File name:

PassRec_for_RAR.exe

Full analysis: https://app.any.run/tasks/4dc5c851-41e9-4b63-b35f-22738fd9e9a1
Verdict: Malicious activity
Analysis date: December 15, 2024, 11:37:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
obfuscated-js
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

41088FAB30FBE1B8826B000B979B2D08

SHA1:

6C72F8C890A9E28ED5EBE5FB84B1A6E4E85FAE5E

SHA256:

A1376DE18090292113A046CE47B054A9E00D5F5A814C8F670FF258D2D9807F06

SSDEEP:

98304:aFXo9EEBp7l4Z5Hx6ZgvXHTs5Y1dOHFr1UgnfDe5UaeC1XBcrSZxJ2la18/dIFFy:avS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • PassRec_for_RAR.exe (PID: 6696)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • PassRec_for_RAR.exe (PID: 6696)

    • The process drops C-runtime libraries

      • PassRec_for_RAR.exe (PID: 6696)

    • Creates a software uninstall entry

      • PassRec_for_RAR.exe (PID: 6696)

    • Reads security settings of Internet Explorer

      • PassRec_for_RAR.exe (PID: 6696)

    • Executable content was dropped or overwritten

      • PassRec_for_RAR.exe (PID: 6696)

  • INFO

    • Create files in a temporary directory

      • PassRec_for_RAR.exe (PID: 6696)

    • The sample compiled with chinese language support

      • PassRec_for_RAR.exe (PID: 6696)

    • Checks supported languages

      • PassRec_for_RAR.exe (PID: 6696)
      • rarcracker_win.exe (PID: 556)
      • identity_helper.exe (PID: 4120)
      • identity_helper.exe (PID: 4228)

    • Reads the computer name

      • PassRec_for_RAR.exe (PID: 6696)
      • rarcracker_win.exe (PID: 556)
      • identity_helper.exe (PID: 4120)
      • identity_helper.exe (PID: 4228)

    • The sample compiled with english language support

      • PassRec_for_RAR.exe (PID: 6696)

    • Creates files or folders in the user directory

      • PassRec_for_RAR.exe (PID: 6696)
      • rarcracker_win.exe (PID: 556)

    • The process uses the downloaded file

      • PassRec_for_RAR.exe (PID: 6696)

    • Process checks computer location settings

      • PassRec_for_RAR.exe (PID: 6696)

    • Sends debugging messages

      • rarcracker_win.exe (PID: 556)

    • Application launched itself

      • msedge.exe (PID: 4384)
      • msedge.exe (PID: 5460)
      • msedge.exe (PID: 6032)

    • Reads the machine GUID from the registry

      • rarcracker_win.exe (PID: 556)

    • Reads Environment values

      • identity_helper.exe (PID: 4120)
      • identity_helper.exe (PID: 4228)

    • Manual execution by a user

      • msedge.exe (PID: 5460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:07:29 08:25:57+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 2954752
InitializedDataSize: 926208
UninitializedDataSize: -
EntryPoint: 0x2d2a8c
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.1
ProductVersionNumber: 2.0.0.1
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Windows, Chinese (Simplified)
CompanyName: PassTech
FileDescription: 2.0.0.1
FileVersion: 2.0.0.1
InternalName: PassRec for RAR
LegalCopyright: PassTech
LegalTrademarks: -
OriginalFileName: -
ProductName: PassRec for RAR
ProductVersion: 2.0.0.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
178
Monitored processes
49
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start passrec_for_rar.exe rarcracker_win.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs passrec_for_rar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6648 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
556"C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe" C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe
PassRec_for_RAR.exe
User:
admin
Company:
Rar Cracker
Integrity Level:
HIGH
Description:
Rar Cracker
Exit code:
0
Version:
2.0.0.1
Modules
Images
c:\users\admin\appdata\local\passrecrar\rarcracker_win.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3524 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6188 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
1192"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5544 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3876 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3304 --field-trial-handle=2336,i,13998313904438156554,5296871194652350427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2336,i,13998313904438156554,5296871194652350427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4072 --field-trial-handle=2360,i,10539364954838850862,15497189749334905915,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
8 137
Read events
8 092
Write events
45
Delete events
0

Modification events

(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\rarcracker_win
Operation:writeName:source
Value:
for_RAR
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\rarcracker_win
Operation:writeName:guid
Value:
CE47350EA4034821A1F5386787BDB011
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:DisplayName
Value:
PassRec for RAR
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:DisplayIcon
Value:
"C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe"
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\PassRecRAR\unin.exe
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:DisplayVersion
Value:
2.0.0.9
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:Publisher
Value:
Kakasoft Software
(PID) Process:(6696) PassRec_for_RAR.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\rarcracker_win
Operation:writeName:ExePath
Value:
"C:\Users\admin\AppData\Local\PassRecRAR\rarcracker_win.exe"
(PID) Process:(556) rarcracker_win.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(556) rarcracker_win.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
66
Suspicious files
145
Text files
89
Unknown types
0

