File name:

Extreme.Injector.v3.7.3.-.by.master131.rar

Full analysis: https://app.any.run/tasks/b9defb32-2182-449c-91ca-ca4ca09e18e8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 22, 2026, 22:34:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
github
api-base64
loader
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

941B701BCC0F6C289A225E5A431573F8

SHA1:

C863D3ADFBC3C83B5EFE1A63A2E3DA63E056F9EC

SHA256:

0745A34059CE74DF97CD845900832015911E71954F656045D9795ACBC49504D0

SSDEEP:

98304:3NWnE0RukFf4AnfrAMU16RpZ/opj7Funy30k/UufoJ+a0qRmtHkZdOKdk5UAuhJ+:UIPX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • dxwebsetup.exe (PID: 7764)

    • Executing a file with an untrusted certificate

      • infinst.exe (PID: 5200)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 7800)
      • infinst.exe (PID: 4548)
      • infinst.exe (PID: 1504)
      • infinst.exe (PID: 8780)
      • infinst.exe (PID: 3016)
      • infinst.exe (PID: 9208)
      • infinst.exe (PID: 552)
      • infinst.exe (PID: 6112)
      • infinst.exe (PID: 8244)
      • infinst.exe (PID: 8980)
      • infinst.exe (PID: 7268)
      • infinst.exe (PID: 9028)
      • infinst.exe (PID: 8084)
      • infinst.exe (PID: 8840)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 9196)
      • infinst.exe (PID: 8456)
      • infinst.exe (PID: 6096)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 5228)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 9012)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 7160)
      • infinst.exe (PID: 8312)
      • infinst.exe (PID: 9176)
      • infinst.exe (PID: 1164)
      • infinst.exe (PID: 2156)
      • infinst.exe (PID: 8772)
      • infinst.exe (PID: 3092)
      • infinst.exe (PID: 3104)
      • infinst.exe (PID: 6804)
      • infinst.exe (PID: 2728)
      • infinst.exe (PID: 7332)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 5708)
      • infinst.exe (PID: 8124)
      • infinst.exe (PID: 3008)
      • infinst.exe (PID: 8616)
      • infinst.exe (PID: 9200)
      • infinst.exe (PID: 5436)
      • infinst.exe (PID: 6384)
      • infinst.exe (PID: 7680)
      • infinst.exe (PID: 8292)
      • infinst.exe (PID: 5304)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 7792)
      • infinst.exe (PID: 9080)
      • infinst.exe (PID: 800)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 9192)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 2736)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 8264)
      • infinst.exe (PID: 9104)
      • infinst.exe (PID: 8024)
      • infinst.exe (PID: 1652)
      • infinst.exe (PID: 4124)
      • infinst.exe (PID: 9212)
      • infinst.exe (PID: 7848)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 8200)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 7352)
      • infinst.exe (PID: 8892)
      • infinst.exe (PID: 8904)
      • infinst.exe (PID: 8624)
      • infinst.exe (PID: 5988)

    • Registers / Runs the DLL via REGSVR32.EXE

      • dxwsetup.exe (PID: 2120)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • Extreme Injector v3.exe (PID: 6060)

    • Application launched itself

      • Extreme Injector v3.exe (PID: 6060)

    • Starts a Microsoft application from unusual location

      • dxwsetup.exe (PID: 2120)

