File name:

eagleget-2-1-6-50.exe

Full analysis: https://app.any.run/tasks/50294b9f-482e-4a15-b038-9f491edc931e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 23, 2025, 19:53:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
delphi
inno
installer
stealer
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 9 sections
MD5:

E96DD956BC2159FF1D073876EF5D4E58

SHA1:

A0DA0D7C8394D646EB5A0F64BE14397235F22704

SHA256:

14636B7FC900E2BE3FEE5ABB409E3B7A3CDF5A99107BF6D7DCBCCE4B26EE0D34

SSDEEP:

98304:eLMru/vgZAm4EWVmz5c+aZ96/QTDgKkZ0s68xCT7JAAPGyJAgMv4io3GEMD/N8jn:Ki3EZYlsygUyxEqjdyNLja

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Steals credentials from Web Browsers

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Actions looks like stealing of personal data

      • eagleget-2-1-6-50.tmp (PID: 6752)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • EGMonitor.exe (PID: 4816)
      • EagleGet.exe (PID: 4052)

    • Reads security settings of Internet Explorer

      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EagleGet.exe (PID: 4052)

    • Reads the Windows owner or organization settings

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Uses TASKKILL.EXE to kill process

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Process drops legitimate windows executable

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)

    • Drops a system driver (possible attempt to evade defenses)

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EGMonitor.exe (PID: 4816)

    • The process drops C-runtime libraries

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6264)
      • regsvr32.exe (PID: 6256)
      • regsvr32.exe (PID: 3280)

    • Potential Corporate Privacy Violation

      • net_updater32.exe (PID: 6344)

    • Executes application which crashes

      • net_updater32.exe (PID: 6344)

    • Searches for installed software

      • EGMonitor.exe (PID: 5472)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EagleGet.exe (PID: 4052)

    • Creates files in the driver directory

      • EGMonitor.exe (PID: 4816)

    • Executes as Windows Service

      • EGMonitor.exe (PID: 5236)

    • There is functionality for taking screenshot (YARA)

      • eagleget-2-1-6-50.tmp (PID: 6752)

  • INFO

    • The sample compiled with chinese language support

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Checks supported languages

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • eagleget-2-1-6-50.tmp (PID: 6592)
      • test_wpf.exe (PID: 6452)
      • EGMonitor.exe (PID: 5472)
      • EGMonitor.exe (PID: 4816)
      • EGMonitor.exe (PID: 5236)
      • EagleGet.exe (PID: 4052)
      • test_wpf.exe (PID: 5540)
      • identity_helper.exe (PID: 7856)
      • EGMonitor.exe (PID: 8184)
      • identity_helper.exe (PID: 8100)

    • Create files in a temporary directory

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Process checks computer location settings

      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • EagleGet.exe (PID: 4052)

    • Reads the computer name

      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.tmp (PID: 6752)
      • test_wpf.exe (PID: 6452)
      • net_updater32.exe (PID: 6344)
      • EGMonitor.exe (PID: 4816)
      • EGMonitor.exe (PID: 5236)
      • test_wpf.exe (PID: 5540)
      • EagleGet.exe (PID: 4052)
      • identity_helper.exe (PID: 7856)
      • identity_helper.exe (PID: 8100)

    • Creates files or folders in the user directory

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • WerFault.exe (PID: 4300)
      • EagleGet.exe (PID: 4052)

    • The sample compiled with russian language support

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • The sample compiled with english language support

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • EGMonitor.exe (PID: 4816)

    • Creates files in the program directory

      • eagleget-2-1-6-50.tmp (PID: 6752)
      • net_updater32.exe (PID: 6344)
      • EagleGet.exe (PID: 4052)

    • Creates a software uninstall entry

      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Reads security settings of Internet Explorer

      • regsvr32.exe (PID: 6264)

    • Detects InnoSetup installer (YARA)

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Compiled with Borland Delphi (YARA)

