URL:

mega.nz

Full analysis: https://app.any.run/tasks/2ac1d1d4-6b02-4f3d-9e03-cdc651ef2a60
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 09, 2024, 19:29:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MD5:

FB8E555B3C66389BE59DBFA46A6EED0F

SHA1:

301CA4A9D9E211A32BC5E872DD647492569DE550

SHA256:

9F9061A13251EA21E630ABA6CDAA4061E83C477BCEB1AF66D6FE0FAFD4B17D77

SSDEEP:

3:93:x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • chrome.exe (PID: 3384)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)

    • Executable content was dropped or overwritten

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)

    • The process creates files with name similar to system file names

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)

    • Application launched itself

      • MEGAsyncSetup32.exe (PID: 2408)

    • Process drops legitimate windows executable

      • MEGAsyncSetup32.exe (PID: 1820)

    • Uses TASKKILL.EXE to kill process

      • MEGAsyncSetup32.exe (PID: 1820)

    • The process drops C-runtime libraries

      • MEGAsyncSetup32.exe (PID: 1820)

    • Creates/Modifies COM task schedule object

      • MEGAsyncSetup32.exe (PID: 1820)

    • Creates a software uninstall entry

      • MEGAsyncSetup32.exe (PID: 1820)

    • Reads the Internet Settings

      • MEGAsync.exe (PID: 3960)

    • Detected use of alternative data streams (AltDS)

      • MEGAsync.exe (PID: 3960)

  • INFO

    • Manual execution by a user

      • chrome.exe (PID: 1928)

    • Application launched itself

      • iexplore.exe (PID: 3288)
      • chrome.exe (PID: 1928)

    • Reads the computer name

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)
      • MEGAsync.exe (PID: 3960)
      • wmpnscfg.exe (PID: 4056)
      • wmpnscfg.exe (PID: 2088)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 1928)
      • chrome.exe (PID: 2748)

    • The process uses the downloaded file

      • chrome.exe (PID: 3320)
      • chrome.exe (PID: 1928)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 2748)
      • chrome.exe (PID: 1928)

    • Checks supported languages

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)
      • MEGAsync.exe (PID: 3960)
      • wmpnscfg.exe (PID: 4056)
      • wmpnscfg.exe (PID: 2088)

    • Create files in a temporary directory

      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsyncSetup32.exe (PID: 1820)

    • Process checks whether UAC notifications are on

      • MEGAsyncSetup32.exe (PID: 2408)

    • Creates files or folders in the user directory

      • MEGAsyncSetup32.exe (PID: 1820)
      • MEGAsyncSetup32.exe (PID: 2408)
      • MEGAsync.exe (PID: 3960)

    • Creates files in the program directory

      • MEGAsyncSetup32.exe (PID: 2408)

    • Reads Environment values

      • MEGAsync.exe (PID: 3960)

    • Dropped object may contain TOR URL's

      • MEGAsyncSetup32.exe (PID: 1820)

    • Reads the machine GUID from the registry

      • MEGAsync.exe (PID: 3960)

    • Reads the Internet Settings

      • explorer.exe (PID: 664)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
106
Monitored processes
57
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs megasyncsetup32.exe megasyncsetup32.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs taskkill.exe no specs chrome.exe no specs taskkill.exe no specs explorer.exe no specs megasync.exe chrome.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
568"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2124 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
584"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=2168 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
664explorer.exeC:\Windows\explorer.exeMEGAsyncSetup32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
712"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3732 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
764"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1372 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
920"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1240 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
924"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3312 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1020"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3256 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1092"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4332 --field-trial-handle=1160,i,5943267918989040984,8988033537987519861,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
127 471
Read events
126 796
Write events
597
Delete events
78

Modification events

(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
353670544
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31093336
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
653833044
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31093336
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3288) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
130
Suspicious files
384
Text files
736
Unknown types
444

