URL:

https://ibit.ly/WK77p

Full analysis: https://app.any.run/tasks/e67bd21f-8286-46eb-9161-dda030be1462
Verdict: Malicious activity
Analysis date: July 25, 2025, 07:36:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
possible-phishing
atera
rmm-tool
Indicators:
MD5:

C5683E0E3C2CDCEEB047EDFF7C22D4D3

SHA1:

362D94768B07F111D4564B918B169640FB0F12AB

SHA256:

723858B5E66538A2AB226C3FC99BC98FDFF745037E9A14000B740DA9207405D8

SSDEEP:

3:N8FtJjV:2f7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • net.exe (PID: 8004)
      • msiexec.exe (PID: 7192)
      • msiexec.exe (PID: 8780)
      • net.exe (PID: 2696)
      • net.exe (PID: 7572)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 7184)
      • powershell.exe (PID: 7156)

    • Changes powershell execution policy (Bypass)

      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • ATERA mutex has been found

      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageMonitoring.exe (PID: 6232)

    • Changes the autorun value in the registry

      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msedge.exe (PID: 5528)
      • msedge.exe (PID: 1356)
      • msiexec.exe (PID: 7928)
      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • 8-0-11.exe (PID: 9056)
      • 8-0-11.exe (PID: 9132)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8048)
      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • AteraAgent.exe (PID: 5900)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7928)

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 1232)
      • rundll32.exe (PID: 7584)
      • rundll32.exe (PID: 4156)
      • rundll32.exe (PID: 7868)
      • AteraAgent.exe (PID: 1948)
      • csc.exe (PID: 7268)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • rundll32.exe (PID: 8820)
      • rundll32.exe (PID: 8952)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • rundll32.exe (PID: 8868)
      • 8-0-11.exe (PID: 9056)
      • 8-0-11.exe (PID: 9132)
      • csc.exe (PID: 9064)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • rundll32.exe (PID: 5652)

    • Uses TASKKILL.EXE to kill process

      • msiexec.exe (PID: 7192)
      • msiexec.exe (PID: 8780)

    • ATERAAGENT has been detected

      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • AteraAgent.exe (PID: 7312)
      • AteraAgent.exe (PID: 8940)
      • AteraAgent.exe (PID: 5900)

    • Reads security settings of Internet Explorer

      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • 8-0-11.exe (PID: 9132)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • AteraAgent.exe (PID: 8940)
      • AteraAgent.exe (PID: 5900)

    • Potential Corporate Privacy Violation

      • rundll32.exe (PID: 7584)
      • rundll32.exe (PID: 7868)
      • AteraAgent.exe (PID: 1948)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • rundll32.exe (PID: 8868)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageMonitoring.exe (PID: 6232)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • rundll32.exe (PID: 5652)
      • AteraAgent.exe (PID: 5900)

    • Reads the date of Windows installation

      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • AteraAgent.exe (PID: 5900)

    • Starts SC.EXE for service management

      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • AteraAgent.exe (PID: 5900)

    • Restarts service on failure

      • sc.exe (PID: 7812)
      • sc.exe (PID: 4916)
      • sc.exe (PID: 8244)

    • Starts POWERSHELL.EXE for commands execution

      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • The process executes Powershell scripts

      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • The process bypasses the loading of PowerShell profile settings

      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • The process hides Powershell's copyright startup banner

      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • Gets a collection of all available drive names (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Starts CMD.EXE for commands execution

      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • The process executes VB scripts

      • cmd.exe (PID: 7716)
      • cmd.exe (PID: 9204)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Checks whether a specific file exists (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Accesses computer name via WMI (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Gets the drive type (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Gets full path of the running script (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Accesses WMI object, sets custom ImpersonationLevel (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Executes WMI query (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • Accesses OperatingSystem(Win32_OperatingSystem) via WMI (SCRIPT)

      • cscript.exe (PID: 2064)
      • cscript.exe (PID: 700)

    • CSC.EXE is used to compile C# code

      • csc.exe (PID: 7268)
      • csc.exe (PID: 9064)

