File name:

win-Migu-5.6.2-portable.exe

Full analysis: https://app.any.run/tasks/3ccc3acc-1d1b-4d2c-b150-2b0cadb9d359
Verdict: Malicious activity
Analysis date: February 01, 2025, 11:27:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
bittorrent
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D5016ACE9D0C5AE6E032172688890EA8

SHA1:

1FD83E4BFD9DA741D491537588854077D969C75E

SHA256:

C76CBF0BFA87927E96C584B6BF9CCB8EED7038A24611E196425DDB1319606ADB

SSDEEP:

786432:HA3eMCoSgInj8+VL9zAQSXrmev6eP7uS447E6t/f0o8P:HAOIwnj8+VL9zAZrmzq7up2E6t/f0o8P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BITTORRENT has been detected (SURICATA)

      • Migu.exe (PID: 7056)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Reads security settings of Internet Explorer

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6804)

    • The process creates files with name similar to system file names

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Drops 7-zip archiver for unpacking

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Process drops legitimate windows executable

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Executable content was dropped or overwritten

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Application launched itself

      • Migu.exe (PID: 6804)

    • Uses WMIC.EXE

      • Migu.exe (PID: 7056)

    • Uses WMIC.EXE to obtain network information

      • Migu.exe (PID: 7056)

  • INFO

    • Checks supported languages

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 6928)
      • Migu.exe (PID: 7104)
      • Migu.exe (PID: 7056)
      • Migu.exe (PID: 6964)
      • Migu.exe (PID: 2324)

    • Reads the computer name

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 6928)
      • Migu.exe (PID: 7056)
      • Migu.exe (PID: 6964)
      • Migu.exe (PID: 2324)

    • The sample compiled with english language support

      • win-Migu-5.6.2-portable.exe (PID: 6712)

    • Create files in a temporary directory

      • win-Migu-5.6.2-portable.exe (PID: 6712)
      • Migu.exe (PID: 6804)

    • Creates files or folders in the user directory

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 6964)
      • Migu.exe (PID: 2324)

    • Reads Environment values

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 7056)

    • Reads product name

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 7056)

    • Process checks computer location settings

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 7056)
      • Migu.exe (PID: 7104)

    • Checks proxy server information

      • Migu.exe (PID: 6804)

    • Reads the machine GUID from the registry

      • Migu.exe (PID: 6804)
      • Migu.exe (PID: 2324)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6056)
      • WMIC.exe (PID: 1876)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • Migu.exe (PID: 7056)

    • Node.js compiler has been detected

      • Migu.exe (PID: 6804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.6.2.0
ProductVersionNumber: 5.6.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: NoCrypt
FileDescription: Stream anime torrents, real-time with no waiting for downloads.
FileVersion: 5.6.2
LegalCopyright: Copyright © 2024 NoCrypt
ProductName: Migu
ProductVersion: 5.6.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
11
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start win-migu-5.6.2-portable.exe migu.exe no specs migu.exe no specs migu.exe #BITTORRENT migu.exe migu.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs migu.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
556\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1876wmic path Win32_NetworkAdapter where Index=10 get NetConnectionID,MACAddress /format:tableC:\Windows\System32\wbem\WMIC.exeMigu.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
2324"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --disable-gpu-sandbox --no-sandbox --disable-logging --double-buffer-compositing --use-angle=default --force_high_performance_gpu --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --gpu-preferences=WAAAAAAAAADoAAAcAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --disable-logging --mojo-platform-channel-handle=3524 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exeMigu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Exit code:
0
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\ffmpeg.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4128\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6056wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableC:\Windows\System32\wbem\WMIC.exeMigu.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
6712"C:\Users\admin\Desktop\win-Migu-5.6.2-portable.exe" C:\Users\admin\Desktop\win-Migu-5.6.2-portable.exe
explorer.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Stream anime torrents, real-time with no waiting for downloads.
Version:
5.6.2
Modules
Images
c:\users\admin\desktop\win-migu-5.6.2-portable.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6804C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exewin-Migu-5.6.2-portable.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\dbghelp.dll
6928"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=gpu-process --disable-gpu-sandbox --no-sandbox --disable-logging --double-buffer-compositing --use-angle=default --force_high_performance_gpu --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --gpu-preferences=WAAAAAAAAADgAAAcAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --disable-logging --mojo-platform-channel-handle=1944 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exeMigu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
6964"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --use-angle=default --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --bypasscsp-schemes --disable-logging --mojo-platform-channel-handle=2028 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe
Migu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7056"C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Migu" --bypasscsp-schemes --app-user-model-id=com.github.nocrypt.migu --app-path="C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\resources\app.asar" --no-sandbox --no-zygote --no-sandbox --autoplay-policy=no-user-gesture-required --disable-logging --disable-notifications --disable-permissions-api --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2448 --field-trial-handle=1952,i,6587770384169438306,14143415907718934437,262144 --enable-features=CanvasOopRasterization,PlatformEncryptedDolbyVision,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseSkiaRenderer,WebAssemblyLazyCompilation,kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,Vulkan,WidgetLayering,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\AppData\Local\Temp\2mtCyjbgXVtJaRgr0jYznO9reHj\Migu.exe
Migu.exe
User:
admin
Company:
NoCrypt
Integrity Level:
MEDIUM
Description:
Migu
Version:
5.6.2
Modules
Images
c:\users\admin\appdata\local\temp\2mtcyjbgxvtjargr0jyzno9rehj\migu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
3 071
Read events
3 052
Write events
1
Delete events
18