      • eagleget-2-1-6-50.exe (PID: 6572)
      • eagleget-2-1-6-50.tmp (PID: 6592)
      • eagleget-2-1-6-50.exe (PID: 6724)
      • eagleget-2-1-6-50.tmp (PID: 6752)

    • Reads the machine GUID from the registry

      • test_wpf.exe (PID: 6452)
      • EagleGet.exe (PID: 4052)
      • test_wpf.exe (PID: 5540)

    • Reads the software policy settings

      • net_updater32.exe (PID: 6344)
      • EagleGet.exe (PID: 4052)

    • Checks proxy server information

      • WerFault.exe (PID: 4300)
      • EagleGet.exe (PID: 4052)

    • Manual execution by a user

      • msedge.exe (PID: 6836)

    • Disables trace logs

      • EagleGet.exe (PID: 4052)

    • Application launched itself

      • msedge.exe (PID: 4672)
      • msedge.exe (PID: 6736)
      • msedge.exe (PID: 6836)

    • Reads Environment values

      • identity_helper.exe (PID: 7856)
      • identity_helper.exe (PID: 8100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:08 12:51:37+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 69120
InitializedDataSize: 104960
UninitializedDataSize: -
EntryPoint: 0x117e4
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.1.6.50
ProductVersionNumber: 2.1.6.50
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: ASCII
Comments: 此安装程序由 Inno Setup 构建。
CompanyName: EagleGet
FileDescription: EagleGet Setup
FileVersion: 2.1.6.50
LegalCopyright:
ProductName: EagleGet
ProductVersion: 2.1.6.50
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
66
Malicious processes
3
Suspicious processes
4

Behavior graph

Click at the process to see the details
start eagleget-2-1-6-50.exe eagleget-2-1-6-50.tmp no specs eagleget-2-1-6-50.exe eagleget-2-1-6-50.tmp taskkill.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs net_updater32.exe conhost.exe no specs test_wpf.exe no specs werfault.exe egmonitor.exe no specs egmonitor.exe egmonitor.exe no specs eagleget.exe test_wpf.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs egmonitor.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1580"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,12662253925977310402,227369747884554609,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2352 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2664 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=1580,i,5327114588469797272,6043828242276905082,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3280"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\IEGraberBHO.dll"C:\Windows\SysWOW64\regsvr32.exeeagleget-2-1-6-50.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3320 --field-trial-handle=2356,i,1528156452649669670,13243065161215034846,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3952"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2332 --field-trial-handle=1580,i,5327114588469797272,6043828242276905082,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4024"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x1c0,0x294,0x298,0x290,0x2a0,0x7ff820d25fd8,0x7ff820d25fe4,0x7ff820d25ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4052"C:\Program Files (x86)\EagleGet\EagleGet.exe"C:\Program Files (x86)\EagleGet\EagleGet.exe
eagleget-2-1-6-50.tmp
User:
admin
Company:
EagleGet.com
Integrity Level:
HIGH
Description:
EagleGet Free Downloader
Version:
2.1.6.50
Modules
Images
c:\program files (x86)\eagleget\eagleget.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
14 883
Read events
14 751
Write events
128
Delete events
4

Modification events

(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:delete valueName:Enable Browser Extensions
Value:
yes
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:Enable Browser Extensions
Value:
y
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EagleGet
Operation:writeName:path
Value:
C:\Program Files (x86)\EagleGet
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EagleGet
Operation:writeName:Version
Value:
2.1.6.50
(PID) Process:(6752) eagleget-2-1-6-50.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EagleGet
Operation:writeName:showlum
Value:
1
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6264) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6256) regsvr32.exeKey:HKEY_CLASSES_ROOT\AppID\npEagleGet32.dll
Operation:writeName:AppID
Value:
{B415CD14-B45D-4BCA-B552-B06175C38606}
Executable files
94
Suspicious files
159
Text files
194
Unknown types
0

