File name:

wsanabtrav.exe

Full analysis: https://app.any.run/tasks/939b19da-8f89-4d82-bf2b-d5ce0d8d04e2
Verdict: Malicious activity
Analysis date: July 01, 2024, 12:23:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
amsi
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

58C09BD45279928637FE5A3D88B3EBEB

SHA1:

8EB1E6A735399136963BB8CCDF30457C622A51F1

SHA256:

D3502AD9A3C929EBC60ABEE51D9049B74F4B244FD5D118A37ECB21E9F4F41868

SSDEEP:

98304:m6E3EeD3wYsjmOdjaqbpjc0/k2k9xpSoZ+/xkAFNEADM0qVpOTrnwJgRs6fLhKHq:HBoYH9Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)
      • MSI32A2.tmp (PID: 6304)
      • MSI32A2.tmp (PID: 6356)
      • WRSkyClient.x64.exe (PID: 3896)
      • msiexec.exe (PID: 6752)

    • Antivirus name has been found in the command line (generic signature)

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Creates a writable file in the system directory

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Actions looks like stealing of personal data

      • WRSA.exe (PID: 5776)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 8)

    • The process verifies whether the antivirus software is installed

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 8)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Reads the date of Windows installation

      • wsanabtrav.exe (PID: 2588)

    • Application launched itself

      • wsanabtrav.exe (PID: 2588)

    • Creates files in the driver directory

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Drops a system driver (possible attempt to evade defenses)

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)
      • msiexec.exe (PID: 6752)
      • MSI32A2.tmp (PID: 6304)
      • MSI32A2.tmp (PID: 6356)

    • Executable content was dropped or overwritten

      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)
      • MSI32A2.tmp (PID: 6304)
      • MSI32A2.tmp (PID: 6356)

    • Starts itself from another location

      • wsanabtrav.exe (PID: 2996)

    • Creates or modifies Windows services

      • WRSA.exe (PID: 5776)
      • WRSA.exe (PID: 8)

    • Executes as Windows Service

      • WRSA.exe (PID: 5776)
      • MSI32A2.tmp (PID: 6356)
      • WRCoreService.x64.exe (PID: 244)
      • WRSkyClient.x64.exe (PID: 3896)

    • Creates/Modifies COM task schedule object

      • WRSA.exe (PID: 5776)

    • Creates a software uninstall entry

      • WRSA.exe (PID: 5776)

    • Reads browser cookies

      • WRSA.exe (PID: 8)

    • Detected use of alternative data streams (AltDS)

      • WRSA.exe (PID: 5776)

    • Creates file in the systems drive root

      • WRSA.exe (PID: 5776)

    • Patches Antimalware Scan Interface function (YARA)

      • msiexec.exe (PID: 6752)

    • Starts application from unusual location

      • WRSA.exe (PID: 5776)

  • INFO

    • Checks supported languages

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Checks proxy server information

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 8)

    • Reads the software policy settings

      • wsanabtrav.exe (PID: 2588)
      • WRSA.exe (PID: 5776)

    • Reads the computer name

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 8)
      • WRSA.exe (PID: 5776)

    • Creates files in the program directory

      • wsanabtrav.exe (PID: 2588)
      • wsanabtrav.exe (PID: 2996)
      • WRSA.exe (PID: 5776)

