File name:

CrackSoftware_unpacked.exe

Full analysis: https://app.any.run/tasks/037c4bae-1e48-4a3b-b910-46ddc9bf585d
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 13:38:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
asyncrat
github
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

6F6CDAAC8EC6FA382ECDFB1AE9454730

SHA1:

D2BB7973F02F2EA4C55195DBD43300DBA9DA48FB

SHA256:

46CF714E110BA63C0981ECB9B3A9819F8589B8B08F5E709CC2E6FEA8B16E4926

SSDEEP:

98304:wJDPe5JhSUrIVOOOv+5A+9ZmnlvoRri2VNjGb4YzBTmwTC0e9cusK9NI6iyHp2I8:5kPQ9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ASYNCRAT has been detected (YARA)

      • CrackSoftware_unpacked.exe (PID: 6808)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • CrackSoftware_unpacked.exe (PID: 6808)
      • CrackSoftware_unpacked.exe (PID: 4208)

    • Reads the BIOS version

      • MyExeFile.exe (PID: 3888)

    • Connects to unusual port

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Reads security settings of Internet Explorer

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Executable content was dropped or overwritten

      • CrackSoftware_unpacked.exe (PID: 6808)

  • INFO

    • Reads the computer name

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Checks proxy server information

      • MyExeFile.exe (PID: 3888)
      • CrackSoftware_unpacked.exe (PID: 6808)

    • Process checks whether UAC notifications are on

      • MyExeFile.exe (PID: 3888)

    • Checks supported languages

      • MyExeFile.exe (PID: 3888)
      • CrackSoftware_unpacked.exe (PID: 6808)

    • Reads the machine GUID from the registry

      • CrackSoftware_unpacked.exe (PID: 6808)
      • MyExeFile.exe (PID: 3888)

    • Reads CPU info

      • MyExeFile.exe (PID: 3888)

    • Creates files or folders in the user directory

      • MyExeFile.exe (PID: 3888)
      • CrackSoftware_unpacked.exe (PID: 6808)

    • Creates files in the program directory

      • MyExeFile.exe (PID: 3888)

    • Reads the software policy settings

      • MyExeFile.exe (PID: 3888)

    • Disables trace logs

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Process checks computer location settings

      • CrackSoftware_unpacked.exe (PID: 6808)

