File name:

запитване за стъкло 21866.vbs

Full analysis: https://app.any.run/tasks/b7fbe9e6-faf8-4c10-9047-6460f4c8ab47
Verdict: Malicious activity
Analysis date: March 25, 2025, 07:29:51
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with CRLF line terminators
MD5:

B3716B3569693D01EC7089FB859736C5

SHA1:

0A4898AF441335ADF1F0AA750DD278C6AB81951B

SHA256:

AEA68F07BF60F0E3A6826D387B429F707B22CE54FD3EFE6AD096488E7BAC0DE8

SSDEEP:

24576:4sMb7ezsMb7egsMb7eiSTMh9wPY9VLc+8wtpXXYcNHgXItEHRM6beKVcZ324Fcpd:8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Deletes a file (SCRIPT)

      • wscript.exe (PID: 4756)

    • Create files in the Startup directory

      • wscript.exe (PID: 4756)

    • Uses sleep, probably for evasion detection (SCRIPT)

      • wscript.exe (PID: 4756)
      • wscript.exe (PID: 4408)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 2692)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 5156)

  • SUSPICIOUS

    • Executes application which crashes

      • wscript.exe (PID: 4756)

    • Writes binary data to a Stream object (SCRIPT)

      • wscript.exe (PID: 4756)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • wscript.exe (PID: 4756)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 4756)
      • wscript.exe (PID: 4408)

    • Uses WMI to retrieve WMI-managed resources (SCRIPT)

      • wscript.exe (PID: 4756)

    • Accesses current user name via WMI (SCRIPT)

      • wscript.exe (PID: 4756)

    • The process creates files with name similar to system file names

      • WerFault.exe (PID: 2088)

    • The process executes Powershell scripts

      • cmd.exe (PID: 5156)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 5156)

    • Starts CMD.EXE for commands execution

      • wscript.exe (PID: 4408)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 5156)

    • Executing commands from ".cmd" file

      • wscript.exe (PID: 4408)

  • INFO

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 2088)
      • BackgroundTransferHost.exe (PID: 1088)

    • Autorun file from Startup directory

      • wscript.exe (PID: 4756)

    • Manual execution by a user

      • wscript.exe (PID: 4408)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 1040)
      • BackgroundTransferHost.exe (PID: 1012)
      • BackgroundTransferHost.exe (PID: 1088)
      • BackgroundTransferHost.exe (PID: 6488)
      • BackgroundTransferHost.exe (PID: 6184)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 1088)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 1088)
      • slui.exe (PID: 6824)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
14
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wscript.exe sppextcomobj.exe no specs slui.exe werfault.exe no specs wscript.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1012"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1040"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1088"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1532C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
2088C:\WINDOWS\system32\WerFault.exe -u -p 4756 -s 1036C:\Windows\System32\WerFault.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
2136\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2692PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command C:\Users\admin\AppData\Roaming\WindowsUpdate\SCRDU.ps1C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4408"C:\WINDOWS\System32\WScript.exe" "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WJGLC.vbs"C:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4756"C:\WINDOWS\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\запитване за стъкло 21866.vbs"C:\Windows\System32\wscript.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
3221225477
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5156C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Roaming\WindowsUpdate\ONHGW.cmd" "C:\Windows\System32\cmd.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
Total events
8 805
Read events
8 789
Write events
16
Delete events
0

Modification events

(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1088) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1088) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1088) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1012) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1012) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1012) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4408) wscript.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
0
Suspicious files
9
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WScript.exe_1cca757ab2cb4c9e5f686f545a9565ea6591b_debcac4a_f02875e5-1b2a-4859-b876-31473fc46ecf\Report.wer
MD5:
SHA256:
1088BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\7eea8d3e-36bd-4845-bbb4-29464545c6a9.down_data
MD5:
SHA256:
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERE448.tmp.WERInternalMetadata.xmlbinary
MD5:45D426B2D3F889446B18F5232A6A46C4
SHA256:02C5902539B86A6A0FF031AA77B8C86AD5295CF97DEDC26D45283D3D503DDC94
2088WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\wscript.exe.4756.dmpbinary
MD5:7F0B192FF2BBA8022CE32F6313690105
SHA256:838229387579FC98F255A06781496FD5F4671E3E68CD5C7268A151C84F51E870
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERE34D.tmp.dmpbinary
MD5:1787522AB7EF5401E7BFB73BE42B6679
SHA256:CA0A39202449621ADC2F342374A5CA5BB5E8B7B1BEFDDD7EE1F3B70BFBB4F7E8
1088BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:4872BABAF39AA62B8D32695EBB7E9173
SHA256:2EE85DF86EE29BBEB3DCA81AA29B6DE204F605A2769B84C728A329178A2D0999
4756wscript.exeC:\Users\admin\AppData\Roaming\WindowsUpdate\ONHGW.cmdtext
MD5:634731C46413EE25F7A87CAF50B742EC
SHA256:41E2F984D7A3CB043225AC82970E7E36F46D78C69A06EA6572CB93B2C01FC5CE
4756wscript.exeC:\Users\admin\AppData\Roaming\WindowsUpdate\BBSYJ.tmptext
MD5:1336DB0A3FC170C2E11A0F437C2A4C47
SHA256:9EF04ABF3F4C45933F88F1A9C1A54D59CA104E0187D3FF658B3E2FD1909C13C4
2088WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERE468.tmp.xmlxml
MD5:BD6A773E9903636351302B61FF40DE40
SHA256:B8A62A47EC2A4413EADA166962655AC07551F528CEC34B2DBC83EFC3A197BDC7
4756wscript.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WJGLC.vbstext
MD5:73E5776FC7CF23D8FAD4EA8544AB4050
SHA256:7BE57B21FB0285F9B86911E7AC655DDE34DB5B9092F7F2D179217DCD9065E73D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
25
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1088
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4228
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5608
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5608
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
3216
svchost.exe
20.197.71.89:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
whitelisted
4228
backgroundTaskHost.exe
20.103.156.88:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4228
backgroundTaskHost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.174
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.64
  • 40.126.32.136
  • 20.190.160.14
  • 20.190.160.130
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.20
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
client.wns.windows.com
  • 20.197.71.89
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
www.bing.com
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.168
  • 104.126.37.160
  • 104.126.37.178
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.170
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
запитване за стъкло 21866.vbs