File name:

nellinssen.nl.exe

Full analysis: https://app.any.run/tasks/8844aa37-33ae-4272-a899-372f54e67d9b
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: March 15, 2026, 05:44:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
rat
asyncrat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

B119A8ED9B4AD2C410248D4FE6EDFF3A

SHA1:

A3A6EFDA3067C8C9B3E336C6727585B8A5B8920F

SHA256:

C6AC166C420F81E02260A706BEF8FCEDBF30B9BBFFA8352A006CD54E5FD150E6

SSDEEP:

1536:jVW+8wvY4YHFIbzDHIZ4U7TOYNt9ZXY3bgISxG0NAlD8m2x:jVW+8wvY4YHgHIBBY3bgRG0NAux

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • nellinssen.nl.exe (PID: 4712)

    • ASYNCRAT has been detected (YARA)

      • ditmemay.exe (PID: 8352)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • nellinssen.nl.exe (PID: 4712)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 5168)

    • Executing commands from a ".bat" file

      • nellinssen.nl.exe (PID: 4712)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 5168)

    • The executable file from the user directory is run by the CMD process

      • ditmemay.exe (PID: 8352)

  • INFO

    • Reads the computer name

      • nellinssen.nl.exe (PID: 4712)
      • ditmemay.exe (PID: 8352)

    • Checks supported languages

      • nellinssen.nl.exe (PID: 4712)
      • ditmemay.exe (PID: 8352)

    • Create files in a temporary directory

      • nellinssen.nl.exe (PID: 4712)

    • Reads the machine GUID from the registry

      • nellinssen.nl.exe (PID: 4712)
      • ditmemay.exe (PID: 8352)

    • Creates files or folders in the user directory

      • nellinssen.nl.exe (PID: 4712)

    • Launching a file from a Registry key

      • nellinssen.nl.exe (PID: 4712)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(8352) ditmemay.exe
C2 (1)nellinssen.nl
Ports (4)80
8080
443
8443
Version0.5.8
Botnetnellinssen.nl
Options
AutoRuntrue
Mutex4l3VtV1uut4L
InstallFolder%AppData%
BSoDfalse
AntiVMfalse
Certificates
Cert1MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3...
Server_SignatureUNhSDTPp4+yOIY8muMX+54X7mDEgIFzlIz3Oyrefb8+VX5Lkr1d9WiqL5M+btUxUNq5SQOciBLP7ED1ukV4PEt9ECczg/rY8nhIxE8TGCiVaC3cVhyOK97dbfCF5tLXT2l21h9t3+Y/p2tkrccbVxcfbdYJQ0EO9TSoQlVdqRj1JrNuMr/qprcJRh1x5fcCB/foRfFp0QdUj/BNjTy1yqtm6S1MM+rQX2RLQY/WPfLarbMvSFWc4y65syJBC8Uhrb878pyV/YqlNJeXhvLjYiEOpwSxHSoQthqLDpjldCBa+...
Keys
AES324708050def09ed24a9f842f396482c432b9b8b4fdbcb6cba47338cb09118ed
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:16 21:40:53+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 43008
InitializedDataSize: 2560
UninitializedDataSize: -
EntryPoint: 0xc72e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: -
FileVersion: 1.0.0.0
InternalName: Stub.exe
LegalCopyright: -
LegalTrademarks: -
OriginalFileName: Stub.exe
ProductName: -
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start nellinssen.nl.exe cmd.exe no specs conhost.exe no specs timeout.exe no specs #ASYNCRAT ditmemay.exe slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4712"C:\Users\admin\Downloads\nellinssen.nl.exe" C:\Users\admin\Downloads\nellinssen.nl.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\downloads\nellinssen.nl.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
5168C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\tmp661A.tmp.bat""C:\Windows\SysWOW64\cmd.exenellinssen.nl.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5204timeout 3 C:\Windows\SysWOW64\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7460C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
8036\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8352"C:\Users\admin\AppData\Roaming\ditmemay.exe" C:\Users\admin\AppData\Roaming\ditmemay.exe
cmd.exe
User:
admin
Integrity Level:
MEDIUM
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\roaming\ditmemay.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
AsyncRat
(PID) Process(8352) ditmemay.exe
C2 (1)nellinssen.nl
Ports (4)80
8080
443
8443
Version0.5.8
Botnetnellinssen.nl
Options
AutoRuntrue
Mutex4l3VtV1uut4L
InstallFolder%AppData%
BSoDfalse
AntiVMfalse
Certificates
Cert1MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3...
Server_SignatureUNhSDTPp4+yOIY8muMX+54X7mDEgIFzlIz3Oyrefb8+VX5Lkr1d9WiqL5M+btUxUNq5SQOciBLP7ED1ukV4PEt9ECczg/rY8nhIxE8TGCiVaC3cVhyOK97dbfCF5tLXT2l21h9t3+Y/p2tkrccbVxcfbdYJQ0EO9TSoQlVdqRj1JrNuMr/qprcJRh1x5fcCB/foRfFp0QdUj/BNjTy1yqtm6S1MM+rQX2RLQY/WPfLarbMvSFWc4y65syJBC8Uhrb878pyV/YqlNJeXhvLjYiEOpwSxHSoQthqLDpjldCBa+...
Keys
AES324708050def09ed24a9f842f396482c432b9b8b4fdbcb6cba47338cb09118ed
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
Total events
900
Read events
899
Write events
1
Delete events
0

Modification events

(PID) Process:(4712) nellinssen.nl.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:ditmemay
Value:
"C:\Users\admin\AppData\Roaming\ditmemay.exe"
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4712nellinssen.nl.exeC:\Users\admin\AppData\Local\Temp\tmp661A.tmp.battext
MD5:89D656FFC9E16481DFAE2EE45F1AE0D0
SHA256:990A3D97CA079652DCE8419C482C1BF21B20B2C34AD3763BD08633D4E790E350
4712nellinssen.nl.exeC:\Users\admin\AppData\Roaming\ditmemay.exeexecutable
MD5:B119A8ED9B4AD2C410248D4FE6EDFF3A
SHA256:C6AC166C420F81E02260A706BEF8FCEDBF30B9BBFFA8352A006CD54E5FD150E6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
30
DNS requests
18
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
876
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
8044
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
8044
SIHClient.exe
GET
200
20.165.94.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
8044
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
8044
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
876
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
text
5.74 Kb
whitelisted
876
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
876
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
356
svchost.exe
POST
200
20.190.160.131:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
876
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
7288
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
876
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
876
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
876
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
876
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8352
ditmemay.exe
104.21.90.243:80
nellinssen.nl
CLOUDFLARENET
US
malicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
self.events.data.microsoft.com
  • 52.168.112.67
whitelisted
google.com
  • 142.251.140.174
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 72.246.29.11
whitelisted
nellinssen.nl
  • 104.21.90.243
  • 172.67.162.209
unknown
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.160.131
  • 40.126.32.76
  • 20.190.160.64
  • 20.190.160.22
  • 40.126.32.72
  • 20.190.160.65
  • 40.126.32.134
  • 40.126.32.133
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 135.233.95.144
whitelisted

Threats

PID
Process
Class
Message
876
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
8352
ditmemay.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nellinssen.nl.exe