File name:

GNBot Crack - Baseult - Kopie.zip

Full analysis: https://app.any.run/tasks/530e929b-a4ec-475f-ba50-a9344f8dd71c
Verdict: Malicious activity
Analysis date: March 06, 2024, 14:34:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

32A9BC239201E46EB511799D103961AD

SHA1:

F6599CC36BA64C9FE5067E9AD98587682405322E

SHA256:

8AFDC1B6143369A53236873DBFE4234F797BC900054AF1EDB29CFEF984466C53

SSDEEP:

393216:QixDDJ4zV16PaanzoAAjIa5pWRNtL0b19zkP:VDqzV1Kaahb3Yb194P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1432)

  • SUSPICIOUS

    • Reads the Internet Settings

      • GNBotCrack - Baseult.exe (PID: 3276)
      • sipnotify.exe (PID: 2040)
      • runonce.exe (PID: 1140)
      • GNBotCrack - Baseult.exe (PID: 3020)
      • GNLauncher.exe (PID: 1460)

    • Application launched itself

      • WerFault.exe (PID: 564)

    • Reads settings of System Certificates

      • sipnotify.exe (PID: 2040)

    • The process executes via Task Scheduler

      • sipnotify.exe (PID: 2040)
      • ctfmon.exe (PID: 284)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1432)

    • Checks supported languages

      • GNBotCrack - Baseult.exe (PID: 3276)
      • IMEKLMG.EXE (PID: 2132)
      • wmpnscfg.exe (PID: 2460)
      • wmpnscfg.exe (PID: 2532)
      • GNBotCrack - Baseult.exe (PID: 3020)
      • IMEKLMG.EXE (PID: 2144)
      • GNLauncher.exe (PID: 1460)
      • wmpnscfg.exe (PID: 2096)

    • Reads the computer name

      • GNBotCrack - Baseult.exe (PID: 3276)
      • IMEKLMG.EXE (PID: 2132)
      • IMEKLMG.EXE (PID: 2144)
      • wmpnscfg.exe (PID: 2532)
      • GNBotCrack - Baseult.exe (PID: 3020)
      • wmpnscfg.exe (PID: 2460)
      • GNLauncher.exe (PID: 1460)
      • wmpnscfg.exe (PID: 2096)

    • Application launched itself

      • msedge.exe (PID: 1348)
      • msedge.exe (PID: 848)
      • msedge.exe (PID: 3152)
      • msedge.exe (PID: 1828)
      • msedge.exe (PID: 3108)
      • msedge.exe (PID: 892)
      • msedge.exe (PID: 3344)

    • Reads the machine GUID from the registry

      • GNBotCrack - Baseult.exe (PID: 3276)
      • GNBotCrack - Baseult.exe (PID: 3020)
      • GNLauncher.exe (PID: 1460)

    • Manual execution by a user

      • GNBotCrack - Baseult.exe (PID: 3276)
      • IMEKLMG.EXE (PID: 2132)
      • IMEKLMG.EXE (PID: 2144)
      • GNBotCrack - Baseult.exe (PID: 2444)
      • runonce.exe (PID: 1140)
      • msedge.exe (PID: 3344)
      • wmpnscfg.exe (PID: 2532)
      • GNBotCrack - Baseult.exe (PID: 3020)
      • GNBotCrack - Baseult.exe (PID: 2916)
      • wmpnscfg.exe (PID: 2460)
      • taskmgr.exe (PID: 3884)
      • GNLauncher.exe (PID: 1460)
      • wmpnscfg.exe (PID: 2096)
      • GNLauncher.exe (PID: 2212)

    • Reads Environment values

      • GNBotCrack - Baseult.exe (PID: 3276)
      • GNBotCrack - Baseult.exe (PID: 3020)
      • GNLauncher.exe (PID: 1460)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 1140)
      • sipnotify.exe (PID: 2040)

    • Process checks whether UAC notifications are on

      • IMEKLMG.EXE (PID: 2132)
      • IMEKLMG.EXE (PID: 2144)

    • Reads the time zone

      • runonce.exe (PID: 1140)

    • Reads the software policy settings

      • sipnotify.exe (PID: 2040)