    • Create files in a temporary directory

      • CrackSoftware_unpacked.exe (PID: 6808)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(6808) CrackSoftware_unpacked.exe
C2 (1)206.206.77.63
Ports (3)6606
7707
8808
Version0.5.8
BotnetFree1
Options
AutoRunfalse
MutexKw6rtGd3h9UZ
InstallFolder%AppData%
BSoDtrue
AntiVMtrue
Certificates
Cert1MIIE5jCCAs6gAwIBAgIQAM2HoLVRRIDi1g2hfnnn7TANBgkqhkiG9w0BAQ0FADAUMRIwEAYDVQQDDAlRTCBTZXJ2ZXIwIBcNMjUwNTA0MTczMDE2WhgPOTk5OTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMMCVFMIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKPm9cMAneGWF3gsiX45rXDar/l3mV+vb3fEuUr1hFmPDJUKGOX6fAJhEQH6c+SF7iG8Yx8Twa52NtbBiuKv2TqLPVZV...
Server_SignatureL0WAP2wJ/8pe4YY033iBJWmMW6GuQ6KFU8/IT7001sF5aXj5yLMmxb2KgcWhVgPvBkj0vT+71rSsSnC6WWMvbv3M3lQEjODxQog6rbpY48Hk1zX+augACXLs4uSo19+89Lu8c+ONtLgSKiuSDacjJ1tSrOKu3WjPL0MJzhadThOuB+6M5fRYESjqwVGRCZPBgwzxYXCeq1yapfHSmsKdhvm1oFNSo4OzsC26/Hf6Eu1lO2USjwjdp1+1nEa4S6Dj23eENgnGU7V5Ou0reWOtUwaWY11xln9KjwkOQteU3iAi...
Keys
AES4da4f707cefca472038c47c402c61bd5ef4a12a57b108f09bc75541d9d570c65
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (45.1)
.exe | Win32 Executable MS Visual C++ (generic) (19.2)
.exe | Win64 Executable (generic) (17)
.scr | Windows screen saver (8)
.dll | Win32 Dynamic Link Library (generic) (4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:11 03:50:46+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 6691840
InitializedDataSize: 3072
UninitializedDataSize: -
EntryPoint: 0x663b0e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.2.19041.1766
ProductVersionNumber: 6.2.19041.1766
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Microsoft Corporation
FileDescription: XblGameSave Standby Task
FileVersion: 6.2.19041.1766
InternalName: XblGameSave Standby Task
LegalCopyright: © Microsoft Corporation. All rights reserved.
LegalTrademarks: -
OriginalFileName: XblGameSave Standby Task
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.2.19041.1766
AssemblyVersion: 6.2.19041.1766
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
6
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #ASYNCRAT cracksoftware_unpacked.exe sppextcomobj.exe no specs slui.exe myexefile.exe no specs svchost.exe cracksoftware_unpacked.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3888"C:\Users\admin\AppData\Local\Temp\MyExeFile.exe" C:\Users\admin\AppData\Local\Temp\MyExeFile.exeCrackSoftware_unpacked.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\myexefile.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4208"C:\Users\admin\Desktop\CrackSoftware_unpacked.exe" C:\Users\admin\Desktop\CrackSoftware_unpacked.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XblGameSave Standby Task
Exit code:
3221226540
Version:
6.2.19041.1766
Modules
Images
c:\users\admin\desktop\cracksoftware_unpacked.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4448C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
6404"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6808"C:\Users\admin\Desktop\CrackSoftware_unpacked.exe" C:\Users\admin\Desktop\CrackSoftware_unpacked.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
XblGameSave Standby Task
Version:
6.2.19041.1766
Modules
Images
c:\users\admin\desktop\cracksoftware_unpacked.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
AsyncRat
(PID) Process(6808) CrackSoftware_unpacked.exe
C2 (1)206.206.77.63
Ports (3)6606
7707
8808
Version0.5.8
BotnetFree1
Options
AutoRunfalse
MutexKw6rtGd3h9UZ
InstallFolder%AppData%
BSoDtrue
AntiVMtrue
Certificates
Cert1MIIE5jCCAs6gAwIBAgIQAM2HoLVRRIDi1g2hfnnn7TANBgkqhkiG9w0BAQ0FADAUMRIwEAYDVQQDDAlRTCBTZXJ2ZXIwIBcNMjUwNTA0MTczMDE2WhgPOTk5OTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMMCVFMIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKPm9cMAneGWF3gsiX45rXDar/l3mV+vb3fEuUr1hFmPDJUKGOX6fAJhEQH6c+SF7iG8Yx8Twa52NtbBiuKv2TqLPVZV...
Server_SignatureL0WAP2wJ/8pe4YY033iBJWmMW6GuQ6KFU8/IT7001sF5aXj5yLMmxb2KgcWhVgPvBkj0vT+71rSsSnC6WWMvbv3M3lQEjODxQog6rbpY48Hk1zX+augACXLs4uSo19+89Lu8c+ONtLgSKiuSDacjJ1tSrOKu3WjPL0MJzhadThOuB+6M5fRYESjqwVGRCZPBgwzxYXCeq1yapfHSmsKdhvm1oFNSo4OzsC26/Hf6Eu1lO2USjwjdp1+1nEa4S6Dj23eENgnGU7V5Ou0reWOtUwaWY11xln9KjwkOQteU3iAi...
Keys
AES4da4f707cefca472038c47c402c61bd5ef4a12a57b108f09bc75541d9d570c65
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
Total events
3 616
Read events
3 596
Write events
20
Delete events
0

