File name:

eagleget-2-1-6-50.exe

Full analysis: https://app.any.run/tasks/50294b9f-482e-4a15-b038-9f491edc931e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 23, 2025, 19:53:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
delphi
inno
installer
stealer
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 9 sections
MD5:

E96DD956BC2159FF1D073876EF5D4E58

SHA1:

A0DA0D7C8394D646EB5A0F64BE14397235F22704

SHA256:

14636B7FC900E2BE3FEE5ABB409E3B7A3CDF5A99107BF6D7DCBCCE4B26EE0D34

SSDEEP:

98304:eLMru/vgZAm4EWVmz5c+aZ96/QTDgKkZ0s68xCT7JAAPGyJAgMv4io3GEMD/N8jn:Ki3EZYlsygUyxEqjdyNLja

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Actions looks like stealing of personal data

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Steals credentials from Web Browsers

      • eagleget-2-1-6-50.tmp (PID: 6752)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EagleGet.exe (PID: 4052)

    • Executable content was dropped or overwritten

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • EGMonitor.exe (PID: 4816)
      • EagleGet.exe (PID: 4052)

    • Reads the Windows owner or organization settings

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Uses TASKKILL.EXE to kill process

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Drops a system driver (possible attempt to evade defenses)

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EGMonitor.exe (PID: 4816)

    • The process drops C-runtime libraries

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6264)
      • regsvr32.exe (PID: 6256)
      • regsvr32.exe (PID: 3280)

    • Process drops legitimate windows executable

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)

    • Executes application which crashes

      • net_updater32.exe (PID: 6344)

    • Potential Corporate Privacy Violation

      • net_updater32.exe (PID: 6344)

    • Searches for installed software

      • EGMonitor.exe (PID: 5472)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EagleGet.exe (PID: 4052)

    • Executes as Windows Service

      • EGMonitor.exe (PID: 5236)

    • Creates files in the driver directory

      • EGMonitor.exe (PID: 4816)

    • There is functionality for taking screenshot (YARA)

      • eagleget-2-1-6-50.tmp (PID: 6752)

  • INFO

    • Checks supported languages

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • test_wpf.exe (PID: 6452)
      • EGMonitor.exe (PID: 5472)
      • EGMonitor.exe (PID: 4816)
      • EGMonitor.exe (PID: 5236)
      • EagleGet.exe (PID: 4052)
      • test_wpf.exe (PID: 5540)
      • identity_helper.exe (PID: 7856)
      • EGMonitor.exe (PID: 8184)
      • identity_helper.exe (PID: 8100)

    • The sample compiled with chinese language support

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Create files in a temporary directory

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Reads the computer name

      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • test_wpf.exe (PID: 6452)
      • EGMonitor.exe (PID: 4816)
      • EGMonitor.exe (PID: 5236)
      • test_wpf.exe (PID: 5540)
      • EagleGet.exe (PID: 4052)
      • identity_helper.exe (PID: 7856)
      • identity_helper.exe (PID: 8100)

    • Process checks computer location settings

      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EagleGet.exe (PID: 4052)

    • Creates files or folders in the user directory

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • WerFault.exe (PID: 4300)
      • EagleGet.exe (PID: 4052)

    • The sample compiled with russian language support

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Reads security settings of Internet Explorer

      • regsvr32.exe (PID: 6264)

    • Creates a software uninstall entry

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Compiled with Borland Delphi (YARA)

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • The sample compiled with english language support

      • net_updater32.exe (PID: 6344)
      • EGMonitor.exe (PID: 4816)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Creates files in the program directory

      • net_updater32.exe (PID: 6344)
      • EagleGet.exe (PID: 4052)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Detects InnoSetup installer (YARA)

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Reads the machine GUID from the registry

      • test_wpf.exe (PID: 6452)
      • EagleGet.exe (PID: 4052)
      • test_wpf.exe (PID: 5540)

    • Reads the software policy settings

      • net_updater32.exe (PID: 6344)
      • EagleGet.exe (PID: 4052)

    • Checks proxy server information

      • WerFault.exe (PID: 4300)
      • EagleGet.exe (PID: 4052)

    • Application launched itself

      • msedge.exe (PID: 6836)
      • msedge.exe (PID: 4672)
      • msedge.exe (PID: 6736)

    • Disables trace logs

      • EagleGet.exe (PID: 4052)

    • Manual execution by a user

      • msedge.exe (PID: 6836)

    • Reads Environment values

      • identity_helper.exe (PID: 7856)
      • identity_helper.exe (PID: 8100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:08 12:51:37+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 69120
InitializedDataSize: 104960
UninitializedDataSize: -
EntryPoint: 0x117e4
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.1.6.50
ProductVersionNumber: 2.1.6.50
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: ASCII
Comments: 此安装程序由 Inno Setup 构建。
CompanyName: EagleGet
FileDescription: EagleGet Setup
FileVersion: 2.1.6.50
LegalCopyright:
ProductName: EagleGet
ProductVersion: 2.1.6.50
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
66
Malicious processes
3
Suspicious processes
4

