File name:

trial_vegaspro17_dlm.exe

Full analysis: https://app.any.run/tasks/f77c6bb8-34fe-4d8b-beda-9ff18e13604a
Verdict: Malicious activity
Analysis date: May 29, 2020, 06:32:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

EC95B62EDC3BA2864804622DD11B5CB4

SHA1:

C0A97192785EFFDACC34692109C7F00401EC73DD

SHA256:

C94EDD2FA2A2BF2E29F065802AA03B20202371D714B38A9E5039A0013CFC1AFA

SSDEEP:

98304:eCSsrxpU4hE9qCOeNiETg7Gyu38wIin95AK5TDSLAU90svfjKi:eOpU4hEjs7puVQT902fu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • MxDownloadManager.exe (PID: 2648)
      • Lunar Client v1.13.6.exe (PID: 3708)
      • Lunar Client.exe (PID: 2068)
      • Lunar Client.exe (PID: 316)
      • Lunar Client.exe (PID: 1852)
      • Lunar Client.exe (PID: 2572)
      • SearchProtocolHost.exe (PID: 3504)

    • Application was dropped or rewritten from another process

      • MxDownloadManager.exe (PID: 2648)
      • Lunar Client v1.13.6.exe (PID: 3708)

    • Changes settings of System certificates

      • MxDownloadManager.exe (PID: 2648)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • trial_vegaspro17_dlm.exe (PID: 1936)
      • chrome.exe (PID: 1896)
      • chrome.exe (PID: 2180)
      • Lunar Client v1.13.6.exe (PID: 3708)
      • Lunar Client.exe (PID: 2572)

    • Reads Internet Cache Settings

      • MxDownloadManager.exe (PID: 2648)
      • Lunar Client v1.13.6.exe (PID: 3708)

    • Creates files in the user directory

      • MxDownloadManager.exe (PID: 2648)
      • Lunar Client v1.13.6.exe (PID: 3708)
      • Lunar Client.exe (PID: 2068)
      • Lunar Client.exe (PID: 2572)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2180)

    • Creates a software uninstall entry

      • Lunar Client v1.13.6.exe (PID: 3708)

    • Starts CMD.EXE for commands execution

      • Lunar Client.exe (PID: 2572)

    • Application launched itself

      • Lunar Client.exe (PID: 2068)

    • Uses REG.EXE to modify Windows registry

      • cmd.exe (PID: 3484)

    • Adds / modifies Windows certificates

      • MxDownloadManager.exe (PID: 2648)

  • INFO

    • Manual execution by user

      • chrome.exe (PID: 2180)
      • Lunar Client.exe (PID: 2068)
      • chrome.exe (PID: 3848)

    • Reads the hosts file

      • chrome.exe (PID: 2180)
      • chrome.exe (PID: 1896)
      • Lunar Client.exe (PID: 2068)
      • chrome.exe (PID: 3848)
      • chrome.exe (PID: 3412)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 2180)

    • Reads settings of System Certificates

      • MxDownloadManager.exe (PID: 2648)
      • chrome.exe (PID: 1896)
      • chrome.exe (PID: 3412)

    • Application launched itself

      • chrome.exe (PID: 2180)
      • chrome.exe (PID: 3848)