    • Process checks computer location settings

      • wsanabtrav.exe (PID: 2588)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6752)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 6752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:28 20:05:21+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 2455552
InitializedDataSize: 6609920
UninitializedDataSize: -
EntryPoint: 0x227490
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 9.0.36.40
ProductVersionNumber: 9.0.36.40
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Open Text
FileDescription: Webroot SecureAnywhere
FileVersion: 9.0.36.40
InternalName: WRSA.exe
LegalCopyright: © 2006-2024 Open Text
OriginalFileName: WRSA.exe
ProductName: Webroot SecureAnywhere
ProductVersion: 9.0.36.40
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
12
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start wsanabtrav.exe wsanabtrav.exe wrsa.exe no specs wrsa.exe msiexec.exe no specs THREAT msiexec.exe msi32a2.tmp msi32a2.tmp wrcoreservice.x64.exe no specs wrcoreservice.x64.exe no specs wrskyclient.x64.exe no specs wrskyclient.x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
8"C:\Program Files\Webroot\WRSA.exe" -pi /key=09B6BNAB89E27AAFA1CE /installingC:\Program Files\Webroot\WRSA.exewsanabtrav.exe
User:
admin
Company:
Open Text
Integrity Level:
HIGH
Description:
Webroot SecureAnywhere
Version:
9.0.36.40
Modules
Images
c:\program files\webroot\wrsa.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
244"C:\Program Files\Webroot\Core\WRCoreService.x64.exe"C:\Program Files\Webroot\Core\WRCoreService.x64.exeservices.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere Core Service
Version:
1.7.2.2
1644"C:\Program Files\Webroot\Core\WRCoreService.x64.exe" /installC:\Program Files\Webroot\Core\WRCoreService.x64.exeMSI32A2.tmp
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere Core Service
Exit code:
0
Version:
1.7.2.2
2588"C:\Users\admin\AppData\Local\Temp\wsanabtrav.exe" C:\Users\admin\AppData\Local\Temp\wsanabtrav.exe
explorer.exe
User:
admin
Company:
Open Text
Integrity Level:
MEDIUM
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
9.0.36.40
Modules
Images
c:\users\admin\appdata\local\temp\wsanabtrav.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2996"C:\Users\admin\AppData\Local\Temp\wsanabtrav.exe" -insuac="C:\Program Files\Webroot\WRSA.exe" /key=09B6BNAB89E27AAFA1CE /installingC:\Users\admin\AppData\Local\Temp\wsanabtrav.exe
wsanabtrav.exe
User:
admin
Company:
Open Text
Integrity Level:
HIGH
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
9.0.36.40
Modules
Images
c:\users\admin\appdata\local\temp\wsanabtrav.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3896"C:\Program Files\Webroot\Core\WRSkyClient.x64.exe"C:\Program Files\Webroot\Core\WRSkyClient.x64.exeservices.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Version:
1.7.2.2
4820"C:\WINDOWS\system32\msiexec.exe" /i "C:\Program Files\Webroot\Components\WR-89f7c4eacf66f82d155eeda54b1d6135d8f1900fb41121cd87e8a075d5ad8506.msi" /L*V "C:\ProgramData\WRData\ComponentInstall.log" /qnC:\Windows\SysWOW64\msiexec.exeWRSA.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
5776"C:\Program Files\Webroot\WRSA.exe" -serviceC:\Program Files\Webroot\WRSA.exe
services.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Version:
9.0.36.40
Modules
Images
c:\program files\webroot\wrsa.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\advapi32.dll
6304"C:\WINDOWS\Installer\MSI32A2.tmp" /basedir "C:\Program Files\Webroot\Core\\" /installC:\Windows\Installer\MSI32A2.tmp
msiexec.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
1.7.2.2
6356"C:\WINDOWS\Installer\MSI32A2.tmp" --service /basedir "C:\Program Files\Webroot\Core\\" /installC:\Windows\Installer\MSI32A2.tmp
services.exe
User:
SYSTEM
Company:
Open Text
Integrity Level:
SYSTEM
Description:
Webroot SecureAnywhere
Exit code:
0
Version:
1.7.2.2
Total events
182 940
Read events
182 444
Write events
486
Delete events
10

Modification events

(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
86
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
Operation:writeName:LastUpdate
Value:
E79F826600000000
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:USP
Value:
0
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:RSP
Value:
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:RSF
Value:
0
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:3
Value:
0
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:USP
Value:
1
(PID) Process:(2588) wsanabtrav.exeKey:HKEY_CURRENT_USER\SOFTWARE\WRData
Operation:writeName:LIC
Value:
09B6BNAB89E27AAFA1CE
Executable files
23
Suspicious files
56
Text files
4
Unknown types
1