Modification events

(PID) Process:(6804) Migu.exeKey:HKEY_CLASSES_ROOT\migu
Operation:writeName:URL Protocol
Value:
(PID) Process:(6804) Migu.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(6804) Migu.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(6804) Migu.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
Executable files
23
Suspicious files
191
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\app-64.7z
MD5:
SHA256:
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\icudtl.dat
MD5:
SHA256:
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\am.pakbinary
MD5:AC7A72616A544CDB022EDA20B0DC8872
SHA256:1847F8517D8F26C856ADBF08DF3996D5F3B7AB61378199C138346BFE29675F01
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\de.pakbinary
MD5:ACC495606F706282F9214E704B673056
SHA256:21C18E04BE929F8B551C4CA5D78FDDEFFE8C48C503234CF79220C31BDD9E6309
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\ca.pakbinary
MD5:D5D6200B582B9B12A0BD8C773DEA0474
SHA256:F4DA114B473C34E0946B12289F6E802FCEDE2F66013D4F184C729A1F8AE7350E
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\bg.pakbinary
MD5:D0B47C1CF62B29B866CA630958A019FB
SHA256:24C09721C3CB4F3FE7EB403113375257197BED808295C6B85532409B6664DB45
6712win-Migu-5.6.2-portable.exeC:\Users\admin\AppData\Local\Temp\nssAA6D.tmp\7z-out\locales\da.pakbinary
MD5:D5BF4ABA2D82744981EBF92CCAADF9C0
SHA256:0C75ACB008DD5C918D8A1A73C22FA7C503961481BF1708F6BDA0DA58693C3C08
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
62
DNS requests
32
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
440
svchost.exe
GET
200
95.101.78.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.78.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
440
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
302
140.82.121.4:443
https://github.com/NoCrypt/migu/releases/latest
unknown
GET
302
140.82.121.4:443
https://github.com/NoCrypt/migu/releases/download/v5.6.2/latest.yml
unknown
GET
200
45.92.156.177:443
https://feed.animetosho.org/rss2?qx=1&q=%22[ASW]%22%221080%22
unknown
xml
180 Kb
whitelisted
GET
200
140.82.121.4:443
https://raw.githubusercontent.com/MAL-Dubs/MAL-Dubs/main/data/dubInfo.json
unknown
binary
54.8 Kb
GET
200
140.82.121.4:443
https://github.com/NoCrypt/migu/releases.atom
unknown
xml
10.9 Kb
whitelisted
POST
200
104.26.14.71:443
https://graphql.anilist.co/
unknown
binary
47.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
92.123.104.33:443
Akamai International B.V.
DE
unknown
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
95.101.78.42:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
440
svchost.exe
95.101.78.42:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
440
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6964
Migu.exe
140.82.121.3:443
github.com
GITHUB
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 95.101.78.42
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
github.com
  • 140.82.121.3
whitelisted
graphql.anilist.co
  • 172.67.71.232
  • 104.26.15.71
  • 104.26.14.71
whitelisted
raw.githubusercontent.com
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.110.133
shared
api.github.com
  • 140.82.121.6
whitelisted
esm.sh
  • 172.67.203.138
  • 104.21.77.20
unknown
feed.animetosho.org
  • 45.92.156.177
whitelisted

Threats

PID
Process
Class
Message
6964
Migu.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
6964
Migu.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7056
Migu.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6964
Migu.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
6964
Migu.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
win-Migu-5.6.2-portable.exe