    • Create files in a temporary directory

      • WerFault.exe (PID: 2052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:02:02 11:28:08
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: GNBot Crack - Baseult/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
66
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe gnbotcrack - baseult.exe no specs gnbotcrack - baseult.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ctfmon.exe no specs sipnotify.exe runonce.exe werfault.exe no specs werfault.exe no specs imeklmg.exe no specs imeklmg.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs gnbotcrack - baseult.exe no specs gnbotcrack - baseult.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs msedge.exe no specs msedge.exe no specs gnlauncher.exe no specs gnlauncher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
284C:\Windows\System32\ctfmon.exe C:\Windows\System32\ctfmon.exetaskeng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
CTF Loader
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
308"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1264,i,7695952166897864188,7760900752832671003,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
356"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0x138,0x13c,0x140,0x10c,0x148,0x681df598,0x681df5a8,0x681df5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
564"C:\Windows\System32\WerFault.exe" -k -rqC:\Windows\System32\WerFault.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1240 --field-trial-handle=1372,i,18314594967817289339,15858270348292758897,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://baseult.com/new/red.phpC:\Program Files\Microsoft\Edge\Application\msedge.exeGNBotCrack - Baseult.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
892"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://baseult.com/C:\Program Files\Microsoft\Edge\Application\msedge.exeGNBotCrack - Baseult.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
944"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1264,i,7695952166897864188,7760900752832671003,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1140runonce.exe /ExplorerC:\Windows\System32\runonce.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Run Once Wrapper
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\runonce.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1208"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3820 --field-trial-handle=1264,i,7695952166897864188,7760900752832671003,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
22 890
Read events
22 694
Write events
171
Delete events
25

Modification events

(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1432) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\GNBot Crack - Baseult - Kopie.zip
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
8
Suspicious files
102
Text files
122
Unknown types
56

