URL:

https://raw.githubusercontent.com/PolymarketDev/AI-Scanner/refs/heads/main/Enable

Full analysis: https://app.any.run/tasks/f2659a92-83fd-4e9c-a821-526ffa98306d
Verdict: Malicious activity
Threats:

NetSupport RAT is a malicious adaptation of the legitimate NetSupport Manager, a remote access tool used for IT support, which cybercriminals exploit to gain unauthorized control over systems. It has gained significant traction due to its sophisticated evasion techniques, widespread distribution campaigns, and the challenge it poses to security professionals who must distinguish between legitimate and malicious uses of the underlying software.

Malware Trends Tracker     >>>
Analysis date: March 01, 2026, 00:43:21
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
auto
netsupport
rat
remote
rmm-tool
Indicators:
MD5:

07CBD623F05F0E01516D3137BA246E9E

SHA1:

4D11F172B8470AB02FBC502FC03690AFEC9C55E1

SHA256:

A6BE8119CC6A08EF0AF8BB0D9DBB3E1FC48BD6B7AE1998CD8CEB611B6D7E358C

SSDEEP:

3:N8SGfALtGTzaXuUMoLNKOuO:2FMGncuroLNK6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • NETSUPPORT has been found (auto)

      • powershell.exe (PID: 7000)

    • Proxy execution via Explorer

      • powershell.exe (PID: 7000)

    • NETSUPPORT mutex has been found

      • byby.exe (PID: 2496)

    • NETSUPPORT has been detected (SURICATA)

      • byby.exe (PID: 2496)

  • SUSPICIOUS

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 8520)
      • powershell.exe (PID: 7000)

    • Possibly malicious use of IEX has been detected

      • powershell.exe (PID: 7000)
      • powershell.exe (PID: 8520)

    • The process executes via Task Scheduler

      • powershell.exe (PID: 9020)

    • Application launched itself

      • powershell.exe (PID: 9020)

    • Obfuscation pattern (POWERSHELL)

      • powershell.exe (PID: 7000)
      • powershell.exe (PID: 8520)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 8144)
      • powershell.exe (PID: 9020)

    • Gets path to any of the special folders (POWERSHELL)

      • powershell.exe (PID: 7000)

    • Contacting a server suspected of hosting an CnC

      • byby.exe (PID: 2496)

  • INFO

    • Checks current location (POWERSHELL)

      • powershell.exe (PID: 9020)

    • Manual execution by a user

      • cmd.exe (PID: 8144)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 8520)
      • powershell.exe (PID: 7000)

    • Application launched itself

      • chrome.exe (PID: 8444)

    • Disables trace logs

      • powershell.exe (PID: 7000)

    • Checks proxy server information

      • powershell.exe (PID: 7000)
      • slui.exe (PID: 5108)

    • Drops script file

      • powershell.exe (PID: 7000)
      • powershell.exe (PID: 9020)
      • powershell.exe (PID: 8520)

    • The executable file from the user directory is run by the Powershell process

      • 7z.exe (PID: 8800)

    • Reads the computer name

      • 7z.exe (PID: 8800)
      • byby.exe (PID: 2496)

    • Checks supported languages

      • 7z.exe (PID: 8800)
      • byby.exe (PID: 2496)

    • Creates files or folders in the user directory

      • 7z.exe (PID: 8800)

    • Creates files in the program directory

      • powershell.exe (PID: 7000)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 7780)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 7000)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
199
Monitored processes
46
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs powershell.exe conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs #NETSUPPORT powershell.exe 7z.exe no specs explorer.exe no specs explorer.exe no specs #NETSUPPORT byby.exe slui.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
792"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=3876,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=3868 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1368\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1488"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5684,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5556 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1584"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6140,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=4064 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1632"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5492,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5852 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2496"C:\Users\admin\AppData\Local\MoonriseEmber Stone\byby.exe" C:\Users\admin\AppData\Local\MoonriseEmber Stone\byby.exe
explorer.exe
User:
admin
Company:
NetSupport Ltd
Integrity Level:
MEDIUM
Description:
NetSupport Client Application
Version:
V14.12
Modules
Images
c:\users\admin\appdata\local\moonriseember stone\byby.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\moonriseember stone\pcicl32.dll
3276"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=5892,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5388 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3388"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3880,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=1800 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
4136"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=5940,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5376 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
4352"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=5964,i,16185984346223775114,8623100195304022379,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5960 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
29 020
Read events
29 019
Write events
1
Delete events
0

