File name:

b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe

Full analysis: https://app.any.run/tasks/2f17acac-0b02-4c9c-90c5-b8b3d3bac4b4
Verdict: Malicious activity
Analysis date: December 21, 2025, 10:32:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

301A50DBF2903823A87860C5FCD8941D

SHA1:

180936E169C0B303D89AEF3EE3E01083B8B4219F

SHA256:

B570F694C37AA5184D86A9A6C903BEDEC10D53F5AE5979CA047A25B43CE62575

SSDEEP:

24576:2xY301W3UnKVc5+R97gqM5n9ofzaVZ7wpG0:2xY301W3UnCw+z7gqM5n9ofzaV9wpG0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)
      • mls.exe (PID: 7856)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)
      • mls.exe (PID: 7856)

    • Executable content was dropped or overwritten

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)

  • INFO

    • Create files in a temporary directory

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)

    • Reads the computer name

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)
      • mls.exe (PID: 7856)
      • TextInputHost.exe (PID: 6676)

    • Reads Microsoft Office registry keys

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)

    • Process checks computer location settings

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)
      • mls.exe (PID: 7856)

    • Launching a file from a Registry key

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)
      • mls.exe (PID: 7856)

    • Checks supported languages

      • b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe (PID: 7632)
      • mls.exe (PID: 7856)
      • TextInputHost.exe (PID: 6676)
      • mls.exe (PID: 7724)

    • Creates files or folders in the user directory

      • mls.exe (PID: 7856)

    • Manual execution by a user

      • mls.exe (PID: 7724)

    • Checks proxy server information

      • slui.exe (PID: 7368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2015:02:12 18:50:20+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 11
CodeSize: 602112
InitializedDataSize: 1050112
UninitializedDataSize: -
EntryPoint: 0x5a8c5
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
7
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe winword.exe mls.exe ai.exe no specs textinputhost.exe no specs mls.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
6676"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Version:
123.26505.0.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\textinputhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
7368C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7516"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "A0EB17D5-E055-40BB-A999-5BED0F22BA32" "F522AEAA-4A4B-416B-AAB2-D9147C2C9793" "7716"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.
Version:
0.12.2.0
Modules
Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
7632"C:\Users\admin\Desktop\b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe" C:\Users\admin\Desktop\b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7716"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\admin\Desktop\b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.docx" /o ""C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
7724"C:\Users\admin\AppData\Roaming\RAC\mls.exe" -sC:\Users\admin\AppData\Roaming\RAC\mls.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\roaming\rac\mls.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
7856"C:\Users\admin\AppData\Roaming\RAC\mls.exe" -sC:\Users\admin\AppData\Roaming\RAC\mls.exe
b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\roaming\rac\mls.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
20 218
Read events
19 846
Write events
345
Delete events
27

Modification events

(PID) Process:(7632) b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
Value:
010000000000000048432C136572DC01
(PID) Process:(7632) b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:mls
Value:
"C:\Users\admin\AppData\Roaming\RAC\mls.exe" -s
(PID) Process:(7632) b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7856) mls.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:svcsc.exe
Value:
C:\Users\admin\AppData\Roaming\RAC\svcsc.exe
(PID) Process:(7716) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:0
Value:
017012000000001000B24E9A3E02000000000000000600000000000000
(PID) Process:(7716) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
Operation:writeName:s=.
Value:
733D2E00241E00000100000000000000E23724146572DC0100000000
(PID) Process:(7716) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
Operation:writeName:SessionId
Value:
B573E2684A93C647A0B072A03C482BD0
(PID) Process:(7716) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\WINWORD\2200
Operation:delete valueName:0
Value:
ซ鴐㝅娴Ꝇ힬꿹�䙔�닜樁င$驄摽鶲…ީ湕湫睯쥮Ȇ∢්ł¢ᣂ숁씀褎예됏죃캲ǭ჉砃㐶ᇅᆘዒ看椀渀眀漀爀搀⸀攀砀攀씀‖ៅ肀줄࠘㈲㈱䐭捥
(PID) Process:(7716) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\WINWORD\2200
Operation:delete keyName:(default)
Value:
(PID) Process:(7716) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7716
Operation:writeName:0
Value:
0B0E10771F54DA3D44044E99E074E4A17D9B30230046DCA0F4A0D1CC9CEE016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C50E8908C91003783634C511A43CD2120B770069006E0077006F00720064002E00650078006500C51620C517808004C91808323231322D44656300
Executable files
40
Suspicious files
90
Text files
21
Unknown types
0