    • Executable content was dropped or overwritten

      • dxwsetup.exe (PID: 2120)
      • dxwebsetup.exe (PID: 7764)
      • infinst.exe (PID: 5200)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 7800)
      • infinst.exe (PID: 4548)
      • infinst.exe (PID: 3016)
      • infinst.exe (PID: 1504)
      • infinst.exe (PID: 8244)
      • infinst.exe (PID: 9208)
      • infinst.exe (PID: 6112)
      • infinst.exe (PID: 8780)
      • infinst.exe (PID: 8980)
      • infinst.exe (PID: 5988)
      • infinst.exe (PID: 7268)
      • infinst.exe (PID: 8312)
      • infinst.exe (PID: 9012)
      • infinst.exe (PID: 552)
      • infinst.exe (PID: 8840)
      • infinst.exe (PID: 8084)
      • infinst.exe (PID: 9028)
      • infinst.exe (PID: 6096)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 9196)
      • infinst.exe (PID: 8456)
      • infinst.exe (PID: 3092)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 5228)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 7160)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 1164)
      • infinst.exe (PID: 9176)
      • infinst.exe (PID: 6804)
      • infinst.exe (PID: 8772)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 7332)
      • infinst.exe (PID: 2728)
      • infinst.exe (PID: 2156)
      • infinst.exe (PID: 8616)
      • infinst.exe (PID: 8124)
      • infinst.exe (PID: 5708)
      • infinst.exe (PID: 7680)
      • infinst.exe (PID: 6384)
      • infinst.exe (PID: 3008)
      • infinst.exe (PID: 9200)
      • infinst.exe (PID: 5436)
      • infinst.exe (PID: 8292)
      • infinst.exe (PID: 9080)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 5304)
      • infinst.exe (PID: 9192)
      • infinst.exe (PID: 800)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 7792)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 2736)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 8264)
      • infinst.exe (PID: 8024)
      • infinst.exe (PID: 1652)
      • infinst.exe (PID: 4124)
      • infinst.exe (PID: 7848)
      • infinst.exe (PID: 9212)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 7352)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 8200)
      • infinst.exe (PID: 8904)
      • infinst.exe (PID: 5988)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 8624)
      • infinst.exe (PID: 8892)
      • infinst.exe (PID: 9104)

    • Executes as Windows Service

      • VSSVC.exe (PID: 9108)

    • Searches for installed software

      • dllhost.exe (PID: 9192)

    • Write to the desktop.ini file (may be used to cloak folders)

      • dxwsetup.exe (PID: 2120)

    • Creates/Modifies COM task schedule object

      • dxwsetup.exe (PID: 2120)
      • regsvr32.exe (PID: 7656)
      • regsvr32.exe (PID: 5408)
      • regsvr32.exe (PID: 8912)
      • regsvr32.exe (PID: 2988)
      • regsvr32.exe (PID: 5412)
      • regsvr32.exe (PID: 7248)
      • regsvr32.exe (PID: 6104)
      • regsvr32.exe (PID: 7512)
      • regsvr32.exe (PID: 6748)
      • regsvr32.exe (PID: 9064)
      • regsvr32.exe (PID: 2736)
      • regsvr32.exe (PID: 2396)
      • regsvr32.exe (PID: 4260)
      • regsvr32.exe (PID: 6720)
      • regsvr32.exe (PID: 8248)
      • regsvr32.exe (PID: 4600)
      • regsvr32.exe (PID: 5768)
      • regsvr32.exe (PID: 8860)
      • regsvr32.exe (PID: 9204)
      • regsvr32.exe (PID: 8976)
      • regsvr32.exe (PID: 5228)
      • regsvr32.exe (PID: 3172)
      • regsvr32.exe (PID: 3276)
      • regsvr32.exe (PID: 6796)
      • regsvr32.exe (PID: 9056)
      • regsvr32.exe (PID: 8900)
      • regsvr32.exe (PID: 5412)

  • INFO

    • Generic archive extractor

      • WinRAR.exe (PID: 8128)

    • Reads security settings of Internet Explorer

      • Extreme Injector v3.exe (PID: 6060)
      • dxwsetup.exe (PID: 2120)
      • Extreme Injector v3.exe (PID: 3996)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 8128)
      • msedge.exe (PID: 2940)

    • Reads the computer name

      • Extreme Injector v3.exe (PID: 6060)
      • Extreme Injector v3.exe (PID: 3996)
      • identity_helper.exe (PID: 7684)
      • dxwsetup.exe (PID: 2120)

