File name:

wsanabtrav.exe

Full analysis: https://app.any.run/tasks/939b19da-8f89-4d82-bf2b-d5ce0d8d04e2
Verdict: Malicious activity
Analysis date: July 01, 2024, 12:23:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
amsi
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

58C09BD45279928637FE5A3D88B3EBEB

SHA1:

8EB1E6A735399136963BB8CCDF30457C622A51F1

SHA256:

D3502AD9A3C929EBC60ABEE51D9049B74F4B244FD5D118A37ECB21E9F4F41868

SSDEEP:

98304:m6E3EeD3wYsjmOdjaqbpjc0/k2k9xpSoZ+/xkAFNEADM0qVpOTrnwJgRs6fLhKHq:HBoYH9Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)
      • MSI32A2.tmp (PID: 6304)
      • msiexec.exe (PID: 6752)
      • MSI32A2.tmp (PID: 6356)
      • WRSkyClient.x64.exe (PID: 3896)

    • Antivirus name has been found in the command line (generic signature)

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Creates a writable file in the system directory

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Actions looks like stealing of personal data

      • WRSA.exe (PID: 5776)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 8)

    • Reads the date of Windows installation

      • wsanabtrav.exe (PID: 2588)

    • Application launched itself

      • wsanabtrav.exe (PID: 2588)

    • The process verifies whether the antivirus software is installed

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Drops a system driver (possible attempt to evade defenses)

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)
      • msiexec.exe (PID: 6752)
      • MSI32A2.tmp (PID: 6304)
      • MSI32A2.tmp (PID: 6356)

    • Creates files in the driver directory

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Starts itself from another location

      • wsanabtrav.exe (PID: 2996)

    • Creates or modifies Windows services

      • WRSA.exe (PID: 5776)
      • WRSA.exe (PID: 8)

    • Executes as Windows Service

      • WRSA.exe (PID: 5776)
      • WRCoreService.x64.exe (PID: 244)
      • WRSkyClient.x64.exe (PID: 3896)
      • MSI32A2.tmp (PID: 6356)

    • Executable content was dropped or overwritten

      • WRSA.exe (PID: 5776)
      • wsanabtrav.exe (PID: 2996)
      • MSI32A2.tmp (PID: 6304)
      • MSI32A2.tmp (PID: 6356)

    • Creates a software uninstall entry

      • WRSA.exe (PID: 5776)

    • Reads browser cookies

      • WRSA.exe (PID: 8)

    • Detected use of alternative data streams (AltDS)

      • WRSA.exe (PID: 5776)

    • Starts application from unusual location

      • WRSA.exe (PID: 5776)

    • Creates/Modifies COM task schedule object

      • WRSA.exe (PID: 5776)

    • Creates file in the systems drive root

      • WRSA.exe (PID: 5776)

    • Patches Antimalware Scan Interface function (YARA)

      • msiexec.exe (PID: 6752)

  • INFO

    • Checks supported languages

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Checks proxy server information

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 8)

    • Reads the computer name

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Creates files in the program directory

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Process checks computer location settings

      • wsanabtrav.exe (PID: 2588)

