File name:

2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar

Full analysis: https://app.any.run/tasks/3db82f0e-604f-42fa-9fa6-270014c8afa2
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 17:02:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
python
pyinstaller
asyncrat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

CDDAAF44672092C19AD7AC47F2A5E3CC

SHA1:

684F2F533412FDF730F57BA7B73BFFC05FF27580

SHA256:

AF948EE5B3463699028885165B4901B38FCE12355875066583C6A34DE61967B4

SSDEEP:

98304:TJ31PisdJE8slJ7CxPy9xolFZgHkjmroIaAZhhRb4bBafg5j+6KXOMPxTjHSJGHh:EjjYTeRi/BqpnTmGpDBV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ASYNCRAT has been detected (YARA)

      • app_zj12uo.exe (PID: 5528)

  • SUSPICIOUS

    • Process drops python dynamic module

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Executable content was dropped or overwritten

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Process drops legitimate windows executable

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Application launched itself

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Loads Python modules

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • The process drops C-runtime libraries

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Starts CMD.EXE for commands execution

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Connects to unusual port

      • app_zj12uo.exe (PID: 5528)

    • There is functionality for taking screenshot (YARA)

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

  • INFO

    • Checks supported languages

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)
      • app_zj12uo.exe (PID: 5528)

    • Create files in a temporary directory

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Reads the computer name

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • app_zj12uo.exe (PID: 5528)

    • The sample compiled with english language support

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Checks operating system version

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Creates files or folders in the user directory

      • app_zj12uo.exe (PID: 5528)

    • Reads the machine GUID from the registry

      • app_zj12uo.exe (PID: 5528)

    • Reads Environment values

      • app_zj12uo.exe (PID: 5528)

    • PyInstaller has been detected (YARA)

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Reads the software policy settings

      • slui.exe (PID: 4380)

    • Checks proxy server information

      • slui.exe (PID: 4380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(5528) app_zj12uo.exe
C2 (2)127.0.0.1
68.183.98.89
Ports (3)4449
7769
3316
VersionVenom RAT + HVNC + Stealer + Grabber v6.0.3
Options
AutoRunfalse
Mutex950e97ae93230d02eee2a84a0032413e689a9f74a5995a481b0fc
InstallFolder%AppData%
Certificates
Cert1MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcN...
Server_SignatureT6j+xjB2pvUmVfXjKxz9R/sDvBZwtZW3V+saag4IVX85K4Pj4QXmF/jtaiGWkLBs45jKALuVRSuo/1IaQ/K4p8CsvlXiqtRdb0XlgEbCES/AHXNcTtwUN8bQE4vKjwmgC339VUhz8TA3nPUQ0BT8cxFFXFPr9reJfYyhkbQOmCA=
Keys
AES33b015713b91790d53292996ec06bce09f212d132bd6281353e7f30cda73ac5d
SaltVenomRATByVenom
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:06:19 18:39:58+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.41
CodeSize: 172032
InitializedDataSize: 132096
UninitializedDataSize: -
EntryPoint: 0xce20
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe cmd.exe no specs conhost.exe no specs #ASYNCRAT app_zj12uo.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2192"C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe" C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3640"C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe" C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3964\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4380C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5528C:\Users\admin\AppData\Local\Temp\app_zj12uo\app_zj12uo.exeC:\Users\admin\AppData\Local\Temp\app_zj12uo\app_zj12uo.exe
2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Version:
2.14.0.35
Modules
Images
c:\users\admin\appdata\local\temp\app_zj12uo\app_zj12uo.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
AsyncRat
(PID) Process(5528) app_zj12uo.exe
C2 (2)127.0.0.1
68.183.98.89
Ports (3)4449
7769
3316
VersionVenom RAT + HVNC + Stealer + Grabber v6.0.3
Options
AutoRunfalse
Mutex950e97ae93230d02eee2a84a0032413e689a9f74a5995a481b0fc
InstallFolder%AppData%
Certificates
Cert1MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcN...
Server_SignatureT6j+xjB2pvUmVfXjKxz9R/sDvBZwtZW3V+saag4IVX85K4Pj4QXmF/jtaiGWkLBs45jKALuVRSuo/1IaQ/K4p8CsvlXiqtRdb0XlgEbCES/AHXNcTtwUN8bQE4vKjwmgC339VUhz8TA3nPUQ0BT8cxFFXFPr9reJfYyhkbQOmCA=
Keys
AES33b015713b91790d53292996ec06bce09f212d132bd6281353e7f30cda73ac5d
SaltVenomRATByVenom
6688C:\WINDOWS\system32\cmd.exe /c "ver"C:\Windows\System32\cmd.exe2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 042
Read events
4 042
Write events
0
Delete events
0

Modification events

No data
Executable files
103
Suspicious files
1
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_cbc.pydexecutable
MD5:40390F2113DC2A9D6CFAE7127F6BA329
SHA256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_chacha20.pydexecutable
MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
SHA256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_pkcs1_decode.pydexecutable
MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
SHA256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_aes.pydexecutable
MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
SHA256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_cast.pydexecutable
MD5:2E15AA6F97ED618A3236CFA920988142
SHA256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_blowfish.pydexecutable
MD5:B127CAE435AEB8A2A37D2A1BC1C27282
SHA256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_cfb.pydexecutable
MD5:899895C0ED6830C4C9A3328CC7DF95B6
SHA256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_ARC4.pydexecutable
MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
SHA256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_Salsa20.pydexecutable
MD5:F19CB847E567A31FAB97435536C7B783
SHA256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_eksblowfish.pydexecutable
MD5:3727271FE04ECB6D5E49E936095E95BC
SHA256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
51
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2028
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.159.128:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
400
20.190.159.128:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
20.190.159.0:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
POST
200
40.126.31.69:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2028
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2028
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
  • 23.55.104.190
  • 23.55.104.172
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
login.live.com
  • 20.190.159.75
  • 40.126.31.129
  • 20.190.159.68
  • 20.190.159.2
  • 40.126.31.73
  • 40.126.31.0
  • 20.190.159.23
  • 40.126.31.130
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.48
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar