analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

AcWinRT.ps1

Full analysis: https://app.any.run/tasks/522512f4-c7a4-44d8-9f41-52c994646d22
Verdict: Malicious activity
Analysis date: October 21, 2024, 11:26:01
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (65527), with CRLF line terminators
MD5:

764C43128170E2762E2B5B8D5FB89800

SHA1:

31E232F33AC925B25B26989E0D41667503ED8E65

SHA256:

2EC59B8763ADC00F41E18D05C25B425BD212AE788CC00EDA99E9C0CEC5FC2D1E

SSDEEP:

24576:5tfWNyLYWbuoq4Ow0lrS1znNnKJeQmRzYAFU8bhqgnTKdrrwBRjJgQHaJs2h61I4:5AN09aS1zNaqUldYBVJmJtFRspsXEhX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes powershell execution policy (Bypass)

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 1784)
      • powershell.exe (PID: 5172)
      • powershell.exe (PID: 1568)
      • powershell.exe (PID: 5444)
      • powershell.exe (PID: 4436)
      • powershell.exe (PID: 7952)
      • powershell.exe (PID: 4548)
      • powershell.exe (PID: 8064)
      • powershell.exe (PID: 7964)
      • powershell.exe (PID: 7856)
      • powershell.exe (PID: 6244)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 4436)
      • powershell.exe (PID: 5444)
      • powershell.exe (PID: 1568)
      • powershell.exe (PID: 7964)
      • powershell.exe (PID: 7952)
      • powershell.exe (PID: 4548)
      • powershell.exe (PID: 8064)
      • powershell.exe (PID: 7856)
      • powershell.exe (PID: 6244)

    • Deletes shadow copies

      • powershell.exe (PID: 7952)

  • SUSPICIOUS

    • Uses REG/REGEDIT.EXE to modify registry

      • powershell.exe (PID: 5172)
      • powershell.exe (PID: 5444)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 5172)

    • The process executes Powershell scripts

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Starts POWERSHELL.EXE for commands execution

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • The process bypasses the loading of PowerShell profile settings

      • powershell.exe (PID: 1784)

    • The process hide an interactive prompt from the user

      • powershell.exe (PID: 1784)

    • Uses ICACLS.EXE to modify access control lists

      • powershell.exe (PID: 1568)

    • Application launched itself

      • powershell.exe (PID: 1784)

    • Likely accesses (executes) a file from the Public directory

      • icacls.exe (PID: 7188)
      • icacls.exe (PID: 7948)

  • INFO

    • UPX packer has been detected

      • AcWinRT.exe (PID: 6132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 050
Monitored processes
178
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start powershell.exe conhost.exe no specs reg.exe no specs reg.exe no specs THREAT acwinrt.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs wmic.exe no specs powershell.exe no specs conhost.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5172"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass C:\Users\admin\Desktop\AcWinRT.ps1C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2432\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2928"C:\WINDOWS\system32\reg.exe" add hkcr\.CHORTLocker\DefaultIcon /ve /d c:\Programdata\icon.ico /fC:\Windows\System32\reg.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1884"C:\WINDOWS\system32\reg.exe" add hklm\SOFTWARE\Classes\.CHORTLocker\DefaultIcon /ve /d c:\Programdata\icon.ico /fC:\Windows\System32\reg.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
6132"C:\Programdata\AcWinRT.exe" e9b40486fe5358ba3dfb8e9d3e06fa63 C:\ProgramData\AcWinRT.exe
powershell.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\programdata\acwinrt.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5956\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeAcWinRT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1784powershell -exec bypass -file c:\programdata\APP01.ps1C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAcWinRT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
5444"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -noninteractive -noprofile -file c:\programdata\APP001.ps1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
1744\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1568"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -noninteractive -noprofile -file c:\programdata\APP002.ps1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
Total events
54 682
Read events
54 682
Write events
0
Delete events
0

Modification events

No data
Executable files
22
Suspicious files
3 077
Text files
638
Unknown types
4

