General Info

File name

0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG

Full analysis
https://app.any.run/tasks/92408f44-538b-43bf-9d2e-3f32a8f29d44
Verdict
Malicious activity
Analysis date
9/11/2019, 12:29:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

pup

downloadguide

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

6eedbaa104967c0fda685f496265a789

SHA1

cd5a420cadbeee454b9a6aa772015a5ddd156e3e

SHA256

0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f

SSDEEP

12288:SW9WJrucV/e5GzfL1LQaMB3+NShR/o1SXZtmswt2QaV7PD:zQwcU5GzfL1xMx+NShR/o1SXTmswwbV3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
DOWNLOADGUIDE was detected
  • 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe (PID: 3728)
Creates files in the user directory
  • 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe (PID: 3728)
Reads internet explorer settings
  • 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe (PID: 3728)
Reads Internet Cache Settings
  • 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe (PID: 3728)
Changes tracing settings of the file or console
  • 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe (PID: 3728)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:01:02 12:02:06+01:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
335360
InitializedDataSize:
199168
UninitializedDataSize:
null
EntryPoint:
0x13b6c
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
3.1.0.201
ProductVersionNumber:
3.1.0.201
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Russian
CharacterSet:
Unicode
FileVersion:
3.1.0.201
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
02-Jan-2018 11:02:06
Detected languages
Russian - Russia
FileVersion:
3.1.0.201
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
02-Jan-2018 11:02:06
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00051C3E 0x00051E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.59441
.rdata 0x00053000 0x00021A38 0x00021C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.29471
.data 0x00075000 0x00004900 0x00002200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.97581
.rsrc 0x0007A000 0x00003EC0 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.82636
.reloc 0x0007E000 0x000062BA 0x00006400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.72035
Resources
1

2

3

101

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    ole32.dll

    OLEAUT32.dll

    SHLWAPI.dll

Exports

    No exports.

Screenshots

Processes

Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.mrg.exe no specs #DOWNLOADGUIDE 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.mrg.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2892
CMD
"C:\Users\admin\AppData\Local\Temp\0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe"
Path
C:\Users\admin\AppData\Local\Temp\0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.mrg.exe
c:\systemroot\system32\ntdll.dll

PID
3728
CMD
"C:\Users\admin\AppData\Local\Temp\0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe"
Path
C:\Users\admin\AppData\Local\Temp\0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.mrg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\jscript.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dispex.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll

Registry activity

Total events
153
Read events
128
Write events
24
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableFileTracing
0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableConsoleTracing
0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileTracingMask
4294901760
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
ConsoleTracingMask
4294901760
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
MaxFileSize
1048576
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileDirectory
%windir%\tracing
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableFileTracing
0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableConsoleTracing
0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileTracingMask
4294901760
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
ConsoleTracingMask
4294901760
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
MaxFileSize
1048576
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileDirectory
%windir%\tracing
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091120190912
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CachePrefix
:2019091120190912:
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CacheLimit
8192
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CacheOptions
11
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CacheRepair
0

