File name:

PCVR-Rookie.exe

Full analysis: https://app.any.run/tasks/da6e2bf7-4c41-41c5-9e18-2db40cd827e7
Verdict: Malicious activity
Analysis date: August 08, 2024, 01:13:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

7E660168665D26CD71ED031BBE6D76B7

SHA1:

EA90944F7F589F92D0322C4E3EB4943CF449FE5F

SHA256:

9F71F0C21498C7E2957E8BA80BDDEE5AC53C33E45FA2FB6D93C661955C3A318C

SSDEEP:

24576:tlof8vpaSUHexvHrLMO9srQWGY65PsOutJ0dT5:Pof8vpaSUHexfrLMO9srQWGY+PsOuJ0T

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • PCVR-Rookie.exe (PID: 6620)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • PCVR-Rookie.exe (PID: 6620)

    • Executable content was dropped or overwritten

      • PCVR-Rookie.exe (PID: 6620)

    • Drops 7-zip archiver for unpacking

      • PCVR-Rookie.exe (PID: 6620)

  • INFO

    • Reads the machine GUID from the registry

      • PCVR-Rookie.exe (PID: 6620)

    • Reads the computer name

      • PCVR-Rookie.exe (PID: 6620)
      • 7z.exe (PID: 6856)
      • rclone.exe (PID: 460)
      • rclone.exe (PID: 4296)
      • rclone.exe (PID: 6800)
      • rclone.exe (PID: 2468)
      • rclone.exe (PID: 6712)
      • rclone.exe (PID: 4308)
      • rclone.exe (PID: 6828)
      • rclone.exe (PID: 7024)
      • rclone.exe (PID: 4084)
      • rclone.exe (PID: 5116)
      • rclone.exe (PID: 1104)
      • rclone.exe (PID: 6844)
      • rclone.exe (PID: 2804)

    • Checks supported languages

      • PCVR-Rookie.exe (PID: 6620)
      • 7z.exe (PID: 6856)
      • rclone.exe (PID: 460)
      • rclone.exe (PID: 2468)
      • rclone.exe (PID: 4308)
      • rclone.exe (PID: 4296)
      • rclone.exe (PID: 6712)
      • rclone.exe (PID: 6800)
      • rclone.exe (PID: 6844)
      • rclone.exe (PID: 6828)
      • rclone.exe (PID: 7024)
      • rclone.exe (PID: 1104)
      • rclone.exe (PID: 4084)
      • rclone.exe (PID: 2804)
      • rclone.exe (PID: 5116)

    • Reads Environment values

      • PCVR-Rookie.exe (PID: 6620)

    • Creates files or folders in the user directory

      • PCVR-Rookie.exe (PID: 6620)

    • Create files in a temporary directory

      • PCVR-Rookie.exe (PID: 6620)
      • 7z.exe (PID: 6856)

    • Disables trace logs

      • PCVR-Rookie.exe (PID: 6620)

    • Checks proxy server information

      • PCVR-Rookie.exe (PID: 6620)

    • Reads the software policy settings

      • PCVR-Rookie.exe (PID: 6620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2096:08:05 23:25:58+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 528896
InitializedDataSize: 413184
UninitializedDataSize: -
EntryPoint: 0x8311e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.0
ProductVersionNumber: 2.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Rookie Sideloader
CompanyName: Rookie.WTF
FileDescription: AndroidSideloader
FileVersion: 2.0.0.0
InternalName: Rookie-PCVR.exe
LegalCopyright: Copyright © 2020
LegalTrademarks: -
OriginalFileName: Rookie-PCVR.exe
ProductName: AndroidSideloader
ProductVersion: 2.0.0.0
AssemblyVersion: 2.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
29
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start pcvr-rookie.exe 7z.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs rclone.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
460"C:\Users\admin\AppData\Local\Temp\rclone\rclone.exe" cat ":PCVR Games/VRP-GameList.txt" --config vrp.download.configC:\Users\admin\AppData\Local\Temp\rclone\rclone.exePCVR-Rookie.exe
User:
admin
Company:
https://rclone.org
Integrity Level:
MEDIUM
Description:
Rclone
Exit code:
1
Version:
1.66.0
Modules
Images
c:\users\admin\appdata\local\temp\rclone\rclone.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
1104"C:\Users\admin\AppData\Local\Temp\rclone\rclone.exe" cat ":PCVR Games/VRP-GameList.txt" --config vrp.download.configC:\Users\admin\AppData\Local\Temp\rclone\rclone.exePCVR-Rookie.exe
User:
admin
Company:
https://rclone.org
Integrity Level:
MEDIUM
Description:
Rclone
Exit code:
1
Version:
1.66.0
Modules
Images
c:\users\admin\appdata\local\temp\rclone\rclone.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
2468"C:\Users\admin\AppData\Local\Temp\rclone\rclone.exe" cat ":PCVR Games/VRP-GameList.txt" --config vrp.download.configC:\Users\admin\AppData\Local\Temp\rclone\rclone.exePCVR-Rookie.exe
User:
admin
Company:
https://rclone.org
Integrity Level:
MEDIUM
Description:
Rclone
Exit code:
1
Version:
1.66.0
Modules
Images
c:\users\admin\appdata\local\temp\rclone\rclone.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
2804"C:\Users\admin\AppData\Local\Temp\rclone\rclone.exe" cat ":PCVR Games/VRP-GameList.txt" --config vrp.download.configC:\Users\admin\AppData\Local\Temp\rclone\rclone.exePCVR-Rookie.exe
User:
admin
Company:
https://rclone.org
Integrity Level:
MEDIUM
Description:
Rclone
Exit code:
1
Version:
1.66.0
Modules
Images
c:\users\admin\appdata\local\temp\rclone\rclone.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
3292\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exerclone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3292\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exerclone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3568\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exerclone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4084"C:\Users\admin\AppData\Local\Temp\rclone\rclone.exe" cat ":PCVR Games/VRP-GameList.txt" --config vrp.download.configC:\Users\admin\AppData\Local\Temp\rclone\rclone.exePCVR-Rookie.exe
User:
admin
Company:
https://rclone.org
Integrity Level:
MEDIUM
Description:
Rclone
Exit code:
1
Version:
1.66.0
Modules
Images
c:\users\admin\appdata\local\temp\rclone\rclone.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
4192\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exerclone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4192\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exerclone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
35 858
Read events
35 589
Write events
269
Delete events
0

