File name:

analytics.uk.net.exe

Full analysis: https://app.any.run/tasks/da0c0980-7ac4-4332-9fde-2ac19d4f9a54
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: February 15, 2026, 16:38:39
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
rat
asyncrat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

974C53BFABA6726702ABC100746086CF

SHA1:

77AC537D8A1C824621A35FA2BA8B8777C1E291B2

SHA256:

A06E9B59C1727F03BAF1657FEC464B0159460E872FF664A664F1A929B6C64334

SSDEEP:

1536:/kWtvwVFfYSpbzmHIF8U4xOB9HLX03b6Xle7Bo6mqx:/kWtvwVFfYxHIlr03b6koqx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ASYNCRAT has been detected (YARA)

      • analytics.uk.net.exe (PID: 5080)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • analytics.uk.net.exe (PID: 5080)

    • Reads the machine GUID from the registry

      • analytics.uk.net.exe (PID: 5080)

    • Reads the computer name

      • analytics.uk.net.exe (PID: 5080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(5080) analytics.uk.net.exe
C2 (1)analytics.uk.net
Ports (5)80
8080
443
8443
6000
Version0.5.8
BotnetDefault
Options
AutoRunfalse
MutexF7242qWXHkeE
InstallFolder%AppData%
BSoDfalse
AntiVMfalse
Certificates
Cert1MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3...
Server_SignatureLY83LI6KoKeIGgzHiOjSjb9/2mDHKFnZpLSRSeo5/20qIRGov8DBngTzsxLP9ufuzqFoOoZL5SdGdWHJW1of497DDr2Lo3cf++3wIT7Tk0kxVdO38JZLn9y1ZMBYOjeGkJ28WvSiXK5UjirsEDeoM3yLSXJ/WK6kWaE2UKGeSRNco8dxK0QQaTBYOjvT3DxvskdIOXrn4LvtvlmfNQOccfrlupavIK15DKL0a+WYTytB2iCAzagL2FGA5wjDcE2D6/Oy0Ayj3Q3wTduNdk/vIQoItDe/YxmbQLi02OX/hZLc...
Keys
AES053c386bf7ff912d5a6f880bad001b632e9580ec39e07fe37e45282a3d3b901c
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:16 21:40:53+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 43008
InitializedDataSize: 2560
UninitializedDataSize: -
EntryPoint: 0xc73e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: -
FileVersion: 1.0.0.0
InternalName: Stub.exe
LegalCopyright: -
LegalTrademarks: -
OriginalFileName: Stub.exe
ProductName: -
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #ASYNCRAT analytics.uk.net.exe slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5080"C:\Users\admin\Downloads\analytics.uk.net.exe" C:\Users\admin\Downloads\analytics.uk.net.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Version:
1.0.0.0
Modules
Images
c:\users\admin\downloads\analytics.uk.net.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
AsyncRat
(PID) Process(5080) analytics.uk.net.exe
C2 (1)analytics.uk.net
Ports (5)80
8080
443
8443
6000
Version0.5.8
BotnetDefault
Options
AutoRunfalse
MutexF7242qWXHkeE
InstallFolder%AppData%
BSoDfalse
AntiVMfalse
Certificates
Cert1MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3...
Server_SignatureLY83LI6KoKeIGgzHiOjSjb9/2mDHKFnZpLSRSeo5/20qIRGov8DBngTzsxLP9ufuzqFoOoZL5SdGdWHJW1of497DDr2Lo3cf++3wIT7Tk0kxVdO38JZLn9y1ZMBYOjeGkJ28WvSiXK5UjirsEDeoM3yLSXJ/WK6kWaE2UKGeSRNco8dxK0QQaTBYOjvT3DxvskdIOXrn4LvtvlmfNQOccfrlupavIK15DKL0a+WYTytB2iCAzagL2FGA5wjDcE2D6/Oy0Ayj3Q3wTduNdk/vIQoItDe/YxmbQLi02OX/hZLc...
Keys
AES053c386bf7ff912d5a6f880bad001b632e9580ec39e07fe37e45282a3d3b901c
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
6060C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
635
Read events
635
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
28
DNS requests
18
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
5516
svchost.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
7640
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
7640
SIHClient.exe
GET
200
20.242.39.171:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
7640
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
7640
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
GET
200
172.66.2.5:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
unknown
whitelisted
356
svchost.exe
POST
200
20.190.159.129:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
unknown
whitelisted
356
svchost.exe
POST
200
20.190.159.129:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5516
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7228
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2.16.241.197:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
172.66.2.5:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5080
analytics.uk.net.exe
172.67.138.150:8080
analytics.uk.net
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
self.events.data.microsoft.com
  • 13.89.179.14
whitelisted
google.com
  • 142.251.141.110
whitelisted
www.bing.com
  • 2.16.241.197
  • 2.16.241.221
  • 2.16.241.217
  • 2.16.241.227
  • 2.16.241.215
  • 2.16.241.214
  • 2.16.241.200
  • 2.16.241.220
  • 2.16.241.223
whitelisted
ocsp.digicert.com
  • 172.66.2.5
  • 162.159.142.9
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
analytics.uk.net
  • 172.67.138.150
  • 104.21.26.192
unknown
login.live.com
  • 20.190.159.129
  • 40.126.31.131
  • 20.190.159.71
  • 20.190.159.131
  • 40.126.31.69
  • 20.190.159.2
  • 20.190.159.75
  • 40.126.31.67
whitelisted
crl.microsoft.com
  • 23.216.77.31
  • 23.216.77.21
  • 23.216.77.23
  • 23.216.77.14
whitelisted

Threats

PID
Process
Class
Message
5080
analytics.uk.net.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Common RAT related JA3 hash observed
5516
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
analytics.uk.net.exe