File name:

GNBot Crack - Baseult - Kopie.zip

Full analysis: https://app.any.run/tasks/dfc59917-5805-496a-bad6-1362affc6924
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 11, 2020, 10:45:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

32A9BC239201E46EB511799D103961AD

SHA1:

F6599CC36BA64C9FE5067E9AD98587682405322E

SHA256:

8AFDC1B6143369A53236873DBFE4234F797BC900054AF1EDB29CFEF984466C53

SSDEEP:

393216:QixDDJ4zV16PaanzoAAjIa5pWRNtL0b19zkP:VDqzV1Kaahb3Yb194P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • GNBotCrack-Baseult.exe (PID: 2336)
      • SearchProtocolHost.exe (PID: 3432)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNBotCrack-Baseult.exe (PID: 3684)

    • Application was dropped or rewritten from another process

      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNBotCrack-Baseult.exe (PID: 2212)
      • GNLauncher.exe (PID: 1944)
      • GNLauncher.exe (PID: 2200)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNLauncher.exe (PID: 1020)
      • GNBotCrack-Baseult.exe (PID: 2096)
      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNBotCrack-Baseult.exe (PID: 2336)

    • Downloads executable files from the Internet

      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack - Baseult.exe (PID: 1572)

    • Starts Visual C# compiler

      • GNLauncher.exe (PID: 1020)
      • GNLauncher.exe (PID: 2200)

    • Changes settings of System certificates

      • GNLauncher.exe (PID: 2200)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2216)
      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNLauncher.exe (PID: 1020)
      • GNBotCrack - Baseult.exe (PID: 1572)

    • Reads Environment values

      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNBotCrack - Baseult.exe (PID: 1572)
      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNBotCrack-Baseult.exe (PID: 2336)

    • Reads the machine GUID from the registry

      • GNLauncher.exe (PID: 1020)
      • GNLauncher.exe (PID: 2200)

    • Reads Internet Cache Settings

      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNLauncher.exe (PID: 2200)

    • Starts Internet Explorer

      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNLauncher.exe (PID: 2200)

    • Adds / modifies Windows certificates

      • GNLauncher.exe (PID: 2200)

    • Reads internet explorer settings

      • GNLauncher.exe (PID: 2200)

    • Creates files in the user directory

      • notepad++.exe (PID: 2680)

  • INFO

    • Manual execution by user

      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack - Baseult.exe (PID: 3956)
      • GNLauncher.exe (PID: 1020)
      • GNBotCrack-Baseult.exe (PID: 2096)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNBotCrack - Baseult.exe (PID: 1572)
      • GNBotCrack - Baseult.exe (PID: 2696)
      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack-Baseult.exe (PID: 2212)
      • GNLauncher.exe (PID: 1944)
      • notepad++.exe (PID: 2680)

    • Dropped object may contain Bitcoin addresses

      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNLauncher.exe (PID: 2200)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 2084)
      • iexplore.exe (PID: 960)
      • iexplore.exe (PID: 1004)

    • Changes internet zones settings

      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 1004)

    • Application launched itself

      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 1004)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2084)

    • Creates files in the user directory

      • iexplore.exe (PID: 3308)

    • Reads settings of System Certificates

      • GNLauncher.exe (PID: 2200)
      • iexplore.exe (PID: 960)
      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 2084)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2084)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:02:02 11:28:04
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: GNBot Crack - Baseult/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
81
Monitored processes
23
Malicious processes
8
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start winrar.exe gnbotcrack - baseult.exe no specs gnbotcrack - baseult.exe searchprotocolhost.exe no specs gnbotcrack-baseult.exe gnbotcrack-baseult.exe no specs gnbotcrack-baseult.exe gnlauncher.exe no specs gnlauncher.exe csc.exe no specs gnlauncher.exe csc.exe no specs gnbotcrack-baseult.exe no specs gnbotcrack-baseult.exe gnbotcrack - baseult.exe no specs gnbotcrack - baseult.exe gnbotcrack-baseult.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe notepad++.exe gup.exe

Process information

PID
CMD
Path
Indicators
Parent process
960"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1004 CREDAT:275457 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1004"C:\Program Files\Internet Explorer\iexplore.exe" https://www.gnbots.com/memuC:\Program Files\Internet Explorer\iexplore.exeGNLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1020"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
GNLauncher
Exit code:
0
Version:
1.0.194.57723
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnlauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack - Baseult.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack - Baseult.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
GNBotCrack - Baseult
Exit code:
0
Version:
1.0
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnbotcrack - baseult.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1844"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\xcwpljwz\xcwpljwz.cmdline"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeGNLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Visual C# Command Line Compiler
Exit code:
1
Version:
4.7.3062.0 built by: NET472REL1
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
1944"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
GNLauncher
Exit code:
3221226540
Version:
1.0.194.57723
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnlauncher.exe
c:\systemroot\system32\ntdll.dll
2084"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3308 CREDAT:275457 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2096"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exeexplorer.exe
User:
admin
Company:
iBaseult
Integrity Level:
MEDIUM
Description:
GNBot Crack - Baseult
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnbotcrack-baseult.exe
c:\systemroot\system32\ntdll.dll
2200"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe
GNLauncher.exe
User:
admin
Integrity Level:
HIGH
Description:
GNLauncher
Exit code:
0
Version:
1.0.197.58675
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnlauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2212"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exeexplorer.exe
User:
admin
Company:
iBaseult
Integrity Level:
MEDIUM
Description:
GNBot Crack - Baseult
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnbotcrack-baseult.exe
c:\systemroot\system32\ntdll.dll
Total events
7 772
Read events
3 782
Write events
3 978
Delete events
12

