File name:

RedGiant Activation Service Unipatch 2024.x.exe

Full analysis: https://app.any.run/tasks/177ef74b-64c6-4711-ba03-a52af776a9ad
Verdict: Malicious activity
Analysis date: September 07, 2024, 11:55:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1BB8B2C55EC2CE5ACB923C058B0CA27D

SHA1:

F8E360979C69C51706400057B007053B66171504

SHA256:

847E57E75188D1FA8768A4F443CBF8D0FE5D5BE08B78705A2624AA9F472CC4DB

SSDEEP:

98304:lfIVB0ePoDNMhHTSkYIaYy19XfI4+Jz2mXXcxqTQzpJ86eaK/2vs83lBQBfO3RLr:lXB1ehTsApA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • net.exe (PID: 3852)
      • net.exe (PID: 3184)
      • net.exe (PID: 5556)
      • net.exe (PID: 6824)
      • net.exe (PID: 5040)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • net.exe (PID: 320)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 7040)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 6196)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • deep.tmp (PID: 1148)
      • deep.exe (PID: 1164)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 5516)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 6872)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • deep.exe (PID: 6836)
      • deep.tmp (PID: 1132)

    • Reads security settings of Internet Explorer

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 6844)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 5092)

    • Reads the Windows owner or organization settings

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • deep.tmp (PID: 1148)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • deep.tmp (PID: 1132)

    • Uses TIMEOUT.EXE to delay execution

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)

    • Uses TASKKILL.EXE to kill process

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • deep.tmp (PID: 1148)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • deep.tmp (PID: 1132)

    • Executing commands from ".cmd" file

      • deep.tmp (PID: 1148)
      • deep.tmp (PID: 1132)

    • Starts CMD.EXE for commands execution

      • deep.tmp (PID: 1148)
      • deep.tmp (PID: 1132)

    • The executable file from the user directory is run by the CMD process

      • perl.exe (PID: 6748)
      • perl.exe (PID: 3812)
      • perl.exe (PID: 6648)
      • perl.exe (PID: 7012)
      • perl.exe (PID: 2476)
      • perl.exe (PID: 6232)

  • INFO

    • Create files in a temporary directory

      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 7040)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 6196)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • deep.exe (PID: 1164)
      • deep.tmp (PID: 1148)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 6872)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 5516)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • deep.exe (PID: 6836)
      • deep.tmp (PID: 1132)

    • Checks supported languages

      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 7040)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 6844)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 6196)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • deep.exe (PID: 1164)
      • deep.tmp (PID: 1148)
      • perl.exe (PID: 3812)
      • perl.exe (PID: 6748)
      • perl.exe (PID: 6648)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 5516)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 5092)
      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 6872)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • deep.exe (PID: 6836)
      • deep.tmp (PID: 1132)
      • perl.exe (PID: 7012)
      • perl.exe (PID: 6232)
      • perl.exe (PID: 2476)

    • Process checks computer location settings

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 6844)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 5092)

    • Reads the computer name

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 6844)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • deep.tmp (PID: 1148)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 5092)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)
      • deep.tmp (PID: 1132)

    • Creates files in the program directory

      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 2700)
      • RedGiant Activation Service Unipatch 2024.x.tmp (PID: 3700)

    • Reads the software policy settings

      • slui.exe (PID: 7036)
      • slui.exe (PID: 6488)

    • Manual execution by a user

      • RedGiant Activation Service Unipatch 2024.x.exe (PID: 5516)

    • Checks proxy server information

      • slui.exe (PID: 6488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (51.8)
.exe | InstallShield setup (20.3)
.exe | Win32 EXE PECompact compressed (generic) (19.6)
.dll | Win32 Dynamic Link Library (generic) (3.1)
.exe | Win32 Executable (generic) (2.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:04:05 05:17:07+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 781824
InitializedDataSize: 59392
UninitializedDataSize: -
EntryPoint: 0xc0018
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2024.3.1.1
ProductVersionNumber: 2024.3.1.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Red Giant, LLC
FileDescription: Activation Service Unlocker Setup
FileVersion: 2024.3.1.1
LegalCopyright: © Red Giant LLC
OriginalFileName:
ProductName: Activation Service Unlocker
ProductVersion: 2024.3.1.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
215
Monitored processes
84
Malicious processes
6
Suspicious processes
5

