File name:

Verdacrypt.ps1

Full analysis: https://app.any.run/tasks/b3923f30-d468-46b9-8d70-9857133ffa43
Verdict: Malicious activity
Analysis date: March 24, 2025, 19:39:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: text/plain
File info: Unicode text, UTF-8 text, with very long lines (606), with CRLF line terminators
MD5:

BA81176FC20AFD8F6EE91900B6368172

SHA1:

D41FEBA9353315BB6C184421300A845A9CF851CA

SHA256:

63A1D5B90044E403C9DC116280638B62576A3BAB69C7AF10751369AF70BDE2DD

SSDEEP:

384:tKSUBSzj5mMEEpi0D04eEMls/11AUfoUHKc1Y:AM5mME00xEbrlD1Y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 7836)

  • SUSPICIOUS

    • CSC.EXE is used to compile C# code

      • csc.exe (PID: 7992)
      • csc.exe (PID: 7264)

    • Executable content was dropped or overwritten

      • csc.exe (PID: 7992)
      • csc.exe (PID: 7264)

    • Uses WEVTUTIL.EXE to get a list of log names

      • powershell.exe (PID: 7836)

    • Uses WEVTUTIL.EXE to cleanup log

      • powershell.exe (PID: 7836)

  • INFO

    • Checks supported languages

      • csc.exe (PID: 7992)
      • cvtres.exe (PID: 8012)
      • csc.exe (PID: 7264)
      • cvtres.exe (PID: 2284)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 7992)
      • csc.exe (PID: 7264)

    • Create files in a temporary directory

      • cvtres.exe (PID: 8012)
      • csc.exe (PID: 7992)
      • cvtres.exe (PID: 2284)
      • csc.exe (PID: 7264)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 7836)

    • Checks proxy server information

      • slui.exe (PID: 6132)

    • Reads the software policy settings

      • slui.exe (PID: 6132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 349
Monitored processes
1 227
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start powershell.exe no specs conhost.exe no specs csc.exe cvtres.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs slui.exe wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs csc.exe cvtres.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/OperationalC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
208"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnoseC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
208"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/AnalyticC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
456"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/OperationalC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
496"C:\WINDOWS\system32\wevtutil.exe" cl MediaFoundationAsyncWrapperC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
496"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-OperationalC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
496"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/DiagnosticC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
496"C:\WINDOWS\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/OperationalC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
516"C:\WINDOWS\system32\wevtutil.exe" cl HardwareEventsC:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
516"C:\WINDOWS\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"C:\Windows\System32\wevtutil.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
Total events
25 477
Read events
25 477
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
8
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
7836powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF10e820.TMPbinary
MD5:D040F64E9E7A2BB91ABCA5613424598E
SHA256:D04E0A6940609BD6F3B561B0F6027F5CA4E8C5CF0FB0D0874B380A0374A8D670
7836powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RBDBIIR4AZ1BYG4D9VAU.tempbinary
MD5:96FC2CF58B265E469C99D7B1B7B71C97
SHA256:729C30E8975DA0B560621F46675643E8892553C7CFF7728FB95CEEF02343FCF2
7836powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msbinary
MD5:96FC2CF58B265E469C99D7B1B7B71C97
SHA256:729C30E8975DA0B560621F46675643E8892553C7CFF7728FB95CEEF02343FCF2
7836powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_lhqdbp1i.f3y.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
7836powershell.exeC:\Users\admin\AppData\Local\Temp\wktl0d35.0.cstext
MD5:B794645974059BD125405F327C5ACE77
SHA256:AFD81C914FE8FA7EE32BE6A797F46A2A829908B45D59100C1052A7BAF2A347DA
7836powershell.exeC:\Users\admin\AppData\Local\Temp\wktl0d35.cmdlinetext
MD5:BFFA85933AA8F95BF48C38301E751130
SHA256:47680CFA0175981FDF3E726D078D6FD12F253EB2F5B7D8107D8C22D843FB733C
7836powershell.exeC:\Users\admin\AppData\Local\Temp\ng0ndex0.cmdlinetext
MD5:88806D9E6EF69D588153BE3B24021643
SHA256:21DDB29F3B0A5310E7B4905696FC55001278738872FBE16BBDC5BE239E3F123B
7264csc.exeC:\Users\admin\AppData\Local\Temp\ng0ndex0.dllexecutable
MD5:F9D9187E4B89FE817B7725AFCC24CFFC
SHA256:FCAB0E3761399611A4E62092A3C54622CD20EFE2C121DEE70C8411E6325FC3AF
7836powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCachebinary
MD5:2AF279E73EBE24F3A6E689A595D21DA6
SHA256:744A9C29CC187A660EF373FE35642BAC63B4CF8A94D301D90307F3FB0775D35F
7836powershell.exeC:\Users\admin\AppData\Local\Temp\ng0ndex0.0.cstext
MD5:7DF2964601813E20EA90BC7ECA64B00B
SHA256:DAF8A1AE523190EF51054E143909966E01C3B6F531C72B9524D91254EACD6084
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
31
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
7492
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6132
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.142
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Verdacrypt.ps1