File name:

CrackSoftware_unpacked.exe

Full analysis: https://app.any.run/tasks/037c4bae-1e48-4a3b-b910-46ddc9bf585d
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 13:38:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
asyncrat
github
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

6F6CDAAC8EC6FA382ECDFB1AE9454730

SHA1:

D2BB7973F02F2EA4C55195DBD43300DBA9DA48FB

SHA256:

46CF714E110BA63C0981ECB9B3A9819F8589B8B08F5E709CC2E6FEA8B16E4926

SSDEEP:

98304:wJDPe5JhSUrIVOOOv+5A+9ZmnlvoRri2VNjGb4YzBTmwTC0e9cusK9NI6iyHp2I8:5kPQ9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ASYNCRAT has been detected (YARA)

      • CrackSoftware_unpacked.exe (PID: 6808)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • CrackSoftware_unpacked.exe (PID: 4208)
      • CrackSoftware_unpacked.exe (PID: 6808)

    • Connects to unusual port

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Executable content was dropped or overwritten

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Reads security settings of Internet Explorer

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Reads the BIOS version

      • MyExeFile.exe (PID: 3888)

  • INFO

    • Checks supported languages

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Checks proxy server information

      • MyExeFile.exe (PID: 3888)
      • CrackSoftware_unpacked.exe (PID: 6808)

    • Reads CPU info

      • MyExeFile.exe (PID: 3888)

    • Reads the computer name

      • MyExeFile.exe (PID: 3888)
      • CrackSoftware_unpacked.exe (PID: 6808)

    • Reads the machine GUID from the registry

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Disables trace logs

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Create files in a temporary directory

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Creates files or folders in the user directory

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Process checks computer location settings

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Process checks whether UAC notifications are on

      • MyExeFile.exe (PID: 3888)

    • Reads the software policy settings

      • MyExeFile.exe (PID: 3888)

    • Creates files in the program directory

      • MyExeFile.exe (PID: 3888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(6808) CrackSoftware_unpacked.exe
C2 (1)206.206.77.63
Ports (3)6606
7707
8808
Version0.5.8
BotnetFree1
Options
AutoRunfalse
MutexKw6rtGd3h9UZ
InstallFolder%AppData%
BSoDtrue
AntiVMtrue
Certificates
Cert1MIIE5jCCAs6gAwIBAgIQAM2HoLVRRIDi1g2hfnnn7TANBgkqhkiG9w0BAQ0FADAUMRIwEAYDVQQDDAlRTCBTZXJ2ZXIwIBcNMjUwNTA0MTczMDE2WhgPOTk5OTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMMCVFMIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKPm9cMAneGWF3gsiX45rXDar/l3mV+vb3fEuUr1hFmPDJUKGOX6fAJhEQH6c+SF7iG8Yx8Twa52NtbBiuKv2TqLPVZV...
Server_SignatureL0WAP2wJ/8pe4YY033iBJWmMW6GuQ6KFU8/IT7001sF5aXj5yLMmxb2KgcWhVgPvBkj0vT+71rSsSnC6WWMvbv3M3lQEjODxQog6rbpY48Hk1zX+augACXLs4uSo19+89Lu8c+ONtLgSKiuSDacjJ1tSrOKu3WjPL0MJzhadThOuB+6M5fRYESjqwVGRCZPBgwzxYXCeq1yapfHSmsKdhvm1oFNSo4OzsC26/Hf6Eu1lO2USjwjdp1+1nEa4S6Dj23eENgnGU7V5Ou0reWOtUwaWY11xln9KjwkOQteU3iAi...
Keys
AES4da4f707cefca472038c47c402c61bd5ef4a12a57b108f09bc75541d9d570c65
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (45.1)
.exe | Win32 Executable MS Visual C++ (generic) (19.2)
.exe | Win64 Executable (generic) (17)
.scr | Windows screen saver (8)
.dll | Win32 Dynamic Link Library (generic) (4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:11 03:50:46+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 6691840
InitializedDataSize: 3072
UninitializedDataSize: -
EntryPoint: 0x663b0e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.2.19041.1766
ProductVersionNumber: 6.2.19041.1766
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Microsoft Corporation
FileDescription: XblGameSave Standby Task
FileVersion: 6.2.19041.1766
InternalName: XblGameSave Standby Task
LegalCopyright: © Microsoft Corporation. All rights reserved.
LegalTrademarks: -
OriginalFileName: XblGameSave Standby Task
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.2.19041.1766
AssemblyVersion: 6.2.19041.1766
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
6
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #ASYNCRAT cracksoftware_unpacked.exe sppextcomobj.exe no specs slui.exe myexefile.exe no specs svchost.exe cracksoftware_unpacked.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3888"C:\Users\admin\AppData\Local\Temp\MyExeFile.exe" C:\Users\admin\AppData\Local\Temp\MyExeFile.exeCrackSoftware_unpacked.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\myexefile.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4208"C:\Users\admin\Desktop\CrackSoftware_unpacked.exe" C:\Users\admin\Desktop\CrackSoftware_unpacked.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XblGameSave Standby Task
Exit code:
3221226540
Version:
6.2.19041.1766
Modules
Images
c:\users\admin\desktop\cracksoftware_unpacked.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4448C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
6404"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6808"C:\Users\admin\Desktop\CrackSoftware_unpacked.exe" C:\Users\admin\Desktop\CrackSoftware_unpacked.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
XblGameSave Standby Task
Version:
6.2.19041.1766
Modules
Images
c:\users\admin\desktop\cracksoftware_unpacked.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
AsyncRat
(PID) Process(6808) CrackSoftware_unpacked.exe
C2 (1)206.206.77.63
Ports (3)6606
7707
8808
Version0.5.8
BotnetFree1
Options
AutoRunfalse
MutexKw6rtGd3h9UZ
InstallFolder%AppData%
BSoDtrue
AntiVMtrue
Certificates
Cert1MIIE5jCCAs6gAwIBAgIQAM2HoLVRRIDi1g2hfnnn7TANBgkqhkiG9w0BAQ0FADAUMRIwEAYDVQQDDAlRTCBTZXJ2ZXIwIBcNMjUwNTA0MTczMDE2WhgPOTk5OTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMMCVFMIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKPm9cMAneGWF3gsiX45rXDar/l3mV+vb3fEuUr1hFmPDJUKGOX6fAJhEQH6c+SF7iG8Yx8Twa52NtbBiuKv2TqLPVZV...
Server_SignatureL0WAP2wJ/8pe4YY033iBJWmMW6GuQ6KFU8/IT7001sF5aXj5yLMmxb2KgcWhVgPvBkj0vT+71rSsSnC6WWMvbv3M3lQEjODxQog6rbpY48Hk1zX+augACXLs4uSo19+89Lu8c+ONtLgSKiuSDacjJ1tSrOKu3WjPL0MJzhadThOuB+6M5fRYESjqwVGRCZPBgwzxYXCeq1yapfHSmsKdhvm1oFNSo4OzsC26/Hf6Eu1lO2USjwjdp1+1nEa4S6Dj23eENgnGU7V5Ou0reWOtUwaWY11xln9KjwkOQteU3iAi...
Keys
AES4da4f707cefca472038c47c402c61bd5ef4a12a57b108f09bc75541d9d570c65
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
Total events
3 616
Read events
3 596
Write events
20
Delete events
0

