File name:

DawnMTA Launcher telepítő.exe

Full analysis: https://app.any.run/tasks/fe00b43b-b62d-4887-9d5d-c9f2db671078
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 12, 2025, 00:28:57
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D016725B5C11B20DA5F3ED2E44560960

SHA1:

2A6D6A041978DFE92E8259F797D278C8DD0DDA84

SHA256:

0392D3E1F98481897674F5E8950FAA03C0CFE9DDFB72DA7239ED3793A7083692

SSDEEP:

98304:6J8DlhKusF/qK3Y4iA9/QlAvd4+O1cAMTsUkGSY2SDtxC27Dgw3w5fBm5s3k5y1/:6QEQPych3iMtXyKw+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6644)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • DawnMTA Launcher telepítő.exe (PID: 4448)

    • The process creates files with name similar to system file names

      • DawnMTA Launcher telepítő.exe (PID: 4448)

    • Process requests binary or script from the Internet

      • DawnMTA Launcher telepítő.exe (PID: 4448)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6476)
      • MicrosoftEdgeUpdate.exe (PID: 6644)

    • Process drops legitimate windows executable

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6476)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 5892)
      • setup.exe (PID: 6108)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeWebview2Setup.exe (PID: 6476)
      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • setup.exe (PID: 6108)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 5892)

    • There is functionality for taking screenshot (YARA)

      • DawnMTA Launcher telepítő.exe (PID: 4448)

    • Searches for installed software

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • setup.exe (PID: 6108)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6644)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4756)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4652)
      • MicrosoftEdgeUpdate.exe (PID: 5892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6656)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdgeUpdate.exe (PID: 5400)

    • Application launched itself

      • setup.exe (PID: 6108)
      • MicrosoftEdgeUpdate.exe (PID: 5400)
      • msedgewebview2.exe (PID: 6660)

    • Creates a software uninstall entry

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • setup.exe (PID: 6108)

  • INFO

    • Checks supported languages

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6476)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6656)
      • MicrosoftEdgeUpdate.exe (PID: 5892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4756)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4652)
      • MicrosoftEdgeUpdate.exe (PID: 5864)
      • MicrosoftEdgeUpdate.exe (PID: 6676)
      • MicrosoftEdgeUpdate.exe (PID: 5400)
      • setup.exe (PID: 6108)
      • setup.exe (PID: 5008)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 5892)
      • MicrosoftEdgeUpdate.exe (PID: 6576)

    • Checks proxy server information

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeUpdate.exe (PID: 5864)
      • MicrosoftEdgeUpdate.exe (PID: 5400)
      • MicrosoftEdgeUpdate.exe (PID: 6576)
      • slui.exe (PID: 6620)

    • The sample compiled with english language support

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6476)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 5892)
      • setup.exe (PID: 6108)

    • Reads the computer name

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdgeUpdate.exe (PID: 5892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4652)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4756)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6656)
      • MicrosoftEdgeUpdate.exe (PID: 6676)
      • MicrosoftEdgeUpdate.exe (PID: 5400)
      • MicrosoftEdgeUpdate.exe (PID: 5864)
      • setup.exe (PID: 6108)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 5892)
      • MicrosoftEdgeUpdate.exe (PID: 6576)

    • Create files in a temporary directory

      • DawnMTA Launcher telepítő.exe (PID: 4448)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6476)
      • MicrosoftEdgeUpdate.exe (PID: 6644)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdgeUpdate.exe (PID: 5400)
      • setup.exe (PID: 6108)
      • setup.exe (PID: 5008)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 5892)
      • DawnMTA Launcher telepítő.exe (PID: 4448)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • setup.exe (PID: 6108)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5864)
      • MicrosoftEdgeUpdate.exe (PID: 6576)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 5400)
      • MicrosoftEdgeUpdate.exe (PID: 5864)
      • slui.exe (PID: 6032)
      • MicrosoftEdgeUpdate.exe (PID: 6576)
      • slui.exe (PID: 6620)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 5400)

    • Manual execution by a user

      • Taskmgr.exe (PID: 6384)
      • Taskmgr.exe (PID: 5136)
      • dawnlauncher.exe (PID: 2104)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 5136)

    • Application launched itself

      • msedge.exe (PID: 720)
      • msedge.exe (PID: 7964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.1.0.0
ProductVersionNumber: 0.1.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: DawnMTA Launcher
FileVersion: 0.1.0
LegalCopyright: -
ProductName: DawnMTA Launcher
ProductVersion: 0.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
217
Monitored processes
77
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dawnmta launcher telepítő.exe sppextcomobj.exe no specs slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_136.0.3240.64.exe setup.exe setup.exe no specs taskmgr.exe no specs taskmgr.exe microsoftedgeupdate.exe dawnlauncher.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
720"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dawn-game.com/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
dawnlauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1184"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.dawnlauncher.app\EBWebView" --webview-exe-name=dawnlauncher.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=1896,i,16274188843836194470,3684638901043477860,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1532"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=2296,i,10822717190071975022,3067393580612178999,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2104"C:\Users\admin\AppData\Local\DawnMTA Launcher\dawnlauncher.exe" C:\Users\admin\AppData\Local\DawnMTA Launcher\dawnlauncher.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DawnMTA Launcher
Version:
0.1.0
Modules
Images
c:\users\admin\appdata\local\dawnmta launcher\dawnlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2384C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
2504"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5092 --field-trial-handle=2364,i,4891364571408513292,17425691775874610713,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3100"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4936 --field-trial-handle=2364,i,4891364571408513292,17425691775874610713,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3124"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.dawnlauncher.app\EBWebView" --webview-exe-name=dawnlauncher.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1896,i,16274188843836194470,3684638901043477860,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dawn-game.com/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exedawnlauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4360 --field-trial-handle=2364,i,4891364571408513292,17425691775874610713,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
22 534
Read events
19 862
Write events
2 603
Delete events
69