Dropped files

PID
Process
Filename
Type
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\Temp\rarcracker_win.zip
MD5:
SHA256:
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\crack\ascii.chr
MD5:
SHA256:
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-filesystem-l1-1-0.dllexecutable
MD5:C4D92C5CCF85F577B213B8F93F7DB782
SHA256:86FC8C1ED25712DB755C21D3D61E597A115D5750261DE443EE55A2F8D10EE640
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:B178F49844A5168D29D5CCE20A6303E3
SHA256:9358400795AFCC41F5E748E20B139CFBB1AC976B3E460597B0B21893D647276D
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-processthreads-l1-1-1.dllexecutable
MD5:DA1C671169DD183AFCA9AC76F46FD86E
SHA256:E5C2478571AB260776B547579ACD847BDECAC9B4B9B4590D4AC7C80135C68930
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-timezone-l1-1-0.dllexecutable
MD5:C54A336FDC425291B1D972F6FBACA6C7
SHA256:8D1F5410F8B4326876410B45FCDCABB96BEA4941F71EA5B11CB6DAE80E6BDD49
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-heap-l1-1-0.dllexecutable
MD5:C3AA45F69CEEEDAE8799C3C71CE4D64B
SHA256:4E756B8AB0E0047C838A29BC809E68945E9C10A4D054F33EE3EBD9B79546A23B
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-core-synch-l1-2-0.dllexecutable
MD5:500DC43299F083FBDCCD7043D8665C6F
SHA256:829C05601BAC069DB875DC89C713EE2F54B350CD5A1A96ECD1EA8EA46AC59AD5
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-math-l1-1-0.dllexecutable
MD5:C723F17218F1C0CE46C69B76783BC15A
SHA256:6C38011A0BCF7D46FB2262029466D8FD731CF9ED9D10062C55894DF68ADFAA22
6696PassRec_for_RAR.exeC:\Users\admin\AppData\Local\PassRecRAR\api-ms-win-crt-environment-l1-1-0.dllexecutable
MD5:E1C852F7771C28CEA12DA3084345B9A5
SHA256:F1634BFC7D08C588E85B6B6745084DD1B59BD5ECE9FB2817243EB3B877601FDB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
94
DNS requests
92
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4536
msedge.exe
GET
47.251.37.78:80
http://info.kakasoft.com/favicon.ico
unknown
whitelisted
4536
msedge.exe
GET
200
47.251.37.78:80
http://info.kakasoft.com/regmgr/t.php?act=buy&name=rarcracker_win&lang=en&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011&local-lang=en
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/report/preinstall?soft_id=rarcracker_win&curr_ver=&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/report/install?soft_id=rarcracker_win&curr_ver=&source=for_RAR&device_code=CE47350EA4034821A1F5386787BDB011
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6696
PassRec_for_RAR.exe
GET
200
47.246.46.229:80
http://cdn.passrec.com/zippackage/rarcracker/rarcrackeren2.0.0.9.zip
unknown
unknown
6696
PassRec_for_RAR.exe
GET
200
47.251.37.78:80
http://api.kakasoft.com/api/config/soft_down?soft_id=rarcracker_win
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2624
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.189:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6696
PassRec_for_RAR.exe
47.251.37.78:80
api.kakasoft.com
Alibaba US Technology Co., Ltd.
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
google.com
  • 142.250.184.238
whitelisted
www.bing.com
  • 2.23.209.189
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.130
  • 2.23.209.187
  • 2.23.209.185
  • 2.23.209.135
  • 2.23.209.133
  • 2.23.209.181
  • 2.23.209.148
  • 2.23.209.150
  • 2.23.209.158
  • 2.23.209.149
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
api.kakasoft.com
  • 47.251.37.78
whitelisted
login.live.com
  • 40.126.31.69
  • 20.190.159.4
  • 40.126.31.73
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.75
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
cdn.passrec.com
  • 47.246.46.229
  • 47.246.46.225
  • 47.246.46.226
  • 47.246.46.227
  • 47.246.46.232
  • 47.246.46.228
  • 47.246.46.230
  • 47.246.46.231
unknown

Threats

No threats detected
Process
Message
rarcracker_win.exe
QObject::connect: Cannot connect HRequest::jsonFinished(bool, const QValue&, const QString&) to (null)::(null)
rarcracker_win.exe
QString::arg: Argument missing: "QLabel{border:none;font-size: 15px;font-family: Microsoft YaHei;color:#FFFFFF;}" , 14
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
rarcracker_win.exe
UpdateLayeredWindowIndirect failed for ptDst=(0, 0), size=(1146x742), dirty=(1164x760 -9, -9) (The parameter is incorrect.)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PassRec_for_RAR.exe