File name:

MAS_AIO.cmd

Full analysis: https://app.any.run/tasks/93116fdf-be25-42b7-b839-19cbfd21bec5
Verdict: Malicious activity
Analysis date: October 05, 2024, 13:09:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (376), with CRLF line terminators
MD5:

AA378FAB3084F1BBB2BB73F96ACFDB08

SHA1:

8DF42A8E5E50763B55A1C79D2F48F81FB4642C08

SHA256:

39961D29B07D59D54A709AA7B152269ADC6349752660A0C66D627B09DF18B9B6

SSDEEP:

3072:2IpRnkRVRfRWhFdR9RYI29BKRDA5RFowgJmBMZgnnwBRdDR9RpRDCj4lRaR8Z17n:ViIAkiow6C5ozDTsPBUmU0yknEWuD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts SC.EXE for service management

      • cmd.exe (PID: 6912)
      • cmd.exe (PID: 5556)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 6912)
      • cmd.exe (PID: 5732)
      • powershell.exe (PID: 6688)
      • cmd.exe (PID: 5556)
      • cmd.exe (PID: 5280)

    • Application launched itself

      • cmd.exe (PID: 5732)
      • cmd.exe (PID: 6912)
      • cmd.exe (PID: 5556)
      • cmd.exe (PID: 5280)
      • powershell.exe (PID: 6360)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 6912)
      • cmd.exe (PID: 5556)

    • Executing commands from ".cmd" file

      • cmd.exe (PID: 6912)
      • powershell.exe (PID: 6688)
      • cmd.exe (PID: 5556)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 4596)
      • cmd.exe (PID: 5556)
      • cmd.exe (PID: 4524)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 6912)
      • cmd.exe (PID: 5556)
      • cmd.exe (PID: 4596)
      • cmd.exe (PID: 2816)
      • cmd.exe (PID: 1184)
      • powershell.exe (PID: 6360)
      • cmd.exe (PID: 4524)
      • cmd.exe (PID: 6712)

    • Probably obfuscated PowerShell command line is found

      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 4596)
      • cmd.exe (PID: 5556)
      • cmd.exe (PID: 4524)

    • Uses WMIC.EXE to obtain computer system information

      • cmd.exe (PID: 2616)
      • cmd.exe (PID: 5556)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 5556)

    • Hides command output

      • cmd.exe (PID: 6032)
      • cmd.exe (PID: 4056)
      • cmd.exe (PID: 4524)
      • cmd.exe (PID: 2488)
      • cmd.exe (PID: 3116)
      • cmd.exe (PID: 1684)
      • cmd.exe (PID: 4692)
      • cmd.exe (PID: 6712)

    • Uses WMIC.EXE to obtain operating system information

      • cmd.exe (PID: 4056)

    • The process bypasses the loading of PowerShell profile settings

      • powershell.exe (PID: 6360)

    • The process hides Powershell's copyright startup banner

      • powershell.exe (PID: 6360)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 5556)
      • cmd.exe (PID: 4692)

  • INFO

    • Manual execution by a user

      • cmd.exe (PID: 6912)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 6568)

    • Checks operating system version

      • cmd.exe (PID: 6912)
      • cmd.exe (PID: 5556)

    • Starts MODE.COM to configure console settings

      • mode.com (PID: 532)
      • mode.com (PID: 1972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.bib/bibtex/txt | BibTeX references (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
373
Monitored processes
241
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start notepad.exe no specs cmd.exe conhost.exe no specs sc.exe no specs find.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs find.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs find.exe no specs powershell.exe no specs fltmc.exe no specs powershell.exe no specs find.exe no specs powershell.exe no specs cmd.exe no specs sc.exe no specs find.exe no specs findstr.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs reg.exe no specs find.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs find.exe no specs powershell.exe no specs fltmc.exe no specs powershell.exe no specs find.exe no specs cmd.exe no specs ping.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs reg.exe no specs mode.com no specs choice.exe no specs mode.com no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs find.exe no specs wmic.exe no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs powershell.exe no specs find.exe no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs find.exe no specs sc.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs wmic.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs ping.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs cmd.exe no specs findstr.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs cmd.exe no specs sppextcomobj.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs powershell.exe no specs slui.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs reg.exe no specs powershell.exe no specs cmd.exe no specs wmic.exe no specs find.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs find.exe no specs powershell.exe no specs powershell.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
8cmdC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
8reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ObjectName C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
240find /i "C:\Users\admin\AppData\Local\Temp" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
420C:\WINDOWS\System32\cmd.exe /c ping -4 -n 1 updatecheck.massgrave.devC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
420reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ObjectName C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
532mode 76, 33C:\Windows\System32\mode.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
DOS Device MODE Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mode.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
532find /i "avira.com" C:\WINDOWS\System32\drivers\etc\hosts C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
532reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
532C:\WINDOWS\System32\cmd.exe /S /D /c" echo "0" "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
644sc query ClipSVC C:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
Total events
86 575
Read events
86 571
Write events
4
Delete events
0

Modification events

(PID) Process:(6568) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
Operation:writeName:iWindowPosX
Value:
181
(PID) Process:(6568) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
Operation:writeName:iWindowPosY
Value:
127
(PID) Process:(6568) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
Operation:writeName:iWindowPosDX
Value:
960
(PID) Process:(6568) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
Operation:writeName:iWindowPosDY
Value:
489
Executable files
0
Suspicious files
3
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
6100powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_xj2nq2rx.5gm.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6776powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_t1eutu4r.fdy.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4832powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_cnz5rxn3.lfb.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2032powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_ykgjm5zy.nsx.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2032powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_1lzso30x.mqd.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6688powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_dw0g5dec.pcw.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6224powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_h5cifojq.go2.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6224powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_vgxptpoi.nw5.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
3160powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_zl5laeqm.cf3.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6100powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_skgbjd3i.gpa.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
43
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2120
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4004
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6556
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6556
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6744
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3916
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3916
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4004
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4004
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
google.com
  • 142.250.186.174
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.138
  • 20.190.160.20
  • 40.126.32.74
  • 40.126.32.68
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.136
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MAS_AIO.cmd