Dropped files

PID
Process
Filename
Type
5172powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_ovmok4bp.py5.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1784powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_tje5kvmg.51g.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5172powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8GMXIBXRRP4V56PBCJ1W.tempbinary
MD5:D508027BBFB52411F964A8D7B1F746E5
SHA256:12F88BCA03661227E1A9EE57659C3F989414D4FD31D4FCDABDAA3231D81602C3
1784powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_kwojsmhr.dxn.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5172powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msbinary
MD5:D508027BBFB52411F964A8D7B1F746E5
SHA256:12F88BCA03661227E1A9EE57659C3F989414D4FD31D4FCDABDAA3231D81602C3
1784powershell.exeC:\ProgramData\APP007.ps1text
MD5:8CDB7E3A2B548CA0AF2C4AB19634F20A
SHA256:256D063436FF8DC88EA21682C6B19EB9CD0EB1FC79A63DCF66B6F6FABEEFF996
6132AcWinRT.exeC:\ProgramData\APP01.ps1text
MD5:A5F8678EE153269F935C0122467B4F60
SHA256:4E06431085633A902C835F1033A7C073930835A9BA0A495770591BBF3C2AA621
5172powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_awtkqazp.5au.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1784powershell.exeC:\ProgramData\APP008.ps1text
MD5:BEA26B28614C5D3740911E5960C52376
SHA256:220609F59B54B45F1A8BB6CE5F651EBFDC199D9E9E363783748A2A0632966231
1784powershell.exeC:\ProgramData\APP009.ps1text
MD5:22D1BBCD47C1A6E23A688B751B0A7540
SHA256:7AEF3973158DFADD53ED24B29A243E38FA2A12F15A437E58474CB17D60F3DAA6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
80
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8124
SIHClient.exe
GET
200
23.212.193.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
8124
SIHClient.exe
GET
200
23.212.193.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
5824
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
GET
200
23.33.209.121:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4360
SearchApp.exe
2.16.110.120:443
www.bing.com
Akamai International B.V.
DE
unknown
5488
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
23.33.209.121:80
www.microsoft.com
AKAMAI-AS
US
unknown
4
System
192.168.100.255:138
whitelisted
5824
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5824
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 51.104.136.2
whitelisted
www.bing.com
  • 2.16.110.120
  • 2.16.110.195
  • 2.16.110.123
  • 2.16.110.193
  • 2.16.110.187
  • 2.16.110.202
  • 2.16.110.192
  • 2.16.110.203
  • 2.16.110.200
  • 2.16.101.98
  • 2.16.101.88
  • 2.16.101.106
  • 2.16.101.120
  • 2.16.101.97
  • 2.16.101.115
  • 2.16.101.91
  • 2.16.101.89
  • 2.16.101.99
  • 2.22.50.227
  • 2.22.50.217
  • 2.23.209.168
  • 2.23.209.156
  • 2.23.209.154
  • 2.23.209.162
  • 2.23.209.153
  • 2.23.209.171
  • 2.23.209.158
  • 2.23.209.160
  • 2.23.209.166
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.microsoft.com
  • 23.33.209.121
  • 23.212.193.218
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.68
  • 20.190.159.2
  • 20.190.159.0
  • 20.190.159.73
  • 20.190.159.4
  • 40.126.31.69
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 2.16.110.122
  • 2.16.110.136
  • 2.16.110.138
  • 2.16.110.131
  • 2.16.110.128
  • 2.16.110.139
  • 2.16.110.120
  • 2.16.110.123
  • 2.16.110.203
  • 2.23.209.150
  • 2.23.209.168
  • 2.23.209.180
  • 2.23.209.175
  • 2.23.209.166
  • 2.23.209.158
  • 2.23.209.153
  • 2.23.209.171
  • 2.23.209.176
whitelisted
go.microsoft.com
  • 84.53.189.169
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
AcWinRT.ps1