    • Reads the software policy settings

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 5776)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6752)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 6752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:28 20:05:21+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 2455552
InitializedDataSize: 6609920
UninitializedDataSize: -
EntryPoint: 0x227490
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 9.0.36.40
ProductVersionNumber: 9.0.36.40
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Open Text
FileDescription: Webroot SecureAnywhere
FileVersion: 9.0.36.40
InternalName: WRSA.exe
LegalCopyright: © 2006-2024 Open Text
OriginalFileName: WRSA.exe
ProductName: Webroot SecureAnywhere
ProductVersion: 9.0.36.40
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
12
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start wsanabtrav.exe wsanabtrav.exe wrsa.exe no specs wrsa.exe msiexec.exe no specs THREAT msiexec.exe msi32a2.tmp msi32a2.tmp wrcoreservice.x64.exe no specs wrcoreservice.x64.exe no specs wrskyclient.x64.exe no specs wrskyclient.x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
8"C:\Program Files\Webroot\WRSA.exe" -pi /key=09B6BNAB89E27AAFA1CE /installingC:\Program Files\Webroot\WRSA.exewsanabtrav.exe
User:
admin
Company:
Open Text
Integrity Level:
HIGH
Description:
Webroot SecureAnywhere
Version:
9.0.36.40
Modules
Images
c:\program files\webroot\wrsa.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
244"C:\Program Files\Webroot\Core\WRCoreService.x64.exe"C:\Program Files\Webroot\Core\WRCoreService.x64.exeservices.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere Core Service
Version:
1.7.2.2
1644"C:\Program Files\Webroot\Core\WRCoreService.x64.exe" /installC:\Program Files\Webroot\Core\WRCoreService.x64.exeMSI32A2.tmp
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere Core Service
Exit code:
0
Version:
1.7.2.2
2588"C:\Users\admin\AppData\Local\Temp\wsanabtrav.exe" C:\Users\admin\AppData\Local\Temp\wsanabtrav.exe
explorer.exe
User:
admin
Company:
Open Text
Integrity Level:
MEDIUM
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
9.0.36.40
Modules
Images
c:\users\admin\appdata\local\temp\wsanabtrav.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2996"C:\Users\admin\AppData\Local\Temp\wsanabtrav.exe" -insuac="C:\Program Files\Webroot\WRSA.exe" /key=09B6BNAB89E27AAFA1CE /installingC:\Users\admin\AppData\Local\Temp\wsanabtrav.exe
wsanabtrav.exe
User:
admin
Company:
Open Text
Integrity Level:
HIGH
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
9.0.36.40
Modules
Images
c:\users\admin\appdata\local\temp\wsanabtrav.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3896"C:\Program Files\Webroot\Core\WRSkyClient.x64.exe"C:\Program Files\Webroot\Core\WRSkyClient.x64.exeservices.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Version:
1.7.2.2
4820"C:\WINDOWS\system32\msiexec.exe" /i "C:\Program Files\Webroot\Components\WR-89f7c4eacf66f82d155eeda54b1d6135d8f1900fb41121cd87e8a075d5ad8506.msi" /L*V "C:\ProgramData\WRData\ComponentInstall.log" /qnC:\Windows\SysWOW64\msiexec.exeWRSA.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
5776"C:\Program Files\Webroot\WRSA.exe" -serviceC:\Program Files\Webroot\WRSA.exe
services.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Version:
9.0.36.40
Modules
Images
c:\program files\webroot\wrsa.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\advapi32.dll
6304"C:\WINDOWS\Installer\MSI32A2.tmp" /basedir "C:\Program Files\Webroot\Core\\" /installC:\Windows\Installer\MSI32A2.tmp
msiexec.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
1.7.2.2
6356"C:\WINDOWS\Installer\MSI32A2.tmp" --service /basedir "C:\Program Files\Webroot\Core\\" /installC:\Windows\Installer\MSI32A2.tmp
services.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
1.7.2.2
Total events
182 940
Read events
182 444
Write events
486
Delete events
10

Modification events

(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
86
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
Operation:writeName:LastUpdate
Value:
E79F826600000000
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:USP
Value:
0
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:RSP
Value:
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:RSF
Value:
0
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:3
Value:
0
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:USP
Value:
1
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:LIC
Value:
09B6BNAB89E27AAFA1CE
Executable files
23
Suspicious files
56
Text files
4
Unknown types
1