Modification events

(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2216) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2216) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\GNBot Crack - Baseult - Kopie.zip
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000450000000204000037020000
Executable files
10
Suspicious files
59
Text files
97
Unknown types
29

Dropped files

PID
Process
Filename
Type
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\AmsBot.pngimage
MD5:17609100EDC4934B6AC2124755988FD4
SHA256:EDA328AA9B6B6981145C5F754C50F845FBD20EF498D4AB2A9CCB7E2387DAED27
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\DunesBot.pngimage
MD5:D05F1CFA89449D42D88E73C961ABE034
SHA256:FC1D3FA2935A6CFC76F2FA9B4008394F30058DB6D156603EF8DCB1BD82EA4895
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\GunsBot.pngimage
MD5:54222EA8E62DD97F506636F54587721D
SHA256:DA9B6B46E302ACD3F9698E8CF0393928F92FF0CDD742E6FFD5EB741CFC3F4D87
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\RocBot.pngimage
MD5:D38093EDCD5D8A9C9EAE8DCA019F34F4
SHA256:FC479DCE2E2FA216CEFEE51D05C29C8470DDCA64DA5AE12F466860CAC58675AE
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\KoAbot.pngimage
MD5:C1085A3EB34FEAA420369524B9610E89
SHA256:BB1E60DB32E0892A050B08319045C6E942CCBFBB7936C5AB317C3832668DEFCE
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\CGAbot.pngimage
MD5:4509BD49050E9BBDE60CD8920AADF740
SHA256:11488D987634829FA2C79C9FB24C378092F248159AC3FACB824A2AC6062A684C
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\CoeBot.pngimage
MD5:4FCB6A72F7514606D06996B7AFE10E50
SHA256:6251A19393164C3CA7D22BC31AF5829637308CC4A494ECE4F0F67D43A7F3E935
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\BWbot.pngimage
MD5:8284379E400B9F7E159CFD22C040C79B
SHA256:95308A909F3B46540606FC5E96B9123E53C5DF8BEBF0B6E1D23AE75D4F9D2F9E
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\KingsBotWest.pngimage
MD5:B83E04674157A6191571C1314430D401
SHA256:3E3C89DAEAB95EB88F20ED20A9D6CCBB9DF019B7ACD1CDC0166D029B0D299F90
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\RokBot.pngimage
MD5:8C39151CE88BCA36EC1CA67B6FA8B28B
SHA256:666B258F1C528DDFD7AE8CCC15A79956A7C33878B65DEBC49AB988BBA6F689A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
77
TCP/UDP connections
62
DNS requests
23
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3684
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/gn/welcometext.txt
US
text
31 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/shell.txt
US
text
24 b
malicious
2464
GNBotCrack - Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/updates/GNBotCrack-Baseult.exe
US
executable
24.2 Mb
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/IP.txt
US
text
24 b
malicious
2464
GNBotCrack - Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/updates/version.txt
US
text
24 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/gn/licensecode.txt
US
text
64 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/Text.txt
US
text
44 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/gn/Hardware/HardwareID.txt
US
text
64 b
malicious
3684
GNBotCrack-Baseult.exe
GET
404
198.54.114.177:80
http://baseult.com/gn/premium/premiumcode.txt
US
html
315 b
malicious
3684
GNBotCrack-Baseult.exe
GET
404
198.54.114.177:80
http://baseult.com/gn/premium/testcode.txt
US
html
315 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3684
GNBotCrack-Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
2336
GNBotCrack-Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
2464
GNBotCrack - Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
1572
GNBotCrack - Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
2084
iexplore.exe
198.54.114.177:443
baseult.com
Namecheap, Inc.
US
malicious
2084
iexplore.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
3308
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2084
iexplore.exe
172.217.16.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2084
iexplore.exe
172.217.21.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3364
GNBotCrack-Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
baseult.com
  • 198.54.114.177
malicious
www.goodnightbot.net
  • 160.153.205.58
suspicious
goodnightbot.net
  • 160.153.205.58
suspicious
fonts.googleapis.com
  • 172.217.16.170
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.pki.goog
  • 216.58.207.35
  • 172.217.21.195
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted

Threats

PID
Process
Class
Message
2464
GNBotCrack - Baseult.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2464
GNBotCrack - Baseult.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
1572
GNBotCrack - Baseult.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1572
GNBotCrack - Baseult.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2084
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2084
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
6 ETPRO signatures available at the full report
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
42C4C5846BB675C74E2B2C90C69AB44366401093
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GNBot Crack - Baseult - Kopie.zip