URL:

https://lunexmods.io

Full analysis: https://app.any.run/tasks/7d95eba1-bbba-47de-b5e5-3d93dd0c90df
Verdict: Malicious activity
Threats:

Stealc is a stealer malware that targets victims’ sensitive data, which it exfiltrates from browsers, messaging apps, and other software. The malware is equipped with advanced features, including fingerprinting, control panel, evasion mechanisms, string obfuscation, etc. Stealc establishes persistence and communicates with its C2 server through HTTP POST requests.

Malware Trends Tracker     >>>
Analysis date: January 09, 2026, 20:45:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
telegram
stealer
xor-url
generic
stealc
vidar
Indicators:
MD5:

DAB88BDBD7BA53615AE0FA9F8CE7E1E7

SHA1:

C859EA62F2A8C12332328B883B76587C9BD38E6F

SHA256:

C2CBBA2D401037335262C05CE218C882107C01E95105CEC7CC23E5AC599B2F29

SSDEEP:

3:N8QL4IKBW4Kn:2QkIaWH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • XORed URL has been found (YARA)

      • aspnet_wp.exe (PID: 7388)

    • Actions looks like stealing of personal data

      • aspnet_wp.exe (PID: 7388)

    • Steals credentials from Web Browsers

      • aspnet_wp.exe (PID: 7388)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • LunX.exe (PID: 7716)

    • Searches for installed software

      • aspnet_wp.exe (PID: 7388)

    • Reads the date of Windows installation

      • aspnet_wp.exe (PID: 7388)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 7288)

    • Executable content was dropped or overwritten

      • LunX.exe (PID: 7716)

    • Reads security settings of Internet Explorer

      • aspnet_wp.exe (PID: 7388)

    • Multiple wallet extension IDs have been found

      • aspnet_wp.exe (PID: 7388)

    • There is functionality for taking screenshot (YARA)

      • aspnet_wp.exe (PID: 7388)

    • Possible stealing from browsers

      • aspnet_wp.exe (PID: 7388)

  • INFO

    • Reads the computer name

      • TextInputHost.exe (PID: 7376)
      • aspnet_wp.exe (PID: 7388)

    • Manual execution by a user

      • WinRAR.exe (PID: 7288)
      • LunX.exe (PID: 7716)
      • chrome.exe (PID: 1312)
      • firefox.exe (PID: 2612)
      • chrome.exe (PID: 4788)
      • chrome.exe (PID: 8528)
      • chrome.exe (PID: 8416)
      • firefox.exe (PID: 8308)
      • chrome.exe (PID: 6376)
      • chrome.exe (PID: 7984)
      • chrome.exe (PID: 8084)
      • chrome.exe (PID: 7640)
      • chrome.exe (PID: 7912)
      • chrome.exe (PID: 7868)
      • chrome.exe (PID: 7900)

    • Checks supported languages

      • TextInputHost.exe (PID: 7376)
      • LunX.exe (PID: 7716)
      • aspnet_wp.exe (PID: 7388)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 7288)

    • Application launched itself

      • chrome.exe (PID: 7520)
      • chrome.exe (PID: 7304)
      • chrome.exe (PID: 4788)
      • firefox.exe (PID: 3088)
      • firefox.exe (PID: 2612)
      • chrome.exe (PID: 5020)
      • chrome.exe (PID: 8632)
      • chrome.exe (PID: 8528)
      • chrome.exe (PID: 8416)
      • chrome.exe (PID: 1312)
      • chrome.exe (PID: 7900)
      • firefox.exe (PID: 1456)
      • chrome.exe (PID: 7984)
      • chrome.exe (PID: 8084)
      • chrome.exe (PID: 7640)
      • chrome.exe (PID: 7912)
      • chrome.exe (PID: 7868)
      • firefox.exe (PID: 8308)
      • chrome.exe (PID: 6376)

    • Reads product name

      • aspnet_wp.exe (PID: 7388)

    • Checks proxy server information

      • slui.exe (PID: 6484)
      • aspnet_wp.exe (PID: 7388)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7288)

    • Create files in a temporary directory

      • LunX.exe (PID: 7716)

    • Reads the machine GUID from the registry

      • aspnet_wp.exe (PID: 7388)

    • Creates files in the program directory

      • aspnet_wp.exe (PID: 7388)

    • Reads CPU info

      • aspnet_wp.exe (PID: 7388)

    • Creates files or folders in the user directory

      • aspnet_wp.exe (PID: 7388)