    • Dropped object may contain Bitcoin addresses

      • Lunar Client.exe (PID: 2572)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:06:20 18:02:59+02:00
PEType: PE32
LinkerVersion: 12
CodeSize: 1316864
InitializedDataSize: 1915392
UninitializedDataSize: -
EntryPoint: 0x9d057
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.45.37
ProductVersionNumber: 1.3.45.37
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: MAGIX Software GmbH
FileDescription: VEGAS Pro 17 (en-US)
FileVersion: 1.3.45.37
LegalCopyright: Copyright © MAGIX Software GmbH
ProductName: VEGAS Pro 17 (en-US)
ProductVersion: 1.3.45.37
MX_Culture: en-US
MX_StubConfig: Release
MX_StubVersion: 1.7.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
104
Monitored processes
59
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start trial_vegaspro17_dlm.exe mxdownloadmanager.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs lunar client v1.13.6.exe chrome.exe no specs chrome.exe no specs lunar client.exe chrome.exe no specs lunar client.exe no specs lunar client.exe cmd.exe no specs reg.exe no specs lunar client.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs searchprotocolhost.exe no specs chrome.exe no specs chrome.exe no specs trial_vegaspro17_dlm.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Users\admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=7716005523958003137 --mojo-platform-channel-handle=1004 /prefetch:2C:\Users\admin\AppData\Local\Programs\lunarclient\Lunar Client.exeLunar Client.exe
User:
admin
Company:
Moonsworth, LLC
Integrity Level:
MEDIUM
Description:
Lunar Client
Exit code:
0
Version:
1.13.6
Modules
Images
c:\users\admin\appdata\local\programs\lunarclient\lunar client.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\lunarclient\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
540"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=984,6209623187111481589,15407720373490917476,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=12448350844659844472 --mojo-platform-channel-handle=3632 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
572"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,17296288551734407118,7557222510102449674,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14421141820243052328 --mojo-platform-channel-handle=496 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,17296288551734407118,7557222510102449674,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=9244379669772537736 --mojo-platform-channel-handle=3580 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,17296288551734407118,7557222510102449674,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17666260249793355862 --mojo-platform-channel-handle=3700 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1092"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,17296288551734407118,7557222510102449674,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16127471762520279013 --mojo-platform-channel-handle=2184 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1256"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,17296288551734407118,7557222510102449674,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=4137011271958969522 --mojo-platform-channel-handle=2992 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1440"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e1aa9d0,0x6e1aa9e0,0x6e1aa9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1740"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=984,6209623187111481589,15407720373490917476,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2339253236627597601 --mojo-platform-channel-handle=3312 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1852"C:\Users\admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=gpu-process --enable-features=SharedArrayBuffer --disable-gpu-sandbox --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=10978984006652725333 --mojo-platform-channel-handle=2196 /prefetch:2C:\Users\admin\AppData\Local\Programs\lunarclient\Lunar Client.exeLunar Client.exe
User:
admin
Company:
Moonsworth, LLC
Integrity Level:
MEDIUM
Description:
Lunar Client
Exit code:
0
Version:
1.13.6
Modules
Images
c:\systemroot\system32\ntdll.dll
c:\users\admin\appdata\local\programs\lunarclient\lunar client.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\lunarclient\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
4 183
Read events
2 739
Write events
1 435
Delete events
9

Modification events

(PID) Process:(1936) trial_vegaspro17_dlm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(1936) trial_vegaspro17_dlm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Timeout
Value:
20000
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Retries
Value:
3
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2648) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
172
Suspicious files
118
Text files
759
Unknown types
417