Modification events

(PID) Process:(6644) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{43760BE1-7101-4452-B88B-00B64766E79E}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{79F05C14-E714-4C12-9924-93C812894CB0}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{43760BE1-7101-4452-B88B-00B64766E79E}\InprocHandler32
Operation:delete keyName:(default)
Value:
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{43760BE1-7101-4452-B88B-00B64766E79E}
Operation:delete keyName:(default)
Value:
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}
Operation:delete keyName:(default)
Value:
(PID) Process:(5892) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:delete keyName:(default)
Value:
Executable files
231
Suspicious files
386
Text files
113
Unknown types
2

Dropped files

PID
Process
Filename
Type
4448DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nsoB356.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
6476MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU129B.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:404C7C261CA1C9FBA7774897E871C538
SHA256:4C52D2B1CAA23F4BDEEF21AE5A5C0B875F9E555887D1D6CB84E65ECE94F8C3A7
4448DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:A7E58B2280FE3768A007DE5BFCED6E1E
SHA256:3B8733318F3FD0B18714B651F1558B063A3EADBE287695B6A36BA45FAEF3DECA
4448DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nsoB356.tmp\NSISdl.dllexecutable
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
6476MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU129B.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:775BFFE023242A224DC00B190CDD6B0E
SHA256:868D0B887CED2B9C96F69256626EF20E06E1EA582412E02C77B67179F0BB488A
6476MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU129B.tmp\msedgeupdate.dllexecutable
MD5:C4850C9C841ED29FF08A8860C8B48175
SHA256:F7BAC71570109778D3E971786340BB59955E8779C792B2EE74D2598E9C6F5569
6476MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU129B.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:5FB2A3D78FA87A1A6250E1BCA55CCAD7
SHA256:B80CDCE8D4A0E484078F0555428B71DFA573EC0EEC644D84554C469C50227197
6476MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU129B.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:74ABCEE07CF78D7DB223D6BDB5DD5CCA
SHA256:7E4AF81ED4C0B300D182ABE757ACD5436D160E35221B7B38CC0B14C21D70768B
6476MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU129B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A2B91A80F7A2A32ABF8F2E524C07EB6B
SHA256:31DAB919FB0568B18E4A9C6CAF9F6C327AB312E226B05A8FB3C0C48895DEB03D
4448DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nsoB356.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
73
DNS requests
78
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4448
DawnMTA Launcher telepítő.exe
GET
301
95.100.186.9:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4448
DawnMTA Launcher telepítő.exe
GET
200
2.22.242.129:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/7819ef26-d4fa-4dd3-988f-fc05ba1f3fe4/MicrosoftEdgeWebview2Setup.exe
unknown
whitelisted
632
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
632
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
728
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d030d76f-35e6-4c51-9279-28644aa334bb?P1=1747614572&P2=404&P3=2&P4=Jmx86QjszqW7%2b7s2tPRy4v6Cv6wW9tV3ExIKuCfiu07YinIczViyh3JhKKrlyFkR%2f9UaoZE40%2bsDpFi%2fLtOVKA%3d%3d
unknown
whitelisted
728
svchost.exe
GET
200
199.232.210.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d030d76f-35e6-4c51-9279-28644aa334bb?P1=1747614572&P2=404&P3=2&P4=Jmx86QjszqW7%2b7s2tPRy4v6Cv6wW9tV3ExIKuCfiu07YinIczViyh3JhKKrlyFkR%2f9UaoZE40%2bsDpFi%2fLtOVKA%3d%3d
unknown
whitelisted
728
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fb6dd03b-99d7-4cc8-a878-91c8e655c2d3?P1=1747461429&P2=404&P3=2&P4=YUz8wsdNe9JshPVvafPzeM%2bBwcezThFGEC700h667kx%2fnDV%2fBx0JFv68KIW4uFIlGwlpeik1MI8fuvflZgvatQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.136
  • 20.190.160.131
  • 20.190.160.64
  • 20.190.160.65
  • 20.190.160.20
  • 40.126.32.133
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.22.242.129
  • 2.22.242.107
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

PID
Process
Class
Message
4448
DawnMTA Launcher telepítő.exe
Misc activity
ET INFO Packed Executable Download
728
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DawnMTA Launcher telepítő.exe