    • Searches for installed software

      • AgentPackageAgentInformation.exe (PID: 7056)
      • 8-0-11.exe (PID: 9132)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • AgentPackageAgentInformation.exe (PID: 7872)

    • The process creates files with name similar to system file names

      • AteraAgent.exe (PID: 7276)
      • msiexec.exe (PID: 7928)

    • Starts a Microsoft application from unusual location

      • 8-0-11.exe (PID: 9132)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)

    • Creates a software uninstall entry

      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)

    • Starts itself from another location

      • 8-0-11.exe (PID: 9132)

  • INFO

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 1356)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5528)
      • msedge.exe (PID: 1356)
      • msiexec.exe (PID: 7928)

    • Reads Environment values

      • identity_helper.exe (PID: 7884)
      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AgentPackageAgentInformation.exe (PID: 7764)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 6664)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • AgentPackageHeartbeat.exe (PID: 2588)
      • AgentPackageMonitoring.exe (PID: 6232)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageSystemTools.exe (PID: 7248)
      • AgentPackageADRemote.exe (PID: 7296)
      • AgentPackageMarketplace.exe (PID: 7448)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageOsUpdates.exe (PID: 8460)
      • AteraAgent.exe (PID: 7312)
      • AteraAgent.exe (PID: 8940)
      • AteraAgent.exe (PID: 5900)

    • Application launched itself

      • msedge.exe (PID: 1356)

    • Reads the computer name

      • identity_helper.exe (PID: 7884)
      • msiexec.exe (PID: 7928)
      • msiexec.exe (PID: 2064)
      • msiexec.exe (PID: 7192)
      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AgentPackageAgentInformation.exe (PID: 7764)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 6664)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • AgentPackageHeartbeat.exe (PID: 2588)
      • AgentPackageMonitoring.exe (PID: 6232)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageSystemTools.exe (PID: 7248)
      • AgentPackageADRemote.exe (PID: 7296)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageMarketplace.exe (PID: 7448)
      • Agent.Package.Availability.exe (PID: 8136)
      • Agent.Package.Watchdog.exe (PID: 8328)
      • Agent.Package.Software.exe (PID: 8336)
      • AgentPackageOsUpdates.exe (PID: 8460)
      • msiexec.exe (PID: 8780)
      • 8-0-11.exe (PID: 9056)
      • 8-0-11.exe (PID: 9132)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • AteraAgent.exe (PID: 7312)
      • AteraAgent.exe (PID: 8940)
      • AteraAgent.exe (PID: 5900)
      • msiexec.exe (PID: 8172)
      • msiexec.exe (PID: 4312)
      • msiexec.exe (PID: 7740)

    • Checks supported languages

      • identity_helper.exe (PID: 7884)
      • msiexec.exe (PID: 7928)
      • msiexec.exe (PID: 2064)
      • msiexec.exe (PID: 7192)
      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AgentPackageAgentInformation.exe (PID: 7764)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 6664)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • csc.exe (PID: 7268)
      • cvtres.exe (PID: 1588)
      • AgentPackageHeartbeat.exe (PID: 2588)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageMonitoring.exe (PID: 6232)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageSystemTools.exe (PID: 7248)
      • AgentPackageADRemote.exe (PID: 7296)
      • AgentPackageMarketplace.exe (PID: 7448)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • Agent.Package.Availability.exe (PID: 8136)
      • AgentPackageTicketing.exe (PID: 7788)
      • Agent.Package.Software.exe (PID: 8336)
      • Agent.Package.Watchdog.exe (PID: 8328)
      • AgentPackageOsUpdates.exe (PID: 8460)
      • 8-0-11.exe (PID: 9056)
      • csc.exe (PID: 9064)
      • msiexec.exe (PID: 8780)
      • 8-0-11.exe (PID: 9132)
      • cvtres.exe (PID: 9084)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • AteraAgent.exe (PID: 7312)
      • AteraAgent.exe (PID: 8940)
      • AteraAgent.exe (PID: 5900)
      • dotnet.exe (PID: 7156)
      • dotnet.exe (PID: 8396)
      • msiexec.exe (PID: 8172)
      • msiexec.exe (PID: 4312)
      • msiexec.exe (PID: 7740)