Dropped files

PID
Process
Filename
Type
7632b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeC:\Users\admin\AppData\Local\Temp\RCXEE5F.tmpexecutable
MD5:8A13AB536A9875E8EBF0222DD9413155
SHA256:BCA1CB146DEA77CA15C7D870DEF0B35945DBD4E6413A829DC796EFFCD87CC358
7632b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeC:\Users\admin\Desktop\b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.docxbinary
MD5:DE1254999DE35BA5AD10D9FE229F3E55
SHA256:FC9C1FE73CE3AABEF36A4FB3D02341FC00BE7A7138D34443F349C92ADE1B8F6C
7716WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmbinary
MD5:278ABD695D92C35C0E54B03F1D1AD8CA
SHA256:5C34E81272F86D4EEF0E90D64291424F7ECB4B4106542B4CA1E411E45F5B584A
7632b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeC:\Users\admin\AppData\Local\Temp\RCXEE2F.tmpexecutable
MD5:794E2777D0F14D5A06A4837196A5F877
SHA256:F892AEF8F606E15DD41E26787B64FF89D68AFA323CE0A819C8905FC6B656C240
7716WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dattext
MD5:B15FDB10F869D7DF26AB7448FC801B4A
SHA256:7F2AD56E0493B4BFD625EC3BB14A4F59AA10060B441874D4A77EB1D3C90E621D
7716WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:DB93DC01B5C0C942957FF4772BEAC81B
SHA256:C43C42024078523C5427B21FCC7CE2339978CB72EF70FC4560E0E1DD8B6A1459
7716WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.docx.LNKbinary
MD5:DDFDBAA9CEC831900D014393A6B6F765
SHA256:E88B30BECA0ADA0BE2CF756B642BABFDBF61EAF552D0615907AB03DD9A9761CF
7716WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4FD67F91-4ECC-4142-B2C5-A35F1B83349Bxml
MD5:5AC0934EC5472BB90DD966E4F19B7B4A
SHA256:03539BBFEDF2A0AA7FC99A5D6AA954E4E4C055862871E1D367DB2837115E8F78
7716WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryRU0419.lextext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7632b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exeC:\Users\admin\AppData\Local\Temp\2415546.tmpexecutable
MD5:301A50DBF2903823A87860C5FCD8941D
SHA256:B570F694C37AA5184D86A9A6C903BEDEC10D53F5AE5979CA047A25B43CE62575
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
183
TCP/UDP connections
109
DNS requests
30
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5600
RUXIMICS.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=186&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
unknown
whitelisted
1188
svchost.exe
GET
200
2.16.164.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5600
RUXIMICS.exe
GET
200
2.16.164.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1188
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5600
RUXIMICS.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7856
mls.exe
GET
200
3.229.117.57:80
http://wxanalytics.ru/net.exe.config
unknown
unknown
POST
200
20.190.160.5:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
unknown
6460
svchost.exe
POST
200
20.190.159.4:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
1188
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5600
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1188
svchost.exe
2.16.164.81:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.81:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5600
RUXIMICS.exe
2.16.164.81:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
google.com
  • 142.251.140.174
whitelisted
crl.microsoft.com
  • 2.16.164.81
  • 2.16.164.9
  • 2.16.164.120
  • 2.16.164.49
  • 23.62.230.139
  • 23.62.230.142
whitelisted
www.microsoft.com
  • 23.59.18.102
  • 23.3.134.93
whitelisted
wxanalytics.ru
  • 3.229.117.57
whitelisted
login.live.com
  • 20.190.159.4
  • 20.190.159.0
  • 40.126.31.73
  • 40.126.31.128
  • 40.126.31.0
  • 40.126.31.130
  • 40.126.31.3
  • 40.126.31.1
whitelisted
officeclient.microsoft.com
  • 52.109.89.18
whitelisted
omex.cdn.office.net
  • 23.53.40.82
  • 23.53.40.25
whitelisted
roaming.svc.cloud.microsoft
  • 52.110.17.42
  • 52.110.17.63
  • 52.110.17.28
  • 52.110.17.43
  • 52.110.17.53
  • 52.110.17.18
  • 52.110.17.51
  • 52.110.17.49
whitelisted

Threats

PID
Process
Class
Message
7856
mls.exe
Potentially Bad Traffic
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Process
Message
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575.exe