That's a very odd. That IP is being used by edg.io, a Verizon reseller on the left coast. That particular IP returns a 1kb file "Download", no extension with a http query. It may be harmless, I would doubt it's part of a legit crack, at best it's an attept to track who is installing the crack. Not knowing what it's calling, who knows? It may return a more detailed program when the program connects to it.
That IP isn't blaclisted but it does have some suspicions noted.
If Virustotal is ok with the program, block that ip with your firewall. It's not going to hurt anything.
If anything else looks funny, I would move on. Better safe than sorry. I got burned a few weeks back when I was in a hurry. I had to make plenty of time to wipe and reload my system after I was hit. I never try cleaning out my systems, when I managed a shop we did removal to save customers money, but we did end up with a very small percentages of returns.