File name:

AcWinRT.ps1

Full analysis: https://app.any.run/tasks/522512f4-c7a4-44d8-9f41-52c994646d22
Verdict: Malicious activity
Analysis date: October 21, 2024, 11:26:01
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (65527), with CRLF line terminators
MD5:

764C43128170E2762E2B5B8D5FB89800

SHA1:

31E232F33AC925B25B26989E0D41667503ED8E65

SHA256:

2EC59B8763ADC00F41E18D05C25B425BD212AE788CC00EDA99E9C0CEC5FC2D1E

SSDEEP:

24576:5tfWNyLYWbuoq4Ow0lrS1znNnKJeQmRzYAFU8bhqgnTKdrrwBRjJgQHaJs2h61I4:5AN09aS1zNaqUldYBVJmJtFRspsXEhX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 5444)
      • powershell.exe (PID: 1568)
      • powershell.exe (PID: 4436)
      • powershell.exe (PID: 7856)
      • powershell.exe (PID: 8064)
      • powershell.exe (PID: 7952)
      • powershell.exe (PID: 7964)
      • powershell.exe (PID: 6244)
      • powershell.exe (PID: 4548)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 5444)
      • powershell.exe (PID: 4436)
      • powershell.exe (PID: 1568)
      • powershell.exe (PID: 5172)
      • powershell.exe (PID: 1784)
      • powershell.exe (PID: 7856)
      • powershell.exe (PID: 4548)
      • powershell.exe (PID: 7952)
      • powershell.exe (PID: 8064)
      • powershell.exe (PID: 7964)
      • powershell.exe (PID: 6244)

    • Deletes shadow copies

      • powershell.exe (PID: 7952)

    • Changes powershell execution policy (Bypass)

      • powershell.exe (PID: 1784)
      • AcWinRT.exe (PID: 6132)

  • SUSPICIOUS

    • The process executes Powershell scripts

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Starts POWERSHELL.EXE for commands execution

      • AcWinRT.exe (PID: 6132)
      • powershell.exe (PID: 1784)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 5172)

    • Uses ICACLS.EXE to modify access control lists

      • powershell.exe (PID: 1568)

    • The process bypasses the loading of PowerShell profile settings

      • powershell.exe (PID: 1784)

    • Application launched itself

      • powershell.exe (PID: 1784)

    • The process hide an interactive prompt from the user

      • powershell.exe (PID: 1784)

    • Likely accesses (executes) a file from the Public directory

      • icacls.exe (PID: 7188)
      • icacls.exe (PID: 7948)

    • Uses REG/REGEDIT.EXE to modify registry

      • powershell.exe (PID: 5172)
      • powershell.exe (PID: 5444)

  • INFO

    • UPX packer has been detected

      • AcWinRT.exe (PID: 6132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 050
Monitored processes
178
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start powershell.exe conhost.exe no specs reg.exe no specs reg.exe no specs THREAT acwinrt.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs wmic.exe no specs powershell.exe no specs conhost.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs searchapp.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs reg.exe no specs dism.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5172"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass C:\Users\admin\Desktop\AcWinRT.ps1C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2432\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2928"C:\WINDOWS\system32\reg.exe" add hkcr\.CHORTLocker\DefaultIcon /ve /d c:\Programdata\icon.ico /fC:\Windows\System32\reg.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1884"C:\WINDOWS\system32\reg.exe" add hklm\SOFTWARE\Classes\.CHORTLocker\DefaultIcon /ve /d c:\Programdata\icon.ico /fC:\Windows\System32\reg.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
6132"C:\Programdata\AcWinRT.exe" e9b40486fe5358ba3dfb8e9d3e06fa63 C:\ProgramData\AcWinRT.exe
powershell.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\programdata\acwinrt.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5956\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeAcWinRT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1784powershell -exec bypass -file c:\programdata\APP01.ps1C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAcWinRT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
5444"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -noninteractive -noprofile -file c:\programdata\APP001.ps1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
1744\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1568"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -noninteractive -noprofile -file c:\programdata\APP002.ps1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
Total events
54 682
Read events
54 682
Write events
0
Delete events
0