Dropped files

PID
Process
Filename
Type
5776WRSA.exeC:\Program Files\Webroot\Components\WR-89f7c4eacf66f82d155eeda54b1d6135d8f1900fb41121cd87e8a075d5ad8506.msi
MD5:
SHA256:
6752msiexec.exeC:\WINDOWS\Installer\1c2fd2.msi
MD5:
SHA256:
2588wsanabtrav.exeC:\ProgramData\WRData\dbr.dbbinary
MD5:A1D9EC8B55A487F6102FC51C13535A80
SHA256:22C125F3A3832D3087D68BCCCE8002ECA0FBE9E877B9F0CBBC4E8622312873C8
6752msiexec.exeC:\WINDOWS\Installer\MSI30AC.tmpbinary
MD5:F7BFD5D7746C976BDABFA03E551EDE01
SHA256:68FB1344CFD2D04C365BDB87F9AF24F019CBB34956DFA66CF0F5464C768EA40C
2996wsanabtrav.exeC:\Windows\ELAMBKUP\WRBoot.sysexecutable
MD5:CB90163EF8ED2751F90BF3F6C0396AA7
SHA256:9750E9BF964FBBF097F5B22BC1613862ED688CC01DDDE631CD315986D5D68E3F
5776WRSA.exeC:\WINDOWS\SysWOW64\WRusr.dllexecutable
MD5:05FD8C5071EC28BAE45B5A2A44E79E66
SHA256:5DF3FB16C8A9FB9CE7A06DCC287DD476A7E9040F3C227CBCB8AFCFBFEEA24C1C
5776WRSA.exeC:\ProgramData\WRData\Lso.dbbinary
MD5:6EC21D3B48E0CC30A3E52D2EC4B55D91
SHA256:214570CD824C3C9A5EA0A24F21A24C5347EAA91A093F81436BD72389771F10B5
5776WRSA.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnklnk
MD5:DA2F8C2D22AEE0FFE19F17163ECDFA10
SHA256:7FDF9D94EDC66C96EB61830B7C146B694A55354937AC08DE9A88F2DB259CCF97
5776WRSA.exeC:\ProgramData\WRData\qsx.dbbinary
MD5:908C39A4D1B3094F7BD6B1BE50E2750D
SHA256:A86860EDAD6048638784F7D244935524DCE83A9ABA7CEEB946C83DAE3211C39A
5776WRSA.exeC:\WINDOWS\system32\drivers\WRkrn.sysexecutable
MD5:A6EA3B47941C22AF29C996F7411E99AF
SHA256:BDF8C082298AA7607011D1F8FD4052047DA1C42FCE85E6294CC13EB77CB41108
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
135
DNS requests
34
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
unknown
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
2272
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
2272
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
692
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
5956
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
6688
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
6688
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ5suEceKjAJbxseAmHFkQ9FrhTWQQUDuE6qFM6MdWKvsG7rWcaA4WtNA4CEF%2FeoLidLW8JtiTOdkPrf5I%3D
unknown
unknown
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEB2iSDBvmyYY0ILgln0z02o%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
3560
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2520
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
1544
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1544
svchost.exe
192.229.221.95:80
EDGECAST
US
whitelisted
2272
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1060
svchost.exe
23.213.166.81:443
go.microsoft.com
AKAMAI-AS
DE
unknown
4656
SearchApp.exe
92.123.104.57:443
Akamai International B.V.
DE
unknown
3040
OfficeClickToRun.exe
13.89.179.10:443
self.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.64
  • 20.190.159.75
  • 20.190.159.4
  • 40.126.31.69
  • 20.190.159.23
  • 20.190.159.73
  • 20.190.159.71
  • 20.190.159.68
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
self.events.data.microsoft.com
  • 13.89.179.10
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
g65.p4.webrootcloudav.com
  • 54.165.211.138
  • 54.158.116.220
unknown
sn.webrootcloudav.com
  • 63.32.233.38
  • 52.50.223.220
  • 34.246.45.178
  • 52.215.31.176
  • 34.242.181.70
  • 54.216.60.174
  • 52.49.129.245
  • 54.72.143.186
  • 63.32.165.43
  • 52.211.237.128
  • 63.32.246.90
  • 54.246.207.82
  • 54.74.41.139
  • 54.73.77.102
  • 52.19.138.40
  • 63.34.228.0
  • 34.252.114.66
  • 52.50.57.104
  • 54.194.213.42
unknown
wrskynet-oregon.s3-us-west-2.amazonaws.com
  • 52.92.237.130
  • 52.92.147.154
  • 3.5.86.207
  • 3.5.84.114
  • 52.92.133.26
  • 52.92.205.234
  • 52.92.149.242
  • 52.92.187.202
  • 52.92.249.138
  • 3.5.83.211
  • 3.5.76.139
  • 52.92.162.202
  • 3.5.85.40
  • 52.92.237.90
  • 52.92.243.178
  • 52.218.234.169
  • 3.5.86.94
  • 52.92.187.130
  • 52.218.218.145
  • 52.92.177.90
  • 3.5.80.166
  • 3.5.86.171
  • 52.92.147.178
  • 52.218.177.65
  • 52.92.232.50
  • 52.92.128.138
  • 3.5.85.198
  • 3.5.80.14
  • 3.5.82.215
  • 52.92.210.2
  • 52.92.201.58
  • 52.218.183.18
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
wsanabtrav.exe