData\APP003.ps1text
MD5:EF294EAF64B42211EB38785843B653C6
SHA256:0CA42096321BE68DEB96680EF4B13332066C74C4FD0B4D394A5770DA7C6A0D30
1784powershell.exeC:\ProgramData\APP005.ps1text
MD5:17018703B44CC9C30953432D0889E681
SHA256:C9DBB10B14F69A0C7E345A575C7352CB714C460A26043C55572A46BFA9F313EB
1784powershell.exeC:\ProgramData\APP009.ps1text
MD5:22D1BBCD47C1A6E23A688B751B0A7540
SHA256:7AEF3973158DFADD53ED24B29A243E38FA2A12F15A437E58474CB17D60F3DAA6
1784powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_tje5kvmg.51g.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1784powershell.exeC:\ProgramData\APP004.ps1text
MD5:176F2A1FEE1A3E303A151213EE45D539
SHA256:4474E7659A55601F123108403D4EBA63D4A711F02ABDC3A0A21BFA13760A4149
5172powershell.exeC:\ProgramData\icon.icoimage
MD5:51A4696865C6E6818EA4404F45A4639C
SHA256:36C84C4D00651D44857F7D8429365B7884821935382C39030934C893D37CE963
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
80
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8124
SIHClient.exe
GET
200
23.212.193.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8124
SIHClient.exe
GET
200
23.212.193.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
23.33.209.121:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5824
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4360
SearchApp.exe
2.16.110.120:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.33.209.121:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5824
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5824
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 51.104.136.2
whitelisted
www.bing.com
  • 2.16.110.120
  • 2.16.110.195
  • 2.16.110.123
  • 2.16.110.193
  • 2.16.110.187
  • 2.16.110.202
  • 2.16.110.192
  • 2.16.110.203
  • 2.16.110.200
  • 2.16.101.98
  • 2.16.101.88
  • 2.16.101.106
  • 2.16.101.120
  • 2.16.101.97
  • 2.16.101.115
  • 2.16.101.91
  • 2.16.101.89
  • 2.16.101.99
  • 2.22.50.227
  • 2.22.50.217
  • 2.23.209.168
  • 2.23.209.156
  • 2.23.209.154
  • 2.23.209.162
  • 2.23.209.153
  • 2.23.209.171
  • 2.23.209.158
  • 2.23.209.160
  • 2.23.209.166
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.microsoft.com
  • 23.33.209.121
  • 23.212.193.218
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.68
  • 20.190.159.2
  • 20.190.159.0
  • 20.190.159.73
  • 20.190.159.4
  • 40.126.31.69
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 2.16.110.122
  • 2.16.110.136
  • 2.16.110.138
  • 2.16.110.131
  • 2.16.110.128
  • 2.16.110.139
  • 2.16.110.120
  • 2.16.110.123
  • 2.16.110.203
  • 2.23.209.150
  • 2.23.209.168
  • 2.23.209.180
  • 2.23.209.175
  • 2.23.209.166
  • 2.23.209.158
  • 2.23.209.153
  • 2.23.209.171
  • 2.23.209.176
whitelisted
go.microsoft.com
  • 84.53.189.169
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
AcWinRT.ps1