    • Reads Environment values

      • aspnet_wp.exe (PID: 7388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
262
Monitored processes
113
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs textinputhost.exe no specs slui.exe winrar.exe lunx.exe conhost.exe no specs #XOR-URL aspnet_wp.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs chrome.exe firefox.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
936"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2240 -prefsLen 36580 -prefMapHandle 2244 -prefMapSize 273045 -ipcHandle 2252 -initialChannelId {dfe34a0a-cdda-4bdf-84f3-af13dda9244e} -parentPid 1456 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1456" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
1312"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd7118fff8,0x7ffd71190004,0x7ffd71190010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1312"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exeexplorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
21
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1388"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=6140,i,17800056758583250750,6978222298075472175,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=5624 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1456"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1840"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=5504,i,17800056758583250750,6978222298075472175,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=5668 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1952"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5156 -prefsLen 39120 -prefMapHandle 5160 -prefMapSize 273045 -jsInitHandle 5164 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5172 -initialChannelId {32c685aa-186a-4223-8625-9e01c60a982f} -parentPid 3088 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3088" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
2096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=4928,i,17800056758583250750,6978222298075472175,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=3704 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2292C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2364"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5656,i,17800056758583250750,6978222298075472175,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=5824 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
6 469
Read events
6 461
Write events
8
Delete events
0

Modification events

(PID) Process:(7288) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(7288) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7288) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7288) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7288) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7388) aspnet_wp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7388) aspnet_wp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7388) aspnet_wp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
12
Suspicious files
597
Text files
380
Unknown types
2

Dropped files

PID
Process
Filename
Type
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RFfdc8c.TMP
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RFfdc8c.TMP
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RFfdc8c.TMP
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RFfdc9b.TMP
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RFfdc9b.TMP
MD5:
SHA256:
7520chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old~RFfdc9b.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
457
TCP/UDP connections
169
DNS requests
186
Threats
32

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7792
chrome.exe
GET
200
142.250.186.174:80
http://clients2.google.com/time/1/current?cup2key=8:b3SHGu0Dwmv_8_hEBkYhXyhRU88Og3mEY1ICK_A03XI&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7792
chrome.exe
GET
200
188.114.96.3:443
https://lunexmods.io/
unknown
html
22.0 Kb
unknown
7792
chrome.exe
GET
200
188.114.96.3:443
https://lunexmods.io/img/video-poster.webp
unknown
image
107 Kb
unknown
7792
chrome.exe
GET
200
188.114.96.3:443
https://lunexmods.io/css/styles.css
unknown
text
40.6 Kb
unknown
7792
chrome.exe
GET
200
188.114.96.3:443
https://lunexmods.io/images/lunex-loader.jpg
unknown
image
128 Kb
unknown
7792
chrome.exe
GET
200
188.114.96.3:443
https://lunexmods.io/images/delta.jpg
unknown
image
128 Kb
unknown
7792
chrome.exe
GET
206
188.114.96.3:443
https://lunexmods.io/video/mods-showcase.mp4
unknown
unknown
7792
chrome.exe
POST
200
74.125.71.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
unknown
text
17 b
whitelisted
7792
chrome.exe
GET
200
142.250.186.106:443
https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
unknown
binary
41 b
whitelisted
7792
chrome.exe
GET
200
188.114.96.3:443
https://lunexmods.io/images/growagarden.jpg
unknown
image
128 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5772
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6700
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7792
chrome.exe
142.250.186.174:80
clients2.google.com
GOOGLE
US
whitelisted
7792
chrome.exe
142.250.186.106:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
7792
chrome.exe
188.114.96.3:443
lunexmods.io
CLOUDFLARENET
US
malicious
7792
chrome.exe
74.125.71.84:443
accounts.google.com
GOOGLE
US
whitelisted
7792
chrome.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
clients2.google.com
  • 142.250.186.174
  • 142.250.184.206
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.186.106
  • 142.250.184.202
  • 216.58.206.42
  • 142.250.185.106
  • 172.217.18.10
  • 142.251.141.74
  • 142.251.141.106
  • 216.58.206.74
  • 142.250.186.170
  • 142.250.184.234
  • 216.58.212.138
  • 142.250.185.202
  • 142.250.185.138
  • 142.250.185.170
  • 142.250.186.138
  • 142.250.185.74
whitelisted
lunexmods.io
  • 188.114.96.3
  • 188.114.97.3
  • 2a06:98c1:3121::3
  • 2a06:98c1:3120::3
malicious
accounts.google.com
  • 74.125.71.84
  • 108.177.15.84
whitelisted
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
fonts.googleapis.com
  • 142.250.186.138
  • 142.250.185.170
  • 2a00:1450:4001:811::200a
whitelisted
cdn.jsdelivr.net
  • 104.16.175.226
  • 104.16.174.226
whitelisted
fonts.gstatic.com
  • 142.250.186.99
  • 2a00:1450:4001:829::2003
whitelisted

Threats

PID
Process
Class
Message
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7792
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7388
aspnet_wp.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://lunexmods.io