Modification events

(PID) Process:(7780) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{FBF23B40-E3F0-101B-8488-00AA003E56F8} {000214E4-0000-0000-C000-000000000046} 0xFFFF
Value:
010000000000000000CF298914A9DC01
Executable files
0
Suspicious files
30
Text files
16
Unknown types
379

Dropped files

PID
Process
Filename
Type
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RF1e5551.TMP
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF1e5551.TMP
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old~RF1e5561.TMP
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF1e5561.TMP
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF1e5561.TMP
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1e5561.TMP
MD5:
SHA256:
8444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF1e5561.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
153
TCP/UDP connections
61
DNS requests
49
Threats
35

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
9048
chrome.exe
GET
200
185.199.111.133:443
https://raw.githubusercontent.com/PolymarketDev/AI-Scanner/refs/heads/main/Enable
unknown
binary
161 b
whitelisted
9048
chrome.exe
GET
200
142.251.141.106:443
https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
unknown
binary
41 b
whitelisted
9048
chrome.exe
GET
200
142.251.141.131:443
https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=133
unknown
compressed
88.6 Kb
whitelisted
9048
chrome.exe
GET
200
142.251.127.100:80
http://clients2.google.com/time/1/current?cup2key=8:h4hUUrsIGZUdJwocB4EryROvgm3A9zVFlSC0ZqlFJEY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
9048
chrome.exe
POST
200
142.251.127.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
unknown
text
17 b
whitelisted
356
svchost.exe
POST
200
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
binary
11.1 Kb
whitelisted
9048
chrome.exe
POST
200
142.250.201.163:443
https://update.googleapis.com/service/update2/json?cup2key=14:WTuVlWiY960Zjw3TWRoqDFqrgt-expHb1ihDcXegans&cup2hreq=addb3819fc159825753a47852fcaf4b15abdfadb3af1e213ccb1a1d6aa6b8fb6
unknown
binary
289 b
whitelisted
356
svchost.exe
POST
200
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
7428
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
356
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7428
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7240
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
23.36.162.68:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
9048
chrome.exe
142.251.127.100:80
google.com
GOOGLE
US
whitelisted
9048
chrome.exe
142.251.141.106:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
9048
chrome.exe
142.251.141.131:443
clientservices.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
www.bing.com
  • 23.36.162.68
  • 23.36.162.84
whitelisted
google.com
  • 142.251.127.113
  • 142.251.127.101
  • 142.251.127.100
  • 142.251.127.102
  • 142.251.127.139
  • 142.251.127.138
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
clients2.google.com
  • 142.251.127.100
  • 142.251.127.139
  • 142.251.127.138
  • 142.251.127.101
  • 142.251.127.113
  • 142.251.127.102
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.251.141.106
  • 172.217.168.74
  • 142.250.186.74
  • 142.251.127.95
  • 172.217.16.170
  • 142.251.141.138
  • 216.58.206.42
  • 142.251.37.10
whitelisted
clientservices.googleapis.com
  • 142.251.141.131
whitelisted
raw.githubusercontent.com
  • 185.199.111.133
  • 185.199.110.133
  • 185.199.108.133
  • 185.199.109.133
whitelisted
accounts.google.com
  • 142.251.127.84
whitelisted
update.googleapis.com
  • 142.250.201.163
whitelisted

Threats

PID
Process
Class
Message
9048
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
9048
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7428
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7000
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
7000
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
7000
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
7000
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
7000
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
7000
powershell.exe
Misc activity
ET INFO Request for EXE via Powershell
7000
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://raw.githubusercontent.com/PolymarketDev/AI-Scanner/refs/heads/main/Enable