    • Reads the software policy settings

      • msiexec.exe (PID: 7172)
      • msiexec.exe (PID: 7928)
      • rundll32.exe (PID: 7584)
      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • rundll32.exe (PID: 7868)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AgentPackageAgentInformation.exe (PID: 7764)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • cscript.exe (PID: 2064)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageHeartbeat.exe (PID: 2588)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageADRemote.exe (PID: 7296)
      • AgentPackageMarketplace.exe (PID: 7448)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • rundll32.exe (PID: 8868)
      • AgentPackageTicketing.exe (PID: 7788)
      • cscript.exe (PID: 700)
      • AgentPackageMonitoring.exe (PID: 6232)
      • AteraAgent.exe (PID: 8940)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • rundll32.exe (PID: 5652)
      • slui.exe (PID: 7728)
      • AteraAgent.exe (PID: 5900)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 7172)

    • Manages system restore points

      • SrTasks.exe (PID: 6176)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 7928)
      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AgentPackageAgentInformation.exe (PID: 7764)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageAgentInformation.exe (PID: 6664)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • csc.exe (PID: 7268)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • AgentPackageHeartbeat.exe (PID: 2588)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageMonitoring.exe (PID: 6232)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageSystemTools.exe (PID: 7248)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • AgentPackageADRemote.exe (PID: 7296)
      • AgentPackageMarketplace.exe (PID: 7448)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageOsUpdates.exe (PID: 8460)
      • csc.exe (PID: 9064)
      • AteraAgent.exe (PID: 7312)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • AteraAgent.exe (PID: 8940)
      • AteraAgent.exe (PID: 5900)

    • The sample compiled with english language support

      • rundll32.exe (PID: 1232)
      • rundll32.exe (PID: 7584)
      • rundll32.exe (PID: 4156)
      • rundll32.exe (PID: 7868)
      • AteraAgent.exe (PID: 1948)
      • AteraAgent.exe (PID: 7276)
      • rundll32.exe (PID: 8868)
      • rundll32.exe (PID: 8952)
      • rundll32.exe (PID: 8820)
      • 8-0-11.exe (PID: 9132)
      • 8-0-11.exe (PID: 9056)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • rundll32.exe (PID: 5652)
      • msiexec.exe (PID: 7928)

    • Create files in a temporary directory

      • rundll32.exe (PID: 1232)
      • rundll32.exe (PID: 7584)
      • rundll32.exe (PID: 4156)
      • rundll32.exe (PID: 7868)

    • Disables trace logs

      • rundll32.exe (PID: 7584)
      • AteraAgent.exe (PID: 1948)
      • rundll32.exe (PID: 7868)
      • AgentPackageAgentInformation.exe (PID: 2380)
      • AgentPackageAgentInformation.exe (PID: 7764)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageMonitoring.exe (PID: 7356)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AgentPackageHeartbeat.exe (PID: 2588)
      • AgentPackageSTRemote.exe (PID: 6264)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageADRemote.exe (PID: 7296)
      • AgentPackageMarketplace.exe (PID: 7448)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • rundll32.exe (PID: 8868)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageAgentInformation.exe (PID: 7872)
      • AgentPackageMonitoring.exe (PID: 6232)
      • rundll32.exe (PID: 5652)
      • AteraAgent.exe (PID: 5900)

    • Checks proxy server information

      • rundll32.exe (PID: 7584)
      • rundll32.exe (PID: 7868)
      • slui.exe (PID: 7728)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7928)

    • Creates files in the program directory

      • AteraAgent.exe (PID: 4308)
      • AteraAgent.exe (PID: 1948)
      • AgentPackageMonitoring.exe (PID: 7356)
      • AgentPackageAgentInformation.exe (PID: 7056)
      • AteraAgent.exe (PID: 7276)
      • AgentPackageInternalPoller.exe (PID: 4188)
      • AgentPackageSystemTools.exe (PID: 7248)
      • AgentPackageRuntimeInstaller.exe (PID: 3400)
      • AgentPackageUpgradeAgent.exe (PID: 7748)
      • AgentPackageTicketing.exe (PID: 7788)
      • AgentPackageMonitoring.exe (PID: 6232)
      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
      • AteraAgent.exe (PID: 8940)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 7184)
      • powershell.exe (PID: 7156)

    • Launching a file from a Registry key

      • dotnet-runtime-8.0.11-win-x64.exe (PID: 1028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
290
Monitored processes
147
Malicious processes
16
Suspicious processes
10

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe vssvc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe msiexec.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs taskkill.exe no specs conhost.exe no specs THREAT ateraagent.exe THREAT ateraagent.exe sc.exe no specs rundll32.exe conhost.exe no specs agentpackageagentinformation.exe conhost.exe no specs agentpackageagentinformation.exe conhost.exe no specs slui.exe agentpackageagentinformation.exe conhost.exe no specs agentpackageagentinformation.exe no specs conhost.exe no specs THREAT ateraagent.exe powershell.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs agentpackagemonitoring.exe conhost.exe no specs csc.exe cvtres.exe no specs cmd.exe no specs conhost.exe no specs cscript.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs agentpackageagentinformation.exe conhost.exe no specs agentpackageheartbeat.exe conhost.exe no specs agentpackagestremote.exe conhost.exe no specs powershell.exe no specs conhost.exe no specs THREAT agentpackagemonitoring.exe conhost.exe no specs THREAT agentpackageinternalpoller.exe conhost.exe no specs agentpackageupgradeagent.exe conhost.exe no specs agentpackagesystemtools.exe no specs conhost.exe no specs agentpackageadremote.exe conhost.exe no specs agentpackagemarketplace.exe agentpackageruntimeinstaller.exe conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs agent.package.availability.exe conhost.exe no specs agentpackageticketing.exe conhost.exe no specs agent.package.watchdog.exe agent.package.software.exe conhost.exe no specs conhost.exe no specs agentpackageosupdates.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe 8-0-11.exe csc.exe cvtres.exe no specs 8-0-11.exe cmd.exe no specs conhost.exe no specs dotnet-runtime-8.0.11-win-x64.exe cscript.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs taskkill.exe no specs conhost.exe no specs THREAT ateraagent.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs taskkill.exe no specs conhost.exe no specs THREAT ateraagent.exe no specs THREAT ateraagent.exe rundll32.exe sc.exe no specs conhost.exe no specs msiexec.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs cmd.exe no specs conhost.exe no specs dotnet.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs dotnet.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
700"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5064,i,3618120825830951626,12152057578156483294,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
700cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatusC:\Windows\System32\cscript.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft ® Console Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\cscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028"C:\WINDOWS\Temp\{267D19C1-01F2-4FEB-8D95-380AB73ABCBB}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{EDC4FAB2-E9A3-4D77-A221-198A09221E37} {5D415D13-9318-41CA-B00A-9D4EFF381402} 9132C:\Windows\Temp\{267D19C1-01F2-4FEB-8D95-380AB73ABCBB}\.be\dotnet-runtime-8.0.11-win-x64.exe
8-0-11.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft .NET Runtime - 8.0.11 (x64)
Exit code:
0
Version:
8.0.11.34217
Modules
Images
c:\windows\temp\{267d19c1-01f2-4feb-8d95-380ab73abcbb}\.be\dotnet-runtime-8.0.11-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1068\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1232rundll32.exe "C:\WINDOWS\Installer\MSI7620.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1668734 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://ibit.ly/WK77p"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1580\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\WINDOWS\TEMP\RESB973.tmp" "c:\Windows\Temp\w4t3tsur\CSC7AB16655AF1142B2BF7FAD9860879F9B.TMP"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.execsc.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Resource File To COFF Object Conversion Utility
Exit code:
0
Version:
14.32.31326.0
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\cvtres.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase_clr0400.dll
1948"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
services.exe
User:
SYSTEM
Company:
ATERA Networks Ltd.
Integrity Level:
SYSTEM
Description:
AteraAgent
Exit code:
0
Version:
1.8.7.2
Modules
Images
c:\program files (x86)\atera networks\ateraagent\ateraagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=1488,i,3618120825830951626,12152057578156483294,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
85 677
Read events
84 201
Write events
1 282
Delete events
194