Modification events

(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PCVR-Rookie_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PCVR-Rookie_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PCVR-Rookie_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PCVR-Rookie_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6620) PCVR-Rookie.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PCVR-Rookie_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
Executable files
2
Suspicious files
1
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
68567z.exeC:\Users\admin\AppData\Local\Temp\rclone-v1.66.0-windows-amd64\rclone.exe
MD5:
SHA256:
6620PCVR-Rookie.exeC:\Users\admin\AppData\Local\Temp\rclone.zipcompressed
MD5:10BABE225D85F3DA58EE8CC260B63793
SHA256:8E8BB13FB0D7BEB316487ECDE8EAD5426784CDCDBF8B4D8DD381C6FE8C7D92A0
6620PCVR-Rookie.exeC:\Users\admin\AppData\Local\Rookie.WTF\PCVR-Rookie.exe_Url_xvschwsgakn2nagjsqlofr5vkuygxcxa\2.0.0.0\tfznqpjz.newcfgxml
MD5:410AFDA4BDE459246A3CA55E2EE36BC3
SHA256:4C28889E076FC03D80185C5CC0C85F26B4078E84C279CC2943C0B3CCAD0F9B4E
6620PCVR-Rookie.exeC:\Users\admin\AppData\Local\Temp\7z.exeexecutable
MD5:1A7EAA1DAB7867E15D7800AE0B5AF5E3
SHA256:356BEA8B6E9EB84DFA0DD8674E7C03428C641A47789DF605C5BEA0730DE4AED2
68567z.exeC:\Users\admin\AppData\Local\Temp\rclone-v1.66.0-windows-amd64\git-log.txttext
MD5:D1D8FE6F0BDE0342D206768762FF354A
SHA256:97F0028701D4043414BB18B460FD3F2DD2BAC9626E14A529A14E64DB523272CA
68567z.exeC:\Users\admin\AppData\Local\Temp\rclone-v1.66.0-windows-amd64\README.htmlhtml
MD5:5DCCEDACC553BE80C9AFA46E51E9D246
SHA256:9FA07BEDD060AC1E367C774DAC98F551A05BFF0A0B3348C8AD06A71CAE0CEDFA
68567z.exeC:\Users\admin\AppData\Local\Temp\rclone-v1.66.0-windows-amd64\rclone.1text
MD5:8BB2671AFD9845B9F071C5F9D4EE05BB
SHA256:2BE27AC123744815621F3D25F36327E54945862CD0BDC21CE9AF10097F23D3FD
68567z.exeC:\Users\admin\AppData\Local\Temp\rclone-v1.66.0-windows-amd64\README.txttext
MD5:6A54F7361DDB095EBA537B88109342BB
SHA256:B55306E1C65A924A193D5870D8C9D35BC9777E1CA58F0BC73A82E219410034A1
6620PCVR-Rookie.exeC:\Users\admin\AppData\Local\Rookie.WTF\PCVR-Rookie.exe_Url_xvschwsgakn2nagjsqlofr5vkuygxcxa\2.0.0.0\aucvfkc3.newcfgxml
MD5:80FB0F0A5948978437AC75F5C13B722E
SHA256:C58BFDDB714A283BAE69704D4BF76B7BA673739E08245862F7157AFE6F2A7BE7
6620PCVR-Rookie.exeC:\Users\admin\AppData\Local\Temp\7z.dllexecutable
MD5:71EBAC040D32560BB9D76A552A7CB986
SHA256:1AA51AA9BB50B26BB652D9C442208DB76546286B0DB169C8882DE97D1117029D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
51
DNS requests
21
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6360
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6332
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4016
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5336
SearchApp.exe
2.23.209.133:443
www.bing.com
Akamai International B.V.
GB
unknown
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4920
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5336
SearchApp.exe
2.23.209.182:443
www.bing.com
Akamai International B.V.
GB
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.78
whitelisted
www.bing.com
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.130
  • 2.23.209.182
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.64
  • 40.126.31.71
  • 40.126.31.67
  • 20.190.159.75
  • 40.126.31.73
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
th.bing.com
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.130
whitelisted
downloads.rclone.org
  • 95.217.6.16
unknown
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
github.com
  • 140.82.121.4
shared

Threats

PID
Process
Class
Message
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
6620
PCVR-Rookie.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PCVR-Rookie.exe