Files activity

Executable files
0
Suspicious files
4
Text files
34
Unknown types
2

Dropped files

PID
Process
Filename
Type
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\exe\e7897d55b76a861e21cb37580d296be2\nero-burningrom-2018-setup.exe.part
––
MD5:  ––
SHA256:  ––
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\bar-lb.png
image
MD5: a64cf5415abe8210a453fc30a6584144
SHA256: 55816fb1d66fc4c2f6f21812598dd249427aca9f1e053c5c8f3779c742bb36c8
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091120190912\index.dat
dat
MD5: 3faa60d6498be932ceac152ce52cbc6f
SHA256: 1944ff4a269d1a5ec11072dcbcaf82bb1dd8fe8a8279a7cdcf870fe1a288e624
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\js\jquery-1.10.2.min.js
text
MD5: 11468602df014a21b203dc9bcd84d369
SHA256: 29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\img\img1.png
image
MD5: 1d044e7ccf127f8f68c5eaa98d80c856
SHA256: 83976767c46c62486cfef6cf3f5cd3ce66960c1e8a8d263b89dbb04183947373
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\img\progress-bar.png
image
MD5: e6ecc7ea173e1a11774b8d2ef33da497
SHA256: 8cf5ba182438452512e370053cf92775c1c0e1e8424c1d046bcee17cc02502fe
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\css\style.css
text
MD5: f03e619f09f49dbcd4ec035eae355d6f
SHA256: ce57610e5a5b2eeb9e2379e82f7ac5fc5f97640f42638b3fe3602c11d5ca7893
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\img\progress.png
image
MD5: 4fee4a9ad49cc57c8e44b729b70f0f33
SHA256: f7d41eb86d079b63da2fadf7bb705e51605aecb92385c275bbaaabb527226265
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\index.html
html
MD5: 1dba20bced03870623c25d5bebaf51d1
SHA256: 39f3b11a35c90eb369c4f8bd5acff1d1c4c9ea9c0ca93ce6eb032b2f371b7f76
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\uifile.zip
compressed
MD5: 5adfb2b91b3bcf6961f2b68d172c9969
SHA256: 4bfaa405b3450ee70527d1018ee23a58bf5e2526a0589b590751ace3b040c1e4
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\uifile.zip.part
––
MD5:  ––
SHA256:  ––
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\br-b.png
image
MD5: 3006cf26630b4de54d2c48601eaac744
SHA256: 2632037d75cdbd99a20223c29a82605b4fe673a6c8b335755e7559847711888e
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\br-lb.png
image
MD5: d01cabc470512d8345053535175020d6
SHA256: 7aa67d869b0c26c0a43039883c15f5f2ee9d760d0953df832a190bae970ebe94
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\progress-bar.png
image
MD5: e6ecc7ea173e1a11774b8d2ef33da497
SHA256: 8cf5ba182438452512e370053cf92775c1c0e1e8424c1d046bcee17cc02502fe
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\index.html
html
MD5: 294c6b37c2d048cf16e1052ce48e57e8
SHA256: a6e9449c31842d33734924a9c401c5a98920190d9e6900efaf234ff73785d79f
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js
text
MD5: 11468602df014a21b203dc9bcd84d369
SHA256: 29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\progress.zip
compressed
MD5: e63cde99104b451d95de61d38a5d8517
SHA256: 03e0856b61784e96856ba050f6e3120285c4fc1e4b00823797aad6a8f0444146
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\progress.png
image
MD5: 4fee4a9ad49cc57c8e44b729b70f0f33
SHA256: f7d41eb86d079b63da2fadf7bb705e51605aecb92385c275bbaaabb527226265
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\bar-rb.png
image
MD5: a4fff52934ce31860505515e4d36b8d3
SHA256: 8a1ee7e13b4e11d008cd73344e7d44c843a4e1e34ac16ce1978f3aedc2f26f88
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\bar-bg.png
image
MD5: 4c133983ae8e884ede03a8a3018df37b
SHA256: f79d2e4d15a6e8a01b6dc586b870069fe5687d9ef7d76b36ccdf7f3b38c7b30c
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\icon.png
image
MD5: 45c72296c8601505d780fc30fc3ee5f6
SHA256: d7995fc3f048903072ad690c41c78042cf7b352a60ba79debd8bb2bdea7dfd39
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\151.gif
image
MD5: 3ff78acbe427214ce0c72d3233316d5b
SHA256: eaaaf0870af1afa3c0f800b055d4fcb3827d2937ba9c0fa0da16a55a23631cf9