Dropped files

PID
Process
Filename
Type
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\controlTemplates.initext
MD5:D18CB8459CEAA93632E05FCF8BCB6BB3
SHA256:BA50C265DE5E05F6671BBD300689671BA8D18E04F047BC6B53CA21749A05B8AC
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\installed.xmlxml
MD5:AEA624768256AE1708E75309BF8299EE
SHA256:8F49354F824579622074CC96A4E85F0E0E003F17367B6426CF3C0226A7C46FD6
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\CPleaseWait.initext
MD5:66FACB28AE5E5C0B14C92FC2E8C449D6
SHA256:2A4C025203881C60934FF7DE148D342AD5213335C321749CFE603C0EE91CF5C2
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\generalTemplates.INItext
MD5:2F3C70A69905CC6D8E413C885FA4D657
SHA256:1BA202395050FF1D2415EB23B5615611E22F0FA6C0BE0828C8220CED49A06AAB
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg.initext
MD5:ECE038087FF14D25B25E98DF73360FE6
SHA256:D4A45BD57343C2B66A62D13DE38D7E302DD8119DAFEBE3EBB3CEAE255AACD978
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg_1.initext
MD5:CC73541853CF99988AEA4E078EDD4415
SHA256:7E32961ABED918CAD096FD74779F9F151B25A7BFA9E151495602E39A10116CF8
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\ProgressDialogTemplates.pngimage
MD5:CBE0A7C1EE665C7272873C031A0C5D52
SHA256:9CF7CE3D45C97311E6A400413C61BEFCCF9BF6E9820D5886414829D1D2F2CA86
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg_2.initext
MD5:53F8E342EE2DA438E8CDFE939C586744
SHA256:A5D431D5E49BE24F52CB40946C3C0851C1A8E41A0B64D98385B4136290661320
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\IJL10.DLLexecutable
MD5:1FE7721489712E47631F50AE11129815
SHA256:C04F5AD4D3B34F7CBBB16853D924D005655035CD037AF5B02D8C63FAB02ABEA6
1936trial_vegaspro17_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxa0w9nczi\Bitmaps\mxgui.4.0\ProgressDialogTemplates.initext
MD5:2F93B18242003D0B58CA3C938D56A36F
SHA256:C60D3542F97EE43F99E006B34D444B25444C257318E37B1FF55764309D2A317A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
825
DNS requests
65
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1896
chrome.exe
GET
302
104.26.5.13:80
http://lunar.gg/
US
unknown
2572
Lunar Client.exe
GET
301
23.58.216.51:80
http://23.58.216.51:80/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jre-8u131-windows-i586.tar.gz?AuthParam=1590734358_8b789191d3b8cd3931701eae5effcf23
US
whitelisted
2648
MxDownloadManager.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAanQ4DU6%2F7UNbWj9%2BFqvdg%3D
US
der
727 b
whitelisted
2648
MxDownloadManager.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEER7f5hIh7JG%2FggGnLYG2W0%3D
US
der
471 b
whitelisted
2648
MxDownloadManager.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2648
MxDownloadManager.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
US
der
471 b
whitelisted
1896
chrome.exe
GET
200
173.194.5.203:80
http://r5---sn-aigl6n76.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Qx&mip=185.217.117.39&mm=28&mn=sn-aigl6n76&ms=nvh&mt=1590733878&mv=m&mvi=4&pl=25&shardbypass=yes
US
crx
816 Kb
whitelisted
3708
Lunar Client v1.13.6.exe
GET
200
2.16.107.73:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
1896
chrome.exe
GET
302
172.217.23.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
520 b
whitelisted
2648
MxDownloadManager.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT0MXB3rveIElndnl0j8v4md2bQRgQUOdr%2FyigUiqh0Ewi55A6p0vp%2BnWkCEEHPJ6vDIUuVytgkF0A8EiE%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2648
MxDownloadManager.exe
195.214.216.160:80
www.magix.com
Interoute Communications Limited
DE
malicious
2648
MxDownloadManager.exe
195.214.216.160:443
www.magix.com
Interoute Communications Limited
DE
malicious
2648
MxDownloadManager.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
2648
MxDownloadManager.exe
195.214.216.83:443
extapi.magix.com
Interoute Communications Limited
DE
unknown
1896
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
1896
chrome.exe
172.217.22.77:443
accounts.google.com
Google Inc.
US
whitelisted
1896
chrome.exe
216.58.208.35:443
www.google.com.ua
Google Inc.
US
whitelisted
1896
chrome.exe
172.217.21.202:443
fonts.googleapis.com
Google Inc.
US
whitelisted
1896
chrome.exe
172.217.23.142:80
ogs.google.com.ua
Google Inc.
US
whitelisted
1896
chrome.exe
173.194.183.103:80
r2---sn-aigl6nek.gvt1.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.magix.com
  • 195.214.216.160
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
extapi.magix.com
  • 195.214.216.83
unknown
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
clientservices.googleapis.com
  • 172.217.21.195
  • 216.58.207.35
whitelisted
accounts.google.com
  • 172.217.22.77
  • 216.58.212.173
shared
www.google.com.ua
  • 216.58.208.35
whitelisted
fonts.googleapis.com
  • 172.217.21.202
whitelisted
www.gstatic.com
  • 172.217.16.163
whitelisted

Threats

PID
Process
Class
Message
2572
Lunar Client.exe
Generic Protocol Command Decode
SURICATA STREAM TIMEWAIT ACK with wrong seq
2572
Lunar Client.exe
Generic Protocol Command Decode
SURICATA STREAM TIMEWAIT ACK with wrong seq
2572
Lunar Client.exe
Generic Protocol Command Decode
SURICATA STREAM FIN2 FIN with wrong seq
2572
Lunar Client.exe
Generic Protocol Command Decode
SURICATA STREAM FIN2 FIN with wrong seq
2572
Lunar Client.exe
Generic Protocol Command Decode
SURICATA STREAM FIN2 FIN with wrong seq
2572
Lunar Client.exe
Generic Protocol Command Decode
SURICATA STREAM FIN2 FIN with wrong seq
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
trial_vegaspro17_dlm.exe