Modification events

No data
Executable files
22
Suspicious files
3 077
Text files
638
Unknown types
4

Dropped files

PID
Process
Filename
Type
1784powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_kwojsmhr.dxn.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1784powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_tje5kvmg.51g.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5172powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF8c3c6.TMPbinary
MD5:D040F64E9E7A2BB91ABCA5613424598E
SHA256:D04E0A6940609BD6F3B561B0F6027F5CA4E8C5CF0FB0D0874B380A0374A8D670
5172powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_ovmok4bp.py5.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5172powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_awtkqazp.5au.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6132AcWinRT.exeC:\ProgramData\APP01.ps1text
MD5:A5F8678EE153269F935C0122467B4F60
SHA256:4E06431085633A902C835F1033A7C073930835A9BA0A495770591BBF3C2AA621
5172powershell.exeC:\ProgramData\AcWinRT.exeexecutable
MD5:D76F118CC37D5F297F651292ADFA4B93
SHA256:0197970F61EFE6F979C47FD88872CB7D4B6ADE0C417AFD11C398FA9CDF909D7A
1784powershell.exeC:\ProgramData\APP001.ps1text
MD5:6F03D204ECBEF764F94134A0C16580C8
SHA256:8A22063B69F23F5FBAD3668730E85724EC4DC323790547D2DB4BA06B6A5F8BD0
1784powershell.exeC:\ProgramData\APP004.ps1text
MD5:176F2A1FEE1A3E303A151213EE45D539
SHA256:4474E7659A55601F123108403D4EBA63D4A711F02ABDC3A0A21BFA13760A4149
1784powershell.exeC:\ProgramData\APP003.ps1text
MD5:EF294EAF64B42211EB38785843B653C6
SHA256:0CA42096321BE68DEB96680EF4B13332066C74C4FD0B4D394A5770DA7C6A0D30
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
80
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8124
SIHClient.exe
GET
200
23.212.193.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8124
SIHClient.exe
GET
200
23.212.193.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
23.33.209.121:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5824
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4360
SearchApp.exe
2.16.110.120:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.33.209.121:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5824
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5824
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 51.104.136.2
whitelisted
www.bing.com
  • 2.16.110.120
  • 2.16.110.195
  • 2.16.110.123
  • 2.16.110.193
  • 2.16.110.187
  • 2.16.110.202
  • 2.16.110.192
  • 2.16.110.203
  • 2.16.110.200
  • 2.16.101.98
  • 2.16.101.88
  • 2.16.101.106
  • 2.16.101.120
  • 2.16.101.97
  • 2.16.101.115
  • 2.16.101.91
  • 2.16.101.89
  • 2.16.101.99
  • 2.22.50.227
  • 2.22.50.217
  • 2.23.209.168
  • 2.23.209.156
  • 2.23.209.154
  • 2.23.209.162
  • 2.23.209.153
  • 2.23.209.171
  • 2.23.209.158
  • 2.23.209.160
  • 2.23.209.166
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.microsoft.com
  • 23.33.209.121
  • 23.212.193.218
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.68
  • 20.190.159.2
  • 20.190.159.0
  • 20.190.159.73
  • 20.190.159.4
  • 40.126.31.69
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 2.16.110.122
  • 2.16.110.136
  • 2.16.110.138
  • 2.16.110.131
  • 2.16.110.128
  • 2.16.110.139
  • 2.16.110.120
  • 2.16.110.123
  • 2.16.110.203
  • 2.23.209.150
  • 2.23.209.168
  • 2.23.209.180
  • 2.23.209.175
  • 2.23.209.166
  • 2.23.209.158
  • 2.23.209.153
  • 2.23.209.171
  • 2.23.209.176
whitelisted
go.microsoft.com
  • 84.53.189.169
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
AcWinRT.ps1