Behavior graph

Click at the process to see the details
start redgiant activation service unipatch 2024.x.exe redgiant activation service unipatch 2024.x.tmp no specs redgiant activation service unipatch 2024.x.exe redgiant activation service unipatch 2024.x.tmp net.exe no specs conhost.exe no specs net1.exe no specs timeout.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs deep.exe deep.tmp taskkill.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs perl.exe no specs perl.exe no specs perl.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs sppextcomobj.exe no specs slui.exe rundll32.exe no specs slui.exe redgiant activation service unipatch 2024.x.exe redgiant activation service unipatch 2024.x.tmp no specs redgiant activation service unipatch 2024.x.exe redgiant activation service unipatch 2024.x.tmp net.exe no specs conhost.exe no specs net1.exe no specs timeout.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs deep.exe deep.tmp taskkill.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs perl.exe no specs perl.exe no specs perl.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\WINDOWS\system32\net.exe" start "Red Giant Service"C:\Windows\System32\net.exeRedGiant Activation Service Unipatch 2024.x.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ucrtbase.dll
376C:\WINDOWS\system32\net1 stop "Red Giant Service"C:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Users\admin\AppData\Local\Temp\is-JT1BC.tmp\deep.tmp" /SL5="$110248,842567,842240,C:\Users\admin\AppData\Local\Temp\is-TFKJ8.tmp\deep.exe" /verysilentC:\Users\admin\AppData\Local\Temp\is-JT1BC.tmp\deep.tmp
deep.exe
User:
admin
Company:
Red Giant, LLC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-jt1bc.tmp\deep.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1148"C:\Users\admin\AppData\Local\Temp\is-PI1NO.tmp\deep.tmp" /SL5="$1501F2,842567,842240,C:\Users\admin\AppData\Local\Temp\is-EOFGH.tmp\deep.exe" /verysilentC:\Users\admin\AppData\Local\Temp\is-PI1NO.tmp\deep.tmp
deep.exe
User:
admin
Company:
Red Giant, LLC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-pi1no.tmp\deep.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1164"C:\Users\admin\AppData\Local\Temp\is-EOFGH.tmp\deep.exe" /verysilentC:\Users\admin\AppData\Local\Temp\is-EOFGH.tmp\deep.exe
RedGiant Activation Service Unipatch 2024.x.tmp
User:
admin
Company:
Red Giant, LLC
Integrity Level:
HIGH
Description:
Activation Service Unlocker Setup
Exit code:
0
Version:
2024.3.1.1
Modules
Images
c:\users\admin\appdata\local\temp\is-eofgh.tmp\deep.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
1700\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2112"C:\WINDOWS\system32\taskkill.exe" /f /im "Cinema 4D Team Render Client.exe"C:\Windows\System32\taskkill.exeRedGiant Activation Service Unipatch 2024.x.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2144\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2360\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetimeout.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 930
Read events
4 910
Write events
12
Delete events
8

Modification events

(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Owner
Value:
7C040000F603BAED1C01DB01
(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:SessionHash
Value:
71F5BE5668336E04FBA0D1848411F9DE37CA65F522AA552ED252D357F32816A0
(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Sequence
Value:
1
(PID) Process:(1148) deep.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Operation:writeName:DevOverrideEnable
Value:
1
(PID) Process:(1148) deep.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CI\Policy
Operation:writeName:UpgradedSystem
Value:
1
(PID) Process:(1148) deep.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CI\Policy
Operation:writeName:BootUpgradedSystem
Value:
1
(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:delete valueName:Sequence
Value:

(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:delete valueName:SessionHash
Value:
嚾㍨Ѯꃻ蓑ᆄ�쨷ꨢ⹕勒埓⣳ꀖ
(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:delete valueName:Owner
Value:
Ѽ
(PID) Process:(1148) deep.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:delete keyName:(default)
Value:
Executable files
38
Suspicious files
0
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\libwinpthread-1.dllexecutable
MD5:59A112452CECCBA063CC85D0513FD0A7
SHA256:8AE45C5928698DF7DA6780E282BC5053A7B1A87A1CBA0A2083AA26C473C3F7F9
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\libgcc_s_seh-1.dllexecutable
MD5:97BA9D2D7090A7D265CEFED7FA40B1BF
SHA256:CB96718F7EF83319472E4CA3FCDF6D002226D3A6FF4D0D64B6E221ABA58016A3
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\is-6ABFL.tmpexecutable
MD5:97BA9D2D7090A7D265CEFED7FA40B1BF
SHA256:CB96718F7EF83319472E4CA3FCDF6D002226D3A6FF4D0D64B6E221ABA58016A3
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\is-Q0J7F.tmpexecutable
MD5:B1852A4962EA7185DC353FE6F0AB4553
SHA256:D747BB93D4E936DDD57B6258355A977E210AD308C0F832D3D47FAB6F9191C2CE
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\libstdc++-6.dllexecutable
MD5:B1852A4962EA7185DC353FE6F0AB4553
SHA256:D747BB93D4E936DDD57B6258355A977E210AD308C0F832D3D47FAB6F9191C2CE
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\is-EOFGH.tmp\_isetup\_iscrypt.dllexecutable
MD5:A69559718AB506675E907FE49DEB71E9
SHA256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\is-E4DBQ.tmpexecutable
MD5:59A112452CECCBA063CC85D0513FD0A7
SHA256:8AE45C5928698DF7DA6780E282BC5053A7B1A87A1CBA0A2083AA26C473C3F7F9
2700RedGiant Activation Service Unipatch 2024.x.tmpC:\Users\admin\AppData\Local\Temp\perl.exeexecutable
MD5:98A571D345034F8FF5953714A18B68A1
SHA256:13F689C7C8D93A546AE207E28000A0B163851DD0A148D5D329618FFC7DAFF554
6196RedGiant Activation Service Unipatch 2024.x.exeC:\Users\admin\AppData\Local\Temp\is-AU9IE.tmp\RedGiant Activation Service Unipatch 2024.x.tmpexecutable
MD5:F79890A0820BA2EABEAC0BDB7CFF91ED
SHA256:8120887CFEE68B924BCF8B5DBFD267645720C7ABCF1477258626D7349A4E2B3C
7040RedGiant Activation Service Unipatch 2024.x.exeC:\Users\admin\AppData\Local\Temp\is-8U9NJ.tmp\RedGiant Activation Service Unipatch 2024.x.tmpexecutable
MD5:F79890A0820BA2EABEAC0BDB7CFF91ED
SHA256:8120887CFEE68B924BCF8B5DBFD267645720C7ABCF1477258626D7349A4E2B3C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
53
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7056
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5816
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6260
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6260
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6516
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7056
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7056
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7056
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5816
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.206
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.4
  • 40.126.31.69
  • 20.190.159.23
  • 20.190.159.71
  • 40.126.31.67
  • 20.190.159.64
  • 40.126.31.71
  • 20.190.159.73
  • 20.190.159.68
  • 20.190.159.0
  • 20.190.159.75
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 13.85.23.86
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
www.bing.com
  • 2.23.209.150
  • 2.23.209.179
  • 2.23.209.176
  • 2.23.209.177
  • 2.23.209.189
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.158
  • 2.23.209.182
whitelisted
r.bing.com
  • 2.23.209.158
  • 2.23.209.150
  • 2.23.209.182
  • 2.23.209.177
  • 2.23.209.140
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.176
  • 2.23.209.133
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RedGiant Activation Service Unipatch 2024.x.exe