Modification events

(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
1
Suspicious files
12
Text files
46
Unknown types
2

Dropped files

PID
Process
Filename
Type
6808CrackSoftware_unpacked.exeC:\MU\Aida.pngimage
MD5:EC943AFD0B61FA187041D96E4FB1CA76
SHA256:0DAA51199EACC356FAB666BF802DC5A767B6E91935483939FDF1AB72965BF8DE
6808CrackSoftware_unpacked.exeC:\MU\Arena.pngimage
MD5:DF9D12151BA55662868FEC38AFD87F4F
SHA256:59CE7F4134C89B95F3F07FF96553FE515FEB95F3AB998928BC5636472577F395
6808CrackSoftware_unpacked.exeC:\MU\BalgassRefuge.pngimage
MD5:0A951863D40B38180BAAF839FAC74DA8
SHA256:CBEBF3D5F1FC34B8B6200E2226D714793FB19E335865FC0DD13A57609C88B4EF
6808CrackSoftware_unpacked.exeC:\MU\Atlans.pngimage
MD5:D747BDCB907DC166CC42051327BD35FF
SHA256:1733B2295AACF8F3B5A9B4765B4B5EF254613FB08EBF19CA312010A074A82391
6808CrackSoftware_unpacked.exeC:\MU\Devias.pngimage
MD5:FB140E82EB7891B83D8EFCD75E16A72A
SHA256:30A55165F4D4B9AA1882DE29AEE7DB0CA1814A335D1F11C4E2A128FC1C67490E
6808CrackSoftware_unpacked.exeC:\MU\ChaosCastle.pngimage
MD5:0E16CE45CFAD9F1884BDFABF082CCBA2
SHA256:A23D617559CEDE640908EA82BBDF7B3CB22D5B41C5F4F41561EEC2411118906A
6808CrackSoftware_unpacked.exeC:\MU\A2.PNGimage
MD5:B746074943272FEE5A206E2EC835C424
SHA256:03FCE0F28B91048B7238BE08207660CE54643859E595DEE97AF7F0D6C71B27CB
6808CrackSoftware_unpacked.exeC:\MU\IllusionTemple.pngimage
MD5:A0ABF894F04140CA37B0DC00F2C3F9A0
SHA256:1880C6FB76DD07E3A1F978AE35B5B5B5A51E44388FAE96BA6BDC36C6F7199D00
6808CrackSoftware_unpacked.exeC:\MU\Exile.pngimage
MD5:A6AC624A5EF875CCFEA303EAB97E7DEC
SHA256:FAC0F8A018A074D565FD7C9332DBD1AF72D9BD7DA47A1BA723AD8D007997038F
6808CrackSoftware_unpacked.exeC:\MU\Icarus.pngimage
MD5:17D922D6326EC6AC6D631C4D0B359C38
SHA256:BBD134AF615FB8905B447340D20FEC586C63FB197294F03257DA362538A0A2C1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
31
DNS requests
20
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
404
14.225.204.125:80
http://bdcam.net/NEW/NEW.php
unknown
malicious
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTPlNxcMEqnlIVyH5VuZ4lawhZX3QQU9oUKOxGG4QR9DqoLLNLuzGR7e64CEQCrZoa1YnvoBZaCEzAShkn1
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6808
CrackSoftware_unpacked.exe
206.206.77.63:8808
ATT-INTERNET4
US
malicious
2196
svchost.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.72
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
811092dcc98648d790a1730d08245b4b.monitor-eqatec.com
unknown
bdcam.net
  • 14.225.204.125
malicious
login.live.com
  • 20.190.160.3
  • 20.190.160.66
  • 20.190.160.131
  • 20.190.160.5
  • 20.190.160.4
  • 20.190.160.20
  • 40.126.32.74
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
github.com
  • 140.82.121.4
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CrackSoftware_unpacked.exe