Modification events

(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1356) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
E82CC64A52992F00
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459394
Operation:writeName:WindowTabManagerFileMappingId
Value:
{1F1B4D8D-44AE-4B4D-8B5D-B51085BF90E4}
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459394
Operation:writeName:WindowTabManagerFileMappingId
Value:
{74B226CE-29FB-421E-B01A-95ED62CA4550}
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459394
Operation:writeName:WindowTabManagerFileMappingId
Value:
{05286333-6212-4841-BE0D-A7605B00E1F1}
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459394
Operation:writeName:WindowTabManagerFileMappingId
Value:
{E1C8B7E3-C920-4B62-B576-1D5491E00A46}
(PID) Process:(1356) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
E54AF24A52992F00
Executable files
694
Suspicious files
331
Text files
173
Unknown types
84

Dropped files

PID
Process
Filename
Type
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18d5ba.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF18d5c9.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18d5e9.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF18d5e9.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18d5f8.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
128
DNS requests
96
Threats
67

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5528
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:TAD7iFd43tgGHdD-xDaD5Hjsthz-g70v_XMz4MEEtrE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
4216
svchost.exe
GET
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1753956225&P2=404&P3=2&P4=IH9uvYpauqirX6BEN9YmKwFYxu23bGlmWiRCI3Ne6QQX51MuwiM9hsKHftoIuzkM1Dg1TzQifBu3VkZkjhZRew%3d%3d
unknown
whitelisted
4216
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1753956225&P2=404&P3=2&P4=IH9uvYpauqirX6BEN9YmKwFYxu23bGlmWiRCI3Ne6QQX51MuwiM9hsKHftoIuzkM1Dg1TzQifBu3VkZkjhZRew%3d%3d
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
5708
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1356
msedge.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
1356
msedge.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
1356
msedge.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAnTy%2FhDMohv9omwS69%2Fdow%3D
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7032
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5528
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5528
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5528
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5528
msedge.exe
168.220.91.95:443
ibit.ly
FLY
US
malicious
5528
msedge.exe
2.16.241.220:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
ibit.ly
  • 168.220.91.95
malicious
copilot.microsoft.com
  • 2.16.241.220
  • 2.16.241.224
whitelisted
t.ly
  • 104.20.6.133
  • 104.20.7.133
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.222
  • 2.16.241.207
  • 2.16.241.216
  • 2.16.241.204
  • 2.16.241.206
  • 2.16.241.218
  • 2.16.241.211
  • 2.16.241.205
whitelisted
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted
challenges.cloudflare.com
  • 104.18.95.41
  • 104.18.94.41
whitelisted

Threats

PID
Process
Class
Message
5528
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (ibit .ly)
5528
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (ibit .ly)
5528
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .ly)
5528
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .ly)
5528
msedge.exe
Misc activity
ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
5528
msedge.exe
Misc activity
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
5528
msedge.exe
Misc activity
ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
5528
msedge.exe
Misc activity
ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
5528
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .ly)
5528
msedge.exe
Misc activity
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
Process
Message
AgentPackageMonitoring.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll"...
AgentPackageMonitoring.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll"...
Agent.Package.Availability.exe
You must install .NET to run this application. App: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe Architecture: x64 App host version: 8.0.11 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.11
Agent.Package.Watchdog.exe
You must install .NET to run this application. App: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe Architecture: x64 App host version: 8.0.11 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.11
Agent.Package.Software.exe
You must install .NET to run this application. App: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe Architecture: x64 App host version: 8.0.16 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.16
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://ibit.ly/WK77p