File name:

win-Migu-5.6.2-portable.exe

Full analysis: https://app.any.run/tasks/3ccc3acc-1d1b-4d2c-b150-2b0cadb9d359
Verdict: Malicious activity
Analysis date: February 01, 2025, 11:27:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
bittorrent
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D5016ACE9D0C5AE6E032172688890EA8

SHA1:

1FD83E4BFD9DA741D491537588854077D969C75E

SHA256:

C76CBF0BFA87927E96C584B6BF9CCB8EED7038A24611E196425DDB1319606ADB

SSDEEP:

786432:HA3eMCoSgInj8+VL9zAQSXrmev6eP7uS447E6t/f0o8P:HAOIwnj8+VL9zAZrmzq7up2E6t/f0o8P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BITTORRENT has been detected (SURICATA)

      • Migu.exe (PID: 7056)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • The process creates files with name similar to system file names

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Reads security settings of Internet Explorer

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6804)

    • Executable content was dropped or overwritten

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Drops 7-zip archiver for unpacking

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Process drops legitimate windows executable

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Application launched itself

      • Migu.exe (PID: 6804)

    • Uses WMIC.EXE

      • Migu.exe (PID: 7056)

    • Uses WMIC.EXE to obtain network information

      • Migu.exe (PID: 7056)

  • INFO

    • Checks supported languages

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6928)
      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 6964)
      • Migu.exe (PID: 7104)
      • Migu.exe (PID: 7056)
      • Migu.exe (PID: 2324)

    • The sample compiled with english language support

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Reads the computer name

      • Migu.exe (PID: 6804)
      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6928)
      • Migu.exe (PID: 6964)
      • Migu.exe (PID: 7056)
      • Migu.exe (PID: 2324)

    • Create files in a temporary directory

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6804)

    • Reads product name

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 7056)

    • Creates files or folders in the user directory

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 6964)
      • Migu.exe (PID: 2324)

    • Reads Environment values

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 7056)

    • Checks proxy server information

      • Migu.exe (PID: 6804)

    • Process checks computer location settings

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 7104)
      • Migu.exe (PID: 7056)

    • Reads the machine GUID from the registry

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 2324)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6056)
      • WMIC.exe (PID: 1876)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • Migu.exe (PID: 7056)

    • Node.js compiler has been detected

      • Migu.exe (PID: 6804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.6.2.0
ProductVersionNumber: 5.6.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: NoCrypt
FileDescription: Stream anime torrents, real-time with no waiting for downloads.
FileVersion: 5.6.2
LegalCopyright: Copyright © 2024 NoCrypt
ProductName: Migu
ProductVersion: 5.6.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
11
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start win-migu-5.6.2-portable.exe migu.exe no specs migu.exe no specs migu.exe #BITTORRENT migu.exe migu.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs migu.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
556\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1876wmic path Win32_NetworkAdapter where Index=10 get NetConnectionID,MACAddress /format:tableC:\Windows\System32\wbem\WMIC.exeMigu.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
2324"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --disable-gpu-sandbox --no-sandbox --disable-logging --double-buffer-compositing --use-angle=default --force_high_performance_gpu --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --gpu-preferences=WAAAAAAAAADoAAAcAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --disable-logging --mojo-platform-channel-handle=3524 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exeMigu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Exit code:
0
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\ffmpeg.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4128\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6056wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableC:\Windows\System32\wbem\WMIC.exeMigu.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
6712"C:\Users\admin\Desktop\win-Migu-5.6.2-portable.exe" C:\Users\admin\Desktop\win-Migu-5.6.2-portable.exe
explorer.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Stream anime torrents, real-time with no waiting for downloads.
Version:
5.6.2
Modules
Images
c:\users\admin\desktop\win-migu-5.6.2-portable.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6804C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exewin-Migu-5.6.2-portable.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\dbghelp.dll
6928"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=gpu-process --disable-gpu-sandbox --no-sandbox --disable-logging --double-buffer-compositing --use-angle=default --force_high_performance_gpu --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --gpu-preferences=WAAAAAAAAADgAAAcAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --disable-logging --mojo-platform-channel-handle=1944 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exeMigu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
6964"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --use-angle=default --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --bypasscsp-schemes --disable-logging --mojo-platform-channel-handle=2028 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe
Migu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7056"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --bypasscsp-schemes --app-user-model-id=com.github.nocrypt.migu --app-path="C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\resources\app.asar" --no-sandbox --no-zygote --no-sandbox --autoplay-policy=no-user-gesture-required --disable-logging --disable-notifications --disable-permissions-api --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2448 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe
Migu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
3 071
Read events
3 052
Write events
1
Delete events
18