Modification events

(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) CrackSoftware_unpacked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CrackSoftware_unpacked_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
1
Suspicious files
12
Text files
46
Unknown types
2

Dropped files

PID
Process
Filename
Type
6808CrackSoftware_unpacked.exeC:\MU\Doppelganger4.pngimage
MD5:262EC182C2DD8644ECF9495B3022B738
SHA256:F4487F089CC7B498FFD362B781970F1AFE372BB3D8B7B4C41B4CF4696019F75A
6808CrackSoftware_unpacked.exeC:\MU\Arena.pngimage
MD5:DF9D12151BA55662868FEC38AFD87F4F
SHA256:59CE7F4134C89B95F3F07FF96553FE515FEB95F3AB998928BC5636472577F395
6808CrackSoftware_unpacked.exeC:\MU\A2.PNGimage
MD5:B746074943272FEE5A206E2EC835C424
SHA256:03FCE0F28B91048B7238BE08207660CE54643859E595DEE97AF7F0D6C71B27CB
6808CrackSoftware_unpacked.exeC:\MU\Atlans.pngimage
MD5:D747BDCB907DC166CC42051327BD35FF
SHA256:1733B2295AACF8F3B5A9B4765B4B5EF254613FB08EBF19CA312010A074A82391
6808CrackSoftware_unpacked.exeC:\MU\Aida.pngimage
MD5:EC943AFD0B61FA187041D96E4FB1CA76
SHA256:0DAA51199EACC356FAB666BF802DC5A767B6E91935483939FDF1AB72965BF8DE
6808CrackSoftware_unpacked.exeC:\MU\BalgassRefuge.pngimage
MD5:0A951863D40B38180BAAF839FAC74DA8
SHA256:CBEBF3D5F1FC34B8B6200E2226D714793FB19E335865FC0DD13A57609C88B4EF
6808CrackSoftware_unpacked.exeC:\MU\Devias.pngimage
MD5:FB140E82EB7891B83D8EFCD75E16A72A
SHA256:30A55165F4D4B9AA1882DE29AEE7DB0CA1814A335D1F11C4E2A128FC1C67490E
6808CrackSoftware_unpacked.exeC:\MU\Doppelganger1.pngimage
MD5:E902C15743D28E4002F504854BBCB90C
SHA256:CA2349AB75292B1B7B986B67AE4F04E3BADDEA8E3098E3A2059BEF818AEFA965
6808CrackSoftware_unpacked.exeC:\MU\Elbeland.pngimage
MD5:2EB4E53B2CBD9AAF88F960C05E8C6CDC
SHA256:0752BA1A1FEBF0E9FC96C6C97989912910696B58A0EC736075256E7C6BD92CA3
6808CrackSoftware_unpacked.exeC:\MU\Crywolf.pngimage
MD5:AC89AB927C61EA4BB993E20ED61B8631
SHA256:1CDADB93BA052A4F5391EE7A6E6DF451C97E3B3F5C9610CE9B2822A70CFAD975
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
31
DNS requests
20
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
404
14.225.204.125:80
http://bdcam.net/NEW/NEW.php
unknown
malicious
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTPlNxcMEqnlIVyH5VuZ4lawhZX3QQU9oUKOxGG4QR9DqoLLNLuzGR7e64CEQCrZoa1YnvoBZaCEzAShkn1
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
6808
CrackSoftware_unpacked.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6808
CrackSoftware_unpacked.exe
206.206.77.63:8808
ATT-INTERNET4
US
malicious
2196
svchost.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.72
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
811092dcc98648d790a1730d08245b4b.monitor-eqatec.com
unknown
bdcam.net
  • 14.225.204.125
malicious
login.live.com
  • 20.190.160.3
  • 20.190.160.66
  • 20.190.160.131
  • 20.190.160.5
  • 20.190.160.4
  • 20.190.160.20
  • 40.126.32.74
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
github.com
  • 140.82.121.4
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CrackSoftware_unpacked.exe