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\em_162x135[1].jpg
image
MD5: 3c889166d4d9dc6e23cd63c1c1b45da2
SHA256: 92a997338d8d18c2a1f790525b9e77d81514805a1b8084934a6338ea8b482e2d
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\css\style.css
text
MD5: f3a2d3bba7a924924eb075f995c50ec0
SHA256: 31abb83fb4010ff20353ea4287c388c3ea3f30536f66976cf181979129696de2
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\br-bg.png
image
MD5: fe06ab7369fca4bd289a3e4fb80c728d
SHA256: a69455e4be20f60b2dd773d7794e009391e821dd4114fa78f5bc5f4320b983bb
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\br-rb.png
image
MD5: 482503fef62554318cb5ae7fe33c37a0
SHA256: 39ebb12dc93b5700a29fe38e0b0f400d02f9b70507646ff940c656b3ca225a25
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\img\img1.png
image
MD5: 1d044e7ccf127f8f68c5eaa98d80c856
SHA256: 83976767c46c62486cfef6cf3f5cd3ce66960c1e8a8d263b89dbb04183947373
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\progress\progress.zip.part
––
MD5:  ––
SHA256:  ––
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\last\img\img1.png
image
MD5: 1d044e7ccf127f8f68c5eaa98d80c856
SHA256: 83976767c46c62486cfef6cf3f5cd3ce66960c1e8a8d263b89dbb04183947373
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js
text
MD5: 11468602df014a21b203dc9bcd84d369
SHA256: 29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\last\last.zip
compressed
MD5: 78a75672fdd18e75fb46e47640e1456a
SHA256: 0c4deccb016b28cd4a829c661f247675195ae63ec9ac18a18cac5d7c12c0843c
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\last\index.html
html
MD5: f3a3fc16f81eb6254d6342e1aa495d04
SHA256: 62d251b57f5d8a6d79c0239a0915ecdcbf556dd3acf15f4f59a2c150b065679e
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\last\css\style.css
text
MD5: 5cfc9eebb21470d1f692b3be220997cb
SHA256: 64f01e948441d29abc376c90bbe33b25c47a446d4229a59f2ce5d5a06f3f045b
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\last\last.zip.part
––
MD5:  ––
SHA256:  ––
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\base\index.html
html
MD5: da5aa12ba0e76cffb9210183c7377c02
SHA256: feccb50cca92146f0ae0f486bf9117b1555af8fbba89cbfd476eafd1ad0f964e
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\base\css\style.css
text
MD5: 55b60c71f628d3cba9577324d309a008
SHA256: 3522b86aece48dc46097876a5ba113fb67e027b8cdb3aa4ed7dfc3f6718be0a0
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js
text
MD5: 11468602df014a21b203dc9bcd84d369
SHA256: 29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\base\base.zip
compressed
MD5: d6a7a365a47553849b8fdeabd2387d04
SHA256: 281ce553cf7c12e88b70dd51447085b8e368b1e71d4013cde5c48988370bb512
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\ui\common\base\base.zip.part
––
MD5:  ––
SHA256:  ––
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp
image
MD5: 002ab0273d3f8f0575a09dc4392b1905
SHA256: 57f3c81751562f8327a62e3381b93367755a2dddc18becc6fedefe6ca6554d63
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\dlgres\DLG-Product-Logo.png
image
MD5: 69e4fb88f38472e651f3b4169879c47f
SHA256: bd284633e72034f963ae0db7bbf7714cd735dcb51d905969f1d8b03b73952033
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\initWindow\css\style.css
text
MD5: bf4625507c1d35caabdb3e9d9ba584a0
SHA256: 491accafcf5a3997fd2b8b6d3a91153773db8ca0df10b248a19ee51516c403a8
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\initWindow\noconnection.html
html
MD5: a0ee32dc4ffc79fdef2dc0467da538c5
SHA256: b4508b7dcc08b2b93cd64bee68bd5174fe48f48280e59f9a81d4861c3ef0431d
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG\initWindow\progress.html
html
MD5: 2c68017c4ea6ee541e285aaae8840ba9
SHA256: 6c926310dc1495ef47e07efd9b695f34c7d4f755fa011cd73455b5e4ed93898b
3728
0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe
C:\Users\admin\AppData\Local\Temp\DLG8BBA.tmp
tlb
MD5: 220faf7a3e4c98512ebcb8a47e9c915b
SHA256: 8ec69e605927392ddd10194c95d4c185d3efe6d0dc8874b6a5bad3d759c806d1