Dropped files

PID
Process
Filename
Type
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1AB330D4751DFA0C17544BD0A5722A8Ader
MD5:3A262F9D457B2B073FDAF77A76121DFB
SHA256:EEB3933846620CD21AAEF735550E7119FC82315A578F293671AE36A1CCE2B4C7
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:F53A62384441BAC887A391A4E24E2ED4
SHA256:DC2E71CA99E2EF60D74BE87F8505321BD2FF252029E388D7EA67274B8C1A5F26
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\mega[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:AD9F30DA49D959100902A80F7127A9B7
SHA256:B3F3B17B6300C01E136C246A5304E29F9EC4E9186EE10EB3645442C011520E5D
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:4AEED535677AF9CF5D0D9ABBBFEF61FC
SHA256:EA744F5E7DBB9F0D9D1FE172C59FD4CFF875FAE79640BA4A3DA363B32780F4D4
3652iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\update[1].csstext
MD5:7F1D6E96A8DEC2E138B3D02DEEFD10C0
SHA256:BC37C003BCFEDA79B30D4DE5C6902E113638F6F2D136C93FCBCC3D0CD48588E3
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1AB330D4751DFA0C17544BD0A5722A8Abinary
MD5:E75D1D83263CFE3A5244E4C711D212A5
SHA256:2D9390F5766353D5F9DAE14A496FB5E55F21EAF3C0DCA2A3EAC0BF38F27451FB
3652iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\update[1].htmhtml
MD5:3CCE71310D950389CE2A333A03A3C79A
SHA256:2DC160F601C165CCC27DF7CE887B7D2621F1391691D99DAD71B66E4CE39098D9
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
3652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:5B6B58ABF6E8A3AB6A455EE2D9877067
SHA256:89D2A0731CEC3C66B24D21683437D649C47315ACBAAE737D58983FE0A8C6DD59
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
47
TCP/UDP connections
86
DNS requests
93
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3652
iexplore.exe
GET
304
2.16.100.168:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41
unknown
3652
iexplore.exe
GET
304
2.16.100.168:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b0325f31ae0f9b6
unknown
3652
iexplore.exe
GET
200
23.39.157.155:80
http://x1.c.lencr.org/
unknown
binary
717 b
3652
iexplore.exe
GET
200
95.101.54.107:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSh36b%2FrPZ6jfZmUhiUBIaxVA%3D%3D
unknown
binary
503 b
3652
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
3652
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
3652
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEAGZc036%2BYg9tbsuXOzWpV4%3D
unknown
binary
471 b
3288
iexplore.exe
GET
304
2.16.100.168:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?70b4a85d87201c80
unknown
3288
iexplore.exe
GET
304
2.16.100.168:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4dd617501e33218a
unknown
3288
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
3652
iexplore.exe
31.216.145.5:443
mega.nz
Datacenter Luxembourg S.A.
LU
unknown
3652
iexplore.exe
2.16.100.168:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3652
iexplore.exe
23.39.157.155:80
x1.c.lencr.org
AKAMAI-AS
US
unknown
3652
iexplore.exe
95.101.54.107:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
3652
iexplore.exe
66.203.124.37:443
eu.static.mega.co.nz
Datacenter Luxembourg S.A.
LU
unknown
3652
iexplore.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
unknown
3288
iexplore.exe
31.216.145.5:443
mega.nz
Datacenter Luxembourg S.A.
LU
unknown

DNS requests

Domain
IP
Reputation
mega.nz
  • 31.216.145.5
  • 31.216.144.5
unknown
ctldl.windowsupdate.com
  • 2.16.100.168
  • 173.222.108.210
  • 173.222.108.226
unknown
x1.c.lencr.org
  • 23.39.157.155
unknown
r3.o.lencr.org
  • 95.101.54.107
  • 2.16.202.115
  • 2.16.202.120
  • 95.101.54.123
  • 95.101.54.145
  • 95.101.54.131
  • 95.101.54.114
  • 95.101.54.203
unknown
eu.static.mega.co.nz
  • 66.203.124.37
  • 66.203.127.13
  • 66.203.127.11
  • 89.44.169.132
unknown
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
unknown
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
unknown
ocsp.sectigo.com
  • 104.18.38.233
  • 172.64.149.23
unknown
api.bing.com
  • 13.107.5.80
unknown
www.bing.com
  • 2.19.120.29
  • 2.19.120.21
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
Process
Message
chrome.exe
[0309/193110.602:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\969a2ef7-941d-4f02-a50b-10e25a42002c: The system cannot find the file specified. (0x2)
chrome.exe
[0309/193110.604:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\969a2ef7-941d-4f02-a50b-10e25a42002c: The system cannot find the file specified. (0x2)
chrome.exe
[0309/193110.605:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\969a2ef7-941d-4f02-a50b-10e25a42002c: The system cannot find the file specified. (0x2)
MEGAsync.exe
QObject::connect: No such slot MegaApplication::changeDisplay(QScreen *)
MEGAsync.exe
QObject::connect: No such slot MegaApplication::changeDisplay(QScreen *)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
mega.nz