Modification events

(PID) Process:(6804) Migu.exeKey:HKEY_CLASSES_ROOT\migu
Operation:writeName:URL Protocol
Value:
(PID) Process:(6804) Migu.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(6804) Migu.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(6804) Migu.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
Executable files
23
Suspicious files
191
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\app-64.7z
MD5:
SHA256:
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\icudtl.dat
MD5:
SHA256:
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\da.pakbinary
MD5:D5BF4ABA2D82744981EBF92CCAADF9C0
SHA256:0C75ACB008DD5C918D8A1A73C22FA7C503961481BF1708F6BDA0DA58693C3C08
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\el.pakbinary
MD5:71ABCFDF468DC5813610DD32234BE946
SHA256:F1E01EEB90C0842F7AF927F65D034FC93FDBCBCB9B9EA7E31C79761C316C8FB8
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\chrome_200_percent.pakbinary
MD5:210D028EC1882A8841672CC21343BC96
SHA256:3446EB467FFD8A45677233C7F107E23312884F599D6E22AE326A4D9D416CE240
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\ar.pakbinary
MD5:670CE34EA4FBBFE42C7BDED4BB5579AD
SHA256:25DDA3D00BE579C42A042254762B242B09E9AB4C4DEE1FE1237F4C22F363791B
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\de.pakbinary
MD5:ACC495606F706282F9214E704B673056
SHA256:21C18E04BE929F8B551C4CA5D78FDDEFFE8C48C503234CF79220C31BDD9E6309
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\af.pakbinary
MD5:2602CD68EBE25F12F5D9892D5FA92B11
SHA256:E36A906908A92DAD39AD8E5B344B38C538574E35C5386AC2B901640B202D3228
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
62
DNS requests
32
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
95.101.78.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
440
svchost.exe
GET
200
95.101.78.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
440
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
302
140.82.121.4:443
https://github.com/NoCrypt/migu/releases/latest
unknown
unknown
GET
302
140.82.121.4:443
https://github.com/NoCrypt/migu/releases/download/v5.6.2/latest.yml
unknown
unknown
GET
200
140.82.121.4:443
https://github.com/NoCrypt/migu/releases.atom
unknown
xml
10.9 Kb
whitelisted
POST
200
104.26.14.71:443
https://graphql.anilist.co/
unknown
binary
47.7 Kb
whitelisted
GET
200
140.82.121.4:443
https://raw.githubusercontent.com/ThaUnknown/filler-scrape/master/filler.json
unknown
binary
12.6 Kb
unknown
GET
200
140.82.121.5:443
https://api.github.com/repos/NoCrypt/migu/releases
unknown
text
525 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
92.123.104.33:443
Akamai International B.V.
DE
unknown
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
95.101.78.42:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
440
svchost.exe
95.101.78.42:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
440
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6964
Migu.exe
140.82.121.3:443
github.com
GITHUB
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 95.101.78.42
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
github.com
  • 140.82.121.3
whitelisted
graphql.anilist.co
  • 172.67.71.232
  • 104.26.15.71
  • 104.26.14.71
whitelisted
raw.githubusercontent.com
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.110.133
shared
api.github.com
  • 140.82.121.6
whitelisted
esm.sh
  • 172.67.203.138
  • 104.21.77.20
unknown
feed.animetosho.org
  • 45.92.156.177
whitelisted

Threats

PID
Process
Class
Message
6964
Migu.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
6964
Migu.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7056
Migu.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6964
Migu.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
6964
Migu.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
win-Migu-5.6.2-portable.exe