Dropped files

PID
Process
Filename
Type
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\bg_license.pngimage
MD5:582FDA5363B76D1D022FFC35DC25D3E7
SHA256:8D8698834690E763D378E7D4353B3B3353E01047C927AF4E66F829C61DC448B8
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\bigbg.pngimage
MD5:52B85A673DD3167257D5EBF9413999E8
SHA256:0B96D1EA354AD051F177FAA14C8170F8CC601E227AE1341B1DE8778FE229E3FF
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\util.dllexecutable
MD5:192C98CB51F39BE053AD5C7E029E75F8
SHA256:A2EF6B8FBF44BC77631D5635B8ABEDF90DB5903B94618753168F5A904EBC5F60
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\botva2.dllexecutable
MD5:0177746573EED407F8DCA8A9E441AA49
SHA256:A4B61626A1626FDABEC794E4F323484AA0644BAA1C905A5DCF785DC34564F008
6724eagleget-2-1-6-50.exeC:\Users\admin\AppData\Local\Temp\is-M8ULK.tmp\eagleget-2-1-6-50.tmpexecutable
MD5:EB42E5720E09CD014694A22C86929F5E
SHA256:4DC2D414277E497490D2009F370051298BCCAA649D0A335B064269A0BB9BBBF3
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\loading.pngimage
MD5:589AC6FFE91A177AFF97DABE25689011
SHA256:2313BD947E407CCEE25C6BCBA3C7D45F5C92159950D9D1277D258A293760A732
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\btn_browser.pngimage
MD5:8DD4F9F2C22073544694ECA39C4F305D
SHA256:0F6E9827EF681B88722D2013AE44FE5F8EEEAF22B6FE64904ECD0852DE8197C8
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\btn_n.pngimage
MD5:66DEFF37283BCA24EA963AE3A3963B38
SHA256:D9F0859F6A5648B0A9060200CC9A7534161E1B22844F631766E4E3540090790A
6752eagleget-2-1-6-50.tmpC:\Users\admin\AppData\Local\Temp\is-IMSIA.tmp\btn_complete.pngimage
MD5:AF03B33CB3B3FCCE4B69E62CD1078DC6
SHA256:A37B5AF0B4EC0C9598E0FD6570F4B4F60A4D9D9D10E589B93F509A60F04ACE55
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
93
DNS requests
73
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5732
svchost.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5732
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4052
EagleGet.exe
GET
69.16.230.165:80
http://dl.eagleget.com/report/check.php?md5=
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6824
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4052
EagleGet.exe
GET
302
69.16.230.165:80
http://admin.eagleget.com/update/autoup.php?version=2.1.6.50
unknown
whitelisted
6752
eagleget-2-1-6-50.tmp
GET
200
199.59.243.228:80
http://ww7.eagleget.com/analytics/lg.php?&usid=26&utid=10858083077
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
732
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5732
svchost.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5732
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4712
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5064
SearchApp.exe
95.101.79.80:443
www.bing.com
Akamai International B.V.
NL
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
www.bing.com
  • 95.101.79.80
  • 2.17.22.59
  • 2.17.22.58
  • 2.17.22.33
  • 2.17.22.42
  • 2.17.22.57
  • 2.17.22.67
  • 2.17.22.34
  • 2.17.22.48
  • 2.23.227.215
  • 2.23.227.208
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.74
  • 40.126.32.140
  • 20.190.160.2
  • 20.190.160.128
whitelisted
go.microsoft.com
  • 92.123.18.10
whitelisted
www.dropbox.com
  • 162.125.66.18
whitelisted
watson.events.data.microsoft.com
  • 20.189.173.21
whitelisted

Threats

PID
Process
Class
Message
6344
net_updater32.exe
Potential Corporate Privacy Violation
ET INFO Dropbox.com Offsite File Backup in Use
Process
Message
EagleGet.exe
Unknown error 0x80072F78
EagleGet.exe
EagleGet.exe
The data necessary to complete this operation is not yet available.
EagleGet.exe
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
eagleget-2-1-6-50.exe