Dropped files

PID
Process
Filename
Type
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\AmsBot.pngimage
MD5:17609100EDC4934B6AC2124755988FD4
SHA256:EDA328AA9B6B6981145C5F754C50F845FBD20EF498D4AB2A9CCB7E2387DAED27
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\AdbWinApi.dllexecutable
MD5:47A6EE3F186B2C2F5057028906BAC0C6
SHA256:14A51482AA003DB79A400F4B15C158397FE6D57EE6606B3D633FA431A7BFDF4B
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\BWbot.pngimage
MD5:8284379E400B9F7E159CFD22C040C79B
SHA256:95308A909F3B46540606FC5E96B9123E53C5DF8BEBF0B6E1D23AE75D4F9D2F9E
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\ConquestBot.pngimage
MD5:A2F15088444A857BB7EEA07C93F412C5
SHA256:4669A0C0A01938963F77C901DCBFBB21DD052FAE14E091588B705A2F5F99670A
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\CGAbot.pngimage
MD5:4509BD49050E9BBDE60CD8920AADF740
SHA256:11488D987634829FA2C79C9FB24C378092F248159AC3FACB824A2AC6062A684C
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\CoeBot.pngimage
MD5:4FCB6A72F7514606D06996B7AFE10E50
SHA256:6251A19393164C3CA7D22BC31AF5829637308CC4A494ECE4F0F67D43A7F3E935
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\KingsBot.pngimage
MD5:1DCBE140A2BA20A6CC3C2D4048746A26
SHA256:173EF014D0245ED281CD6188CBF336FD1119B7FB3CA21EC0E854ED3D98CE550C
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\GunsBot.pngimage
MD5:54222EA8E62DD97F506636F54587721D
SHA256:DA9B6B46E302ACD3F9698E8CF0393928F92FF0CDD742E6FFD5EB741CFC3F4D87
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\RocBot.pngimage
MD5:D38093EDCD5D8A9C9EAE8DCA019F34F4
SHA256:FC479DCE2E2FA216CEFEE51D05C29C8470DDCA64DA5AE12F466860CAC58675AE
1432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1432.18155\GNBot Crack - Baseult\GNCrack\app_images\RocBotKorea.pngimage
MD5:033AAAE2326CFF61E9AA1476203752C2
SHA256:27C7A5D5A692A11B2B6237F61B345BAA60CE71A5E061CA4D2C68ACE92C49AFCF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
116
DNS requests
115
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1460
GNLauncher.exe
GET
200
92.205.10.59:80
http://goodnightbot.net/gn/gnbot/db/m/images/AgeZbot.png
unknown
image
36.5 Kb
unknown
3552
msedge.exe
GET
200
69.192.161.44:80
http://r3.i.lencr.org/
unknown
binary
1.22 Kb
unknown
1460
GNLauncher.exe
POST
200
92.205.10.59:80
http://www.goodnightbot.net/gn/services/loader.php?data=JYuqQeFQmw0LunqxnUvh24UN/qaJd/9UDQl3ABzHn3s=
unknown
binary
2 b
unknown
3276
GNBotCrack - Baseult.exe
GET
302
54.209.32.212:80
http://baseult.com/updates/version.txt
unknown
unknown
2040
sipnotify.exe
HEAD
200
23.197.138.118:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133542093509060000
unknown
unknown
3020
GNBotCrack - Baseult.exe
GET
302
52.71.57.184:80
http://baseult.com/updates/version.txt
unknown
unknown
3552
msedge.exe
GET
302
54.209.32.212:80
http://baseult.com/
unknown
unknown
3552
msedge.exe
GET
301
151.101.1.21:80
http://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=TYXJD9Q5PPM6A&source=url
unknown
unknown
3552
msedge.exe
GET
302
54.209.32.212:80
http://baseult.com/new/red.php
unknown
unknown
3552
msedge.exe
GET
54.209.32.212:80
http://baseult.com/new/red.php
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
3276
GNBotCrack - Baseult.exe
54.209.32.212:80
baseult.com
AMAZON-AES
US
unknown
3276
GNBotCrack - Baseult.exe
172.67.70.191:443
www.hugedomains.com
CLOUDFLARENET
US
unknown
1108
svchost.exe
224.0.0.252:5355
unknown
2040
sipnotify.exe
23.197.138.118:80
query.prod.cms.rt.microsoft.com
Akamai International B.V.
US
unknown
3020
GNBotCrack - Baseult.exe
52.71.57.184:80
baseult.com
AMAZON-AES
US
unknown
3020
GNBotCrack - Baseult.exe
104.26.7.37:443
www.hugedomains.com
CLOUDFLARENET
US
shared
3552
msedge.exe
151.101.1.21:80
www.paypal.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
baseult.com
  • 54.209.32.212
  • 52.71.57.184
unknown
www.hugedomains.com
  • 172.67.70.191
  • 104.26.7.37
  • 104.26.6.37
whitelisted
query.prod.cms.rt.microsoft.com
  • 23.197.138.118
whitelisted
www.paypal.com
  • 151.101.1.21
  • 151.101.129.21
  • 151.101.65.21
  • 151.101.193.21
whitelisted
config.edge.skype.com
  • 52.123.243.94
  • 52.123.243.85
  • 52.123.243.75
  • 52.123.243.218
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.paypalobjects.com
  • 192.229.221.25
whitelisted
t.paypal.com
  • 151.101.193.35
  • 151.101.65.35
  • 151.101.1.35
  • 151.101.129.35
whitelisted
www.bing.com
  • 2.23.209.141
  • 2.23.209.140
  • 2.23.209.135
  • 2.23.209.182
  • 2.23.209.185
  • 2.23.209.133
  • 2.23.209.181
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.156
  • 2.23.209.179
  • 2.23.209.160
  • 2.23.209.150
  • 2.23.209.154
  • 2.23.209.177
  • 2.23.209.183
  • 2.16.100.136
  • 2.16.100.128
  • 2.16.100.131
  • 2.16.101.97
  • 2.16.101.90
  • 2.16.101.89
  • 2.16.100.144
  • 2.16.101.88
  • 2.16.101.74
  • 2.23.209.158
  • 2.23.209.193
  • 2.23.209.187
whitelisted
zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
  • 104.17.209.240
  • 104.17.208.240
whitelisted

Threats

PID
Process
Class
Message
3552
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
1460
GNLauncher.exe
Potential Corporate Privacy Violation
AV POLICY Empty HTTP Authentication Header
1460
GNLauncher.exe
Potential Corporate Privacy Violation
AV POLICY Empty HTTP Authentication Header
1460
GNLauncher.exe
Potential Corporate Privacy Violation
AV POLICY Empty HTTP Authentication Header
3552
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GNBot Crack - Baseult - Kopie.zip