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
25
TCP/UDP connections
38
DNS requests
10
Threats
18

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 200 152.199.19.161:80 http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/base.zip US
compressed
shared
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 200 152.199.19.161:80 http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/last.zip US
compressed
shared
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 200 152.199.19.161:80 http://az687722.vo.msecnd.net/public-source/downloadguide/freeware-de/1.0/default/campaigns/product+website/ui/progress.zip US
compressed
shared
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe HEAD 200 23.102.60.206:80 http://dlg-configs.buzzrin.de/ IE
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 301 2.16.186.67:80 http://ftp22.nero.com/Nero2018/Nero_BurningROM2018-1.10.0.9_stub_trial.exe unknown
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 302 209.239.121.93:80 http://dle.nero.com/link.php?topic_id=9014&ak_file=Nero_BurningROM2018-1.10.0.9_stub_trial.exe;PATH=/Nero2018/Nero_BurningROM2018-1.10.0.9_stub_trial.exe US
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 302 2.19.38.243:80 http://www.nero.com/download.php?id=nbr-pad unknown
––
––
unknown
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe HEAD 200 23.102.60.206:80 http://dlg-configs.buzzrin.de/ IE
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3/error NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 301 2.16.186.67:80 http://ftp22.nero.com/Nero2018/Nero_BurningROM2018-1.10.0.9_stub_trial.exe unknown
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 302 209.239.121.93:80 http://dle.nero.com/link.php?topic_id=9014&ak_file=Nero_BurningROM2018-1.10.0.9_stub_trial.exe;PATH=/Nero2018/Nero_BurningROM2018-1.10.0.9_stub_trial.exe US
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 302 2.19.38.243:80 http://www.nero.com/download.php?id=nbr-pad unknown
––
––
unknown
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3/error NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3/error NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe GET 200 40.118.73.208:80 http://freemium.blob.core.windows.net/exchange/SuccessBanner/em_162x135.jpg NL
image
suspicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe POST 200 104.40.188.185:80 http://dlg-messages.buzzrin.de/1/dg/3 NL
text
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 23.102.60.206:80 Microsoft Corporation IE whitelisted
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 104.40.188.185:80 Microsoft Corporation NL whitelisted
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 152.199.19.161:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 2.16.186.67:80 Akamai International B.V. –– whitelisted
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 209.239.121.93:80 server4you Inc. US malicious
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 2.19.38.243:80 Akamai International B.V. –– unknown
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 188.138.9.62:443 Host Europe GmbH DE unknown
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe 40.118.73.208:80 Microsoft Corporation NL whitelisted

DNS requests

Domain IP Reputation
dlg-configs.buzzrin.de 23.102.60.206
malicious
dlg-messages.buzzrin.de 104.40.188.185
malicious
az687722.vo.msecnd.net 152.199.19.161
shared
ftp22.nero.com 2.16.186.67
2.16.186.72
malicious
dle.nero.com 209.239.121.93
malicious
www.nero.com 2.19.38.243
unknown
dl14.nero.com 188.138.9.62
unknown
freemium.blob.core.windows.net 40.118.73.208
suspicious

Threats

PID Process Class Message
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP W32/DownloadGuide.D
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe Misc activity ADWARE [PTsecurity] W32/Buzzrin HTTP POST
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A
3728 0ecd17e20b8332ab5316bd52c45d926680d1433510aa8ea986fa7d84bf68e20f.MRG.exe A Network Trojan was detected ET MALWARE PUP Win32/DownloadGuide.A

Debug output strings

No debug info.