    • Checks supported languages

      • Extreme Injector v3.exe (PID: 6060)
      • Extreme Injector v3.exe (PID: 3996)
      • identity_helper.exe (PID: 7684)
      • dxwebsetup.exe (PID: 7764)
      • dxwsetup.exe (PID: 2120)
      • infinst.exe (PID: 5200)
      • infinst.exe (PID: 1504)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 7800)
      • infinst.exe (PID: 4548)
      • infinst.exe (PID: 8780)
      • infinst.exe (PID: 3016)
      • infinst.exe (PID: 9208)
      • infinst.exe (PID: 6112)
      • infinst.exe (PID: 8244)
      • infinst.exe (PID: 8980)
      • infinst.exe (PID: 552)
      • infinst.exe (PID: 7268)
      • infinst.exe (PID: 8312)
      • infinst.exe (PID: 9012)
      • infinst.exe (PID: 8840)
      • infinst.exe (PID: 8084)
      • infinst.exe (PID: 9028)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 9196)
      • infinst.exe (PID: 8456)
      • infinst.exe (PID: 3092)
      • infinst.exe (PID: 5228)
      • infinst.exe (PID: 5988)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 7160)
      • infinst.exe (PID: 9176)
      • infinst.exe (PID: 1164)
      • infinst.exe (PID: 8772)
      • infinst.exe (PID: 2156)
      • infinst.exe (PID: 6096)
      • infinst.exe (PID: 3104)
      • infinst.exe (PID: 6804)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 5708)
      • infinst.exe (PID: 2728)
      • infinst.exe (PID: 7332)
      • infinst.exe (PID: 8616)
      • infinst.exe (PID: 3008)
      • infinst.exe (PID: 8124)
      • infinst.exe (PID: 9200)
      • infinst.exe (PID: 7680)
      • infinst.exe (PID: 6384)
      • infinst.exe (PID: 8292)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 5304)
      • infinst.exe (PID: 5436)
      • infinst.exe (PID: 9080)
      • infinst.exe (PID: 800)
      • infinst.exe (PID: 7792)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 9192)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 2736)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 8264)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 8024)
      • infinst.exe (PID: 9212)
      • infinst.exe (PID: 7848)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 7352)
      • infinst.exe (PID: 8200)
      • infinst.exe (PID: 8892)
      • infinst.exe (PID: 1652)
      • infinst.exe (PID: 8904)
      • infinst.exe (PID: 5988)
      • infinst.exe (PID: 8624)
      • infinst.exe (PID: 9104)
      • infinst.exe (PID: 4124)

    • Manual execution by a user

      • Extreme Injector v3.exe (PID: 6060)
      • msedge.exe (PID: 7944)
      • msedge.exe (PID: 2940)

    • Reads Environment values

      • Extreme Injector v3.exe (PID: 3996)
      • identity_helper.exe (PID: 7684)

    • Disables trace logs

      • Extreme Injector v3.exe (PID: 3996)

    • The sample compiled with english language support

      • msedge.exe (PID: 2940)
      • dxwsetup.exe (PID: 2120)
      • dxwebsetup.exe (PID: 7764)
      • infinst.exe (PID: 5200)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 4548)
      • infinst.exe (PID: 8780)
      • infinst.exe (PID: 3016)
      • infinst.exe (PID: 1504)
      • infinst.exe (PID: 9208)
      • infinst.exe (PID: 6112)
      • infinst.exe (PID: 8244)
      • infinst.exe (PID: 552)
      • infinst.exe (PID: 8980)
      • msedge.exe (PID: 5784)
      • infinst.exe (PID: 7800)
      • infinst.exe (PID: 5988)
      • infinst.exe (PID: 7268)
      • infinst.exe (PID: 9012)
      • infinst.exe (PID: 8840)
      • infinst.exe (PID: 8084)
      • infinst.exe (PID: 9028)
      • infinst.exe (PID: 6096)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 9196)
      • infinst.exe (PID: 8456)
      • infinst.exe (PID: 5228)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 3092)
      • infinst.exe (PID: 8312)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 7160)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 9176)
      • infinst.exe (PID: 1164)
      • infinst.exe (PID: 6804)
      • infinst.exe (PID: 8772)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 7332)
      • infinst.exe (PID: 2156)
      • infinst.exe (PID: 2728)
      • infinst.exe (PID: 8124)
      • infinst.exe (PID: 8616)
      • infinst.exe (PID: 5708)
      • infinst.exe (PID: 9200)
      • infinst.exe (PID: 7680)
      • infinst.exe (PID: 3008)
      • infinst.exe (PID: 6384)
      • infinst.exe (PID: 8292)
      • infinst.exe (PID: 9060)
      • infinst.exe (PID: 5304)
      • infinst.exe (PID: 5436)
      • infinst.exe (PID: 9080)
      • infinst.exe (PID: 800)
      • infinst.exe (PID: 7792)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 9192)
      • infinst.exe (PID: 7836)
      • infinst.exe (PID: 2736)
      • infinst.exe (PID: 5392)
      • infinst.exe (PID: 2164)
      • infinst.exe (PID: 5780)
      • infinst.exe (PID: 