Dropped files

PID
Process
Filename
Type
5776WRSA.exeC:\Program Files\Webroot\Components\WR-89f7c4eacf66f82d155eeda54b1d6135d8f1900fb41121cd87e8a075d5ad8506.msi
MD5:
SHA256:
6752msiexec.exeC:\WINDOWS\Installer\1c2fd2.msi
MD5:
SHA256:
2996wsanabtrav.exeC:\Program Files\Webroot\WRSA.exeexecutable
MD5:58C09BD45279928637FE5A3D88B3EBEB
SHA256:D3502AD9A3C929EBC60ABEE51D9049B74F4B244FD5D118A37ECB21E9F4F41868
5776WRSA.exeC:\ProgramData\WRData\Ovr.dbbinary
MD5:C3DD4A132B23C6710C2CA7089CB8E63F
SHA256:8FD4C44080921D7BD91EDDF2D8D040B20D4937F444B7CE11E9F25D54CC6DB163
2996wsanabtrav.exeC:\WINDOWS\system32\drivers\WRBoot.sysexecutable
MD5:CB90163EF8ED2751F90BF3F6C0396AA7
SHA256:9750E9BF964FBBF097F5B22BC1613862ED688CC01DDDE631CD315986D5D68E3F
2588wsanabtrav.exeC:\ProgramData\WRData\dbr.dbbinary
MD5:A1D9EC8B55A487F6102FC51C13535A80
SHA256:22C125F3A3832D3087D68BCCCE8002ECA0FBE9E877B9F0CBBC4E8622312873C8
2996wsanabtrav.exeC:\Windows\ELAMBKUP\WRBoot.sysexecutable
MD5:CB90163EF8ED2751F90BF3F6C0396AA7
SHA256:9750E9BF964FBBF097F5B22BC1613862ED688CC01DDDE631CD315986D5D68E3F
5776WRSA.exeC:\WINDOWS\system32\drivers\WRkrn.sysexecutable
MD5:A6EA3B47941C22AF29C996F7411E99AF
SHA256:BDF8C082298AA7607011D1F8FD4052047DA1C42FCE85E6294CC13EB77CB41108
5776WRSA.exeC:\WINDOWS\system32\WRusr.dllexecutable
MD5:FA72075B036F3AB8CEAB0AA9F9784BD5
SHA256:6BFCE50662B83C8C8598AAF1B3190BA3D76A1273A8AD4A641D53F098A7A6EDF2
5776WRSA.exeC:\ProgramData\WRData\Ccs.dbbinary
MD5:FA7A90E3C1ADA758D89762EC53D0082C
SHA256:DD0F90595D91E46AB3D9C06489935BC46269E8808EFEBF84C003C6BB64B36932
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
135
DNS requests
34
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
18.245.46.91:80
http://s-webfilter.webrootanywhere.com/wf-block/13267/ncsi.txt
unknown
unknown
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
unknown
2272
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
2272
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
692
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
5956
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
6688
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
6688
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEB2iSDBvmyYY0ILgln0z02o%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
3560
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2520
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
1544
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1544
svchost.exe
192.229.221.95:80
EDGECAST
US
whitelisted
2272
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1060
svchost.exe
23.213.166.81:443
go.microsoft.com
AKAMAI-AS
DE
unknown
4656
SearchApp.exe
92.123.104.57:443
Akamai International B.V.
DE
unknown
3040
OfficeClickToRun.exe
13.89.179.10:443
self.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.64
  • 20.190.159.75
  • 20.190.159.4
  • 40.126.31.69
  • 20.190.159.23
  • 20.190.159.73
  • 20.190.159.71
  • 20.190.159.68
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
self.events.data.microsoft.com
  • 13.89.179.10
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
g65.p4.webrootcloudav.com
  • 54.165.211.138
  • 54.158.116.220
unknown
sn.webrootcloudav.com
  • 63.32.233.38
  • 52.50.223.220
  • 34.246.45.178
  • 52.215.31.176
  • 34.242.181.70
  • 54.216.60.174
  • 52.49.129.245
  • 54.72.143.186
  • 63.32.165.43
  • 52.211.237.128
  • 63.32.246.90
  • 54.246.207.82
  • 54.74.41.139
  • 54.73.77.102
  • 52.19.138.40
  • 63.34.228.0
  • 34.252.114.66
  • 52.50.57.104
  • 54.194.213.42
unknown
wrskynet-oregon.s3-us-west-2.amazonaws.com
  • 52.92.237.130
  • 52.92.147.154
  • 3.5.86.207
  • 3.5.84.114
  • 52.92.133.26
  • 52.92.205.234
  • 52.92.149.242
  • 52.92.187.202
  • 52.92.249.138
  • 3.5.83.211
  • 3.5.76.139
  • 52.92.162.202
  • 3.5.85.40
  • 52.92.237.90
  • 52.92.243.178
  • 52.218.234.169
  • 3.5.86.94
  • 52.92.187.130
  • 52.218.218.145
  • 52.92.177.90
  • 3.5.80.166
  • 3.5.86.171
  • 52.92.147.178
  • 52.218.177.65
  • 52.92.232.50
  • 52.92.128.138
  • 3.5.85.198
  • 3.5.80.14
  • 3.5.82.215
  • 52.92.210.2
  • 52.92.201.58
  • 52.218.183.18
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
wsanabtrav.exe