Behavior graph

Click at the process to see the details
start eagleget-2-1-6-50.exe eagleget-2-1-6-50.tmp no specs eagleget-2-1-6-50.exe eagleget-2-1-6-50.tmp taskkill.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs net_updater32.exe conhost.exe no specs test_wpf.exe no specs werfault.exe egmonitor.exe no specs egmonitor.exe egmonitor.exe no specs eagleget.exe test_wpf.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs egmonitor.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1580"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,12662253925977310402,227369747884554609,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2352 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2664 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=1580,i,5327114588469797272,6043828242276905082,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3280"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\IEGraberBHO.dll"C:\Windows\SysWOW64\regsvr32.exeeagleget-2-1-6-50.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3320 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3952"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2332 --field-trial-handle=1580,i,5327114588469797272,6043828242276905082,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4024"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x1c0,0x294,0x298,0x290,0x2a0,0x7ff820d25fd8,0x7ff820d25fe4,0x7ff820d25ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4052"C:\Program Files (x86)\EagleGet\EagleGet.exe"C:\Program Files (x86)\EagleGet\EagleGet.exe
eagleget-2-1-6-50.tmp
User:
admin
Company:
EagleGet.com
Integrity Level:
HIGH
Description:
EagleGet Free Downloader
Version:
2.1.6.50
Modules
Images
c:\program files (x86)\eagleget\eagleget.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
14 883
Read events
14 751
Write events
128
Delete events
4

Modification events

(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:delete valueName:Enable Browser Extensions
Value:
yes
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:Enable Browser Extensions
Value:
y
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EagleGet
Operation:writeName:path
Value:
C:\Program Files (x86)\EagleGet
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EagleGet
Operation:writeName:Version
Value:
2.1.6.50
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EagleGet
Operation:writeName:showlum
Value:
1
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6256) regsvr32.exeKey:HKEY_CLASSES_ROOT\AppID\npEagleGet32.dll
Operation:writeName:AppID
Value:
{B415CD14-B45D-4BCA-B552-B06175C38606}
Executable files
94
Suspicious files
159
Text files
194
Unknown types
0

Dropped files

PID
Process
Filename
Type
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6572eagleget-2-1-6-50.exeC:\Users\admin\AppData\Local\Temp\is-PQSB1.tmp\eagleget-2-1-6-50.tmpexecutable
MD5:EB42E5720E09CD014694A22C86929F5E
SHA256:4DC2D414277E497490D2009F370051298BCCAA649D0A335B064269A0BB9BBBF3
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\loading_pic.pngimage
MD5:CD6306A12FC1FCEDFA3B58DA75386BDA
SHA256:A6A1EE3DFE884126494A906CC36FB34F7A75EE0DB932E0F4B4507B5CF9851765
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\bigbg.pngimage
MD5:52B85A673DD3167257D5EBF9413999E8
SHA256:0B96D1EA354AD051F177FAA14C8170F8CC601E227AE1341B1DE8778FE229E3FF
6724eagleget-2-1-6-50.exeC:\Users\admin\AppData\Local\Temp\is-M8ULK.tmp\eagleget-2-1-6-50.tmpexecutable
MD5:EB42E5720E09CD014694A22C86929F5E
SHA256:4DC2D414277E497490D2009F370051298BCCAA649D0A335B064269A0BB9BBBF3
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\xy.pngimage
MD5:E92F3FBF3876C4044722FD975281B3FF
SHA256:31137AD0EF19381E1778EB89B6CB9F70A9EE5244AD943AD494E1E57B18B48AB7
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\util.dllexecutable
MD5:192C98CB51F39BE053AD5C7E029E75F8
SHA256:A2EF6B8FBF44BC77631D5635B8ABEDF90DB5903B94618753168F5A904EBC5F60
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\bg_license.pngimage
MD5:582FDA5363B76D1D022FFC35DC25D3E7
SHA256:8D8698834690E763D378E7D4353B3B3353E01047C927AF4E66F829C61DC448B8
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\btn_setup.pngimage
MD5:212AFBAEDAA752A5E8957A609A0AE9F1
SHA256:D95A68BE5109A23DB0D0DFF20BA3453CA69D39F48F2AE996255B84557A96881B
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\btn_complete.pngimage
MD5:AF03B33CB3B3FCCE4B69E62CD1078DC6
SHA256:A37B5AF0B4EC0C9598E0FD6570F4B4F60A4D9D9D10E589B93F509A60F04ACE55
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
93
DNS requests
73
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5732
svchost.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5732
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4052
EagleGet.exe
GET
69.16.230.165:80
http://dl.eagleget.com/report/check.php?md5=
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4052
EagleGet.exe
GET
302
69.16.230.165:80
http://admin.eagleget.com/update/autoup.php?version=2.1.6.50
unknown
whitelisted
6824
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6752
eagleget-2-1-6-50.tmp
GET
200
199.59.243.228:80
http://ww7.eagleget.com/analytics/lg.php?&usid=26&utid=10858083077
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
732
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5732
svchost.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5732
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4712
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5064
SearchApp.exe
95.101.79.80:443
www.bing.com
Akamai International B.V.
NL
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
www.bing.com
  • 95.101.79.80
  • 2.17.22.59
  • 2.17.22.58
  • 2.17.22.33
  • 2.17.22.42
  • 2.17.22.57
  • 2.17.22.67
  • 2.17.22.34
  • 2.17.22.48
  • 2.23.227.215
  • 2.23.227.208
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.74
  • 40.126.32.140
  • 20.190.160.2
  • 20.190.160.128
whitelisted
go.microsoft.com
  • 92.123.18.10
whitelisted
www.dropbox.com
  • 162.125.66.18
whitelisted
watson.events.data.microsoft.com
  • 20.189.173.21
whitelisted

Threats

PID
Process
Class
Message
6344
net_updater32.exe
Potential Corporate Privacy Violation
ET INFO Dropbox.com Offsite File Backup in Use
Process
Message
EagleGet.exe
Unknown error 0x80072F78
EagleGet.exe
EagleGet.exe
The data necessary to complete this operation is not yet available.
EagleGet.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
eagleget-2-1-6-50.exe