File name:

запитване за стъкло 21866.vbs

Full analysis: https://app.any.run/tasks/b7fbe9e6-faf8-4c10-9047-6460f4c8ab47
Verdict: Malicious activity
Analysis date: March 25, 2025, 07:29:51
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with CRLF line terminators
MD5:

B3716B3569693D01EC7089FB859736C5

SHA1:

0A4898AF441335ADF1F0AA750DD278C6AB81951B

SHA256:

AEA68F07BF60F0E3A6826D387B429F707B22CE54FD3EFE6AD096488E7BAC0DE8

SSDEEP:

24576:4sMb7ezsMb7egsMb7eiSTMh9wPY9VLc+8wtpXXYcNHgXItEHRM6beKVcZ324Fcpd:8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses sleep, probably for evasion detection (SCRIPT)

      • wscript.exe (PID: 4756)
      • wscript.exe (PID: 4408)

    • Deletes a file (SCRIPT)

      • wscript.exe (PID: 4756)

    • Create files in the Startup directory

      • wscript.exe (PID: 4756)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 5156)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 2692)

  • SUSPICIOUS

    • Uses WMI to retrieve WMI-managed resources (SCRIPT)

      • wscript.exe (PID: 4756)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 4756)
      • wscript.exe (PID: 4408)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • wscript.exe (PID: 4756)

    • Accesses current user name via WMI (SCRIPT)

      • wscript.exe (PID: 4756)

    • Writes binary data to a Stream object (SCRIPT)

      • wscript.exe (PID: 4756)

    • Executes application which crashes

      • wscript.exe (PID: 4756)

    • The process creates files with name similar to system file names

      • WerFault.exe (PID: 2088)

    • Executing commands from ".cmd" file

      • wscript.exe (PID: 4408)

    • Starts CMD.EXE for commands execution

      • wscript.exe (PID: 4408)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 5156)

    • The process executes Powershell scripts

      • cmd.exe (PID: 5156)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 5156)

  • INFO

    • Autorun file from Startup directory

      • wscript.exe (PID: 4756)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 2088)
      • BackgroundTransferHost.exe (PID: 1088)

    • Manual execution by a user

      • wscript.exe (PID: 4408)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 1040)
      • BackgroundTransferHost.exe (PID: 1088)
      • BackgroundTransferHost.exe (PID: 1012)
      • BackgroundTransferHost.exe (PID: 6488)
      • BackgroundTransferHost.exe (PID: 6184)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 1088)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 1088)
      • slui.exe (PID: 6824)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
14
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wscript.exe sppextcomobj.exe no specs slui.exe werfault.exe no specs wscript.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1012"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1040"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1088"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1532C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
2088C:\WINDOWS\system32\WerFault.exe -u -p 4756 -s 1036C:\Windows\System32\WerFault.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
2136\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2692PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command C:\Users\admin\AppData\Roaming\WindowsUpdate\SCRDU.ps1C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4408"C:\WINDOWS\System32\WScript.exe" "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WJGLC.vbs"C:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4756"C:\WINDOWS\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\запитване за стъкло 21866.vbs"C:\Windows\System32\wscript.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
3221225477
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5156C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Roaming\WindowsUpdate\ONHGW.cmd" "C:\Windows\System32\cmd.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
Total events
8 805
Read events
8 789
Write events
16
Delete events
0

Modification events

(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1088) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1088) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1088) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1012) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1012) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1012) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4408) wscript.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
0
Suspicious files
9
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WScript.exe_1cca757ab2cb4c9e5f686f545a9565ea6591b_debcac4a_f02875e5-1b2a-4859-b876-31473fc46ecf\Report.wer
MD5:
SHA256:
1088BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\7eea8d3e-36bd-4845-bbb4-29464545c6a9.down_data
MD5:
SHA256:
4756wscript.exeC:\Users\admin\AppData\Roaming\WindowsUpdate\BBSYJ.tmptext
MD5:1336DB0A3FC170C2E11A0F437C2A4C47
SHA256:9EF04ABF3F4C45933F88F1A9C1A54D59CA104E0187D3FF658B3E2FD1909C13C4
1088BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:4C39C7AC4D114F723827F430904218A2
SHA256:08BB63C3E74A902EA4D28D3BC611C645D1E3BC93E53614E26B471304474D9F8F
1088BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:4872BABAF39AA62B8D32695EBB7E9173
SHA256:2EE85DF86EE29BBEB3DCA81AA29B6DE204F605A2769B84C728A329178A2D0999
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERE448.tmp.WERInternalMetadata.xmlbinary
MD5:45D426B2D3F889446B18F5232A6A46C4
SHA256:02C5902539B86A6A0FF031AA77B8C86AD5295CF97DEDC26D45283D3D503DDC94
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERE468.tmp.xmlxml
MD5:BD6A773E9903636351302B61FF40DE40
SHA256:B8A62A47EC2A4413EADA166962655AC07551F528CEC34B2DBC83EFC3A197BDC7
2692powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_fslfm3iy.fbh.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2692powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:05E5B2BFE2459CF8D1C301056C59F51A
SHA256:AC7358869D5CD1D1665149049C30DF983C55BE8ADE0184E52DC207044D509E36
1088BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\6d9074a1-01bf-40fd-a1ae-01bb5a30280d.6d59700d-db32-4328-b0d8-b189c7923099.down_metabinary
MD5:E93CF410F3A73ACA02222E982633FA3A
SHA256:9F0DC453F884053EBE34D3FF5CC33A9F467657C7DC7C533112D4FBA0A85C753F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
25
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4228
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1088
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5608
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5608
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
3216
svchost.exe
20.197.71.89:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
whitelisted
4228
backgroundTaskHost.exe
20.103.156.88:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4228
backgroundTaskHost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.174
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.64
  • 40.126.32.136
  • 20.190.160.14
  • 20.190.160.130
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.20
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
client.wns.windows.com
  • 20.197.71.89
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
www.bing.com
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.168
  • 104.126.37.160
  • 104.126.37.178
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.170
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
запитване за стъкло 21866.vbs