File name:

2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar

Full analysis: https://app.any.run/tasks/3db82f0e-604f-42fa-9fa6-270014c8afa2
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 17:02:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
python
pyinstaller
asyncrat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

CDDAAF44672092C19AD7AC47F2A5E3CC

SHA1:

684F2F533412FDF730F57BA7B73BFFC05FF27580

SHA256:

AF948EE5B3463699028885165B4901B38FCE12355875066583C6A34DE61967B4

SSDEEP:

98304:TJ31PisdJE8slJ7CxPy9xolFZgHkjmroIaAZhhRb4bBafg5j+6KXOMPxTjHSJGHh:EjjYTeRi/BqpnTmGpDBV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ASYNCRAT has been detected (YARA)

      • app_zj12uo.exe (PID: 5528)

  • SUSPICIOUS

    • Process drops python dynamic module

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Executable content was dropped or overwritten

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Process drops legitimate windows executable

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Application launched itself

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • The process drops C-runtime libraries

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Loads Python modules

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Starts CMD.EXE for commands execution

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Connects to unusual port

      • app_zj12uo.exe (PID: 5528)

    • There is functionality for taking screenshot (YARA)

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

  • INFO

    • The sample compiled with english language support

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Checks supported languages

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)
      • app_zj12uo.exe (PID: 5528)

    • Reads the computer name

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • app_zj12uo.exe (PID: 5528)

    • Create files in a temporary directory

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Checks operating system version

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)

    • Reads the machine GUID from the registry

      • app_zj12uo.exe (PID: 5528)

    • Reads Environment values

      • app_zj12uo.exe (PID: 5528)

    • Creates files or folders in the user directory

      • app_zj12uo.exe (PID: 5528)

    • PyInstaller has been detected (YARA)

      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 2192)
      • 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe (PID: 3640)

    • Reads the software policy settings

      • slui.exe (PID: 4380)

    • Checks proxy server information

      • slui.exe (PID: 4380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(5528) app_zj12uo.exe
C2 (2)127.0.0.1
68.183.98.89
Ports (3)4449
7769
3316
VersionVenom RAT + HVNC + Stealer + Grabber v6.0.3
Options
AutoRunfalse
Mutex950e97ae93230d02eee2a84a0032413e689a9f74a5995a481b0fc
InstallFolder%AppData%
Certificates
Cert1MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcN...
Server_SignatureT6j+xjB2pvUmVfXjKxz9R/sDvBZwtZW3V+saag4IVX85K4Pj4QXmF/jtaiGWkLBs45jKALuVRSuo/1IaQ/K4p8CsvlXiqtRdb0XlgEbCES/AHXNcTtwUN8bQE4vKjwmgC339VUhz8TA3nPUQ0BT8cxFFXFPr9reJfYyhkbQOmCA=
Keys
AES33b015713b91790d53292996ec06bce09f212d132bd6281353e7f30cda73ac5d
SaltVenomRATByVenom
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:06:19 18:39:58+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.41
CodeSize: 172032
InitializedDataSize: 132096
UninitializedDataSize: -
EntryPoint: 0xce20
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe cmd.exe no specs conhost.exe no specs #ASYNCRAT app_zj12uo.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2192"C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe" C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3640"C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe" C:\Users\admin\Desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3964\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4380C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5528C:\Users\admin\AppData\Local\Temp\app_zj12uo\app_zj12uo.exeC:\Users\admin\AppData\Local\Temp\app_zj12uo\app_zj12uo.exe
2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Version:
2.14.0.35
Modules
Images
c:\users\admin\appdata\local\temp\app_zj12uo\app_zj12uo.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
AsyncRat
(PID) Process(5528) app_zj12uo.exe
C2 (2)127.0.0.1
68.183.98.89
Ports (3)4449
7769
3316
VersionVenom RAT + HVNC + Stealer + Grabber v6.0.3
Options
AutoRunfalse
Mutex950e97ae93230d02eee2a84a0032413e689a9f74a5995a481b0fc
InstallFolder%AppData%
Certificates
Cert1MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcN...
Server_SignatureT6j+xjB2pvUmVfXjKxz9R/sDvBZwtZW3V+saag4IVX85K4Pj4QXmF/jtaiGWkLBs45jKALuVRSuo/1IaQ/K4p8CsvlXiqtRdb0XlgEbCES/AHXNcTtwUN8bQE4vKjwmgC339VUhz8TA3nPUQ0BT8cxFFXFPr9reJfYyhkbQOmCA=
Keys
AES33b015713b91790d53292996ec06bce09f212d132bd6281353e7f30cda73ac5d
SaltVenomRATByVenom
6688C:\WINDOWS\system32\cmd.exe /c "ver"C:\Windows\System32\cmd.exe2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 042
Read events
4 042
Write events
0
Delete events
0

Modification events

No data
Executable files
103
Suspicious files
1
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_Salsa20.pydexecutable
MD5:F19CB847E567A31FAB97435536C7B783
SHA256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_ARC4.pydexecutable
MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
SHA256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_arc2.pydexecutable
MD5:F14E1AA2590D621BE8C10321B2C43132
SHA256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_ocb.pydexecutable
MD5:78AEF441C9152A17DD4DC40C7CC9DF69
SHA256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_cbc.pydexecutable
MD5:40390F2113DC2A9D6CFAE7127F6BA329
SHA256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_eksblowfish.pydexecutable
MD5:3727271FE04ECB6D5E49E936095E95BC
SHA256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_aes.pydexecutable
MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
SHA256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_chacha20.pydexecutable
MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
SHA256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_aesni.pydexecutable
MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
SHA256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
36402025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exeC:\Users\admin\AppData\Local\Temp\_MEI36402\Crypto\Cipher\_raw_ecb.pydexecutable
MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
SHA256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
51
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2028
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.159.128:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
400
20.190.159.128:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
20.190.159.0:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
40.126.31.69:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2028
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2028
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
  • 23.55.104.190
  • 23.55.104.172
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
login.live.com
  • 20.190.159.75
  • 40.126.31.129
  • 20.190.159.68
  • 20.190.159.2
  • 40.126.31.73
  • 40.126.31.0
  • 20.190.159.23
  • 40.126.31.130
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.48
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-06-21_cddaaf44672092c19ad7ac47f2a5e3cc_black-basta_cobalt-strike_luca-stealer_satacom_vidar