File name:

PassRec_for_RAR.exe

Full analysis: https://app.any.run/tasks/4dc5c851-41e9-4b63-b35f-22738fd9e9a1
Verdict: Malicious activity
Analysis date: December 15, 2024, 11:37:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
obfuscated-js
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

41088FAB30FBE1B8826B000B979B2D08

SHA1:

6C72F8C890A9E28ED5EBE5FB84B1A6E4E85FAE5E

SHA256:

A1376DE18090292113A046CE47B054A9E00D5F5A814C8F670FF258D2D9807F06

SSDEEP:

98304:aFXo9EEBp7l4Z5Hx6ZgvXHTs5Y1dOHFr1UgnfDe5UaeC1XBcrSZxJ2la18/dIFFy:avS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • PassRec_for_RAR.exe (PID: 6696)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PassRec_for_RAR.exe (PID: 6696)

    • Process drops legitimate windows executable

      • PassRec_for_RAR.exe (PID: 6696)

    • The process drops C-runtime libraries

      • PassRec_for_RAR.exe (PID: 6696)

    • Reads security settings of Internet Explorer

      • PassRec_for_RAR.exe (PID: 6696)

    • Creates a software uninstall entry

      • PassRec_for_RAR.exe (PID: 6696)

  • INFO

    • The sample compiled with english language support

      • PassRec_for_RAR.exe (PID: 6696)

    • Create files in a temporary directory

      • PassRec_for_RAR.exe (PID: 6696)

    • The sample compiled with chinese language support

      • PassRec_for_RAR.exe (PID: 6696)

    • Checks supported languages

      • PassRec_for_RAR.exe (PID: 6696)
      • rarcracker_win.exe (PID: 556)
      • identity_helper.exe (PID: 4120)
      • identity_helper.exe (PID: 4228)

    • Reads the computer name

      • PassRec_for_RAR.exe (PID: 6696)
      • rarcracker_win.exe (PID: 556)
      • identity_helper.exe (PID: 4120)
      • identity_helper.exe (PID: 4228)

    • Creates files or folders in the user directory

      • PassRec_for_RAR.exe (PID: 6696)
      • rarcracker_win.exe (PID: 556)

    • The process uses the downloaded file

      • PassRec_for_RAR.exe (PID: 6696)

    • Process checks computer location settings

      • PassRec_for_RAR.exe (PID: 6696)

    • Sends debugging messages

      • rarcracker_win.exe (PID: 556)

    • Reads the machine GUID from the registry

      • rarcracker_win.exe (PID: 556)

    • Application launched itself

      • msedge.exe (PID: 4384)
      • msedge.exe (PID: 5460)
      • msedge.exe (PID: 6032)

    • Manual execution by a user

      • msedge.exe (PID: 5460)

    • Reads Environment values

      • identity_helper.exe (PID: 4228)
      • identity_helper.exe (PID: 4120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:07:29 08:25:57+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 2954752
InitializedDataSize: 926208
UninitializedDataSize: -
EntryPoint: 0x2d2a8c
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.1
ProductVersionNumber: 2.0.0.1
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Windows, Chinese (Simplified)
CompanyName: PassTech
FileDescription: 2.0.0.1
FileVersion: 2.0.0.1
InternalName: PassRec for RAR
LegalCopyright: PassTech
LegalTrademarks: -
OriginalFileName: -
ProductName: PassRec for RAR
ProductVersion: 2.0.0.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
178
Monitored processes
49
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start passrec_for_rar.exe rarcracker_win.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs passrec_for_rar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6648 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
556"C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe" C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe
PassRec_for_RAR.exe
User:
admin
Company:
Rar Cracker
Integrity Level:
HIGH
Description:
Rar Cracker
Exit code:
0
Version:
2.0.0.1
Modules
Images
c:\users\admin\appdata\local\passrecrar\rarcracker_win.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3524 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6188 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
1192"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5544 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3876 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3304 --field-trial-handle=2336,i,13998313904438156554,5296871194652350427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2336,i,13998313904438156554,5296871194652350427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4072 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
8 137
Read events
8 092
Write events
45
Delete events
0

Modification events

(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\rarcracker_win
Operation:writeName:source
Value:
for_RAR
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\rarcracker_win
Operation:writeName:guid
Value:
CE47350EA4034821A1F5386787BDB011
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:DisplayName
Value:
PassRec for RAR
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:DisplayIcon
Value:
"C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe"
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\PassRecRAR\unin.exe
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:DisplayVersion
Value:
2.0.0.9
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:Publisher
Value:
Kakasoft Software
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:ExePath
Value:
"C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe"
(PID) Process:(556) rarcracker_win.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(556) rarcracker_win.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
66
Suspicious files
145
Text files
89
Unknown types
0

Dropped files

PID
Process
Filename
Type
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\Temp\rarcracker_win.zip
MD5:
SHA256:
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\crack\ascii.chr
MD5:
SHA256:
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:B178F49844A5168D29D5CCE20A6303E3
SHA256:9358400795AFCC41F5E748E20B139CFBB1AC976B3E460597B0B21893D647276D
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:395D39F6EC3E09C5194899434150CDF7
SHA256:ECC40B2C80300B94615B450D5A97ED15CE51AA929C73DA22C906AB01856F8223
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-processthreads-l1-1-1.dllexecutable
MD5:DA1C671169DD183AFCA9AC76F46FD86E
SHA256:E5C2478571AB260776B547579ACD847BDECAC9B4B9B4590D4AC7C80135C68930
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-heap-l1-1-0.dllexecutable
MD5:C3AA45F69CEEEDAE8799C3C71CE4D64B
SHA256:4E756B8AB0E0047C838A29BC809E68945E9C10A4D054F33EE3EBD9B79546A23B
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\crack\config.initext
MD5:788E2DEAA96D3551731D5429B34CFC55
SHA256:90DD4272305E097D86B444CB6A9029665B6B946ECE1D5773C7F468E035003575
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-runtime-l1-1-0.dllexecutable
MD5:DA9CB6B2A96CA5F3D8EF55EF2F7165BA
SHA256:057991C1DA75CEFBE544992D78DB72BA476F6861819055AA011875ABEA3195CC
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-locale-l1-1-0.dllexecutable
MD5:8F1BF32B70D388EC06393D04E16EEC0A
SHA256:33F5A6D56BEE34DE3866587FABC5BE9040D30D69638B53D0301028F113ED2613
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-math-l1-1-0.dllexecutable
MD5:C723F17218F1C0CE46C69B76783BC15A
SHA256:6C38011A0BCF7D46FB2262029466D8FD731CF9ED9D10062C55894DF68ADFAA22
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
94
DNS requests
92
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/report/preinstall?soft_id=rarcracker_win&curr_ver=&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/config/soft_down?soft_id=rarcracker_win
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/report/install?soft_id=rarcracker_win&curr_ver=&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.246.46.229:80
http://cdn.passrec.com/zippackage/rarcracker/rarcrackeren2.0.0.9.zip
unknown
unknown
556
rarcracker_win.exe
POST
200
47.251.37.78:80
http://api.kakasoft.com/api/report/online?curr_ver=2.0.0.5&soft_id=rarcracker_win&maccode=W08994C5DB24&os=1&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011&source_soft_id=rarcracker_win&token=
unknown
whitelisted
556
rarcracker_win.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/config/update?curr_ver=2.0.0.5&soft_id=rarcracker_win&maccode=W08994C5DB24&os=1&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011&source_soft_id=rarcracker_win&token=
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2624
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.189:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6696
PassRec_for_RAR.exe
47.251.37.78:80
api.kakasoft.com
Alibaba US Technology Co., Ltd.
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
google.com
  • 142.250.184.238
whitelisted
www.bing.com
  • 2.23.209.189
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.130
  • 2.23.209.187
  • 2.23.209.185
  • 2.23.209.135
  • 2.23.209.133
  • 2.23.209.181
  • 2.23.209.148
  • 2.23.209.150
  • 2.23.209.158
  • 2.23.209.149
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
api.kakasoft.com
  • 47.251.37.78
whitelisted
login.live.com
  • 40.126.31.69
  • 20.190.159.4
  • 40.126.31.73
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.75
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
cdn.passrec.com
  • 47.246.46.229
  • 47.246.46.225
  • 47.246.46.226
  • 47.246.46.227
  • 47.246.46.232
  • 47.246.46.228
  • 47.246.46.230
  • 47.246.46.231
unknown

Threats

No threats detected
Process
Message
rarcracker_win.exe
QObject::connect: Cannot connect HRequest::jsonFinished(bool, const QValue&, const QString&) to (null)::(null)
rarcracker_win.exe
QString::arg: Argument missing: "QLabel{border:none;font-size: 15px;font-family: Microsoft YaHei;color:#FFFFFF;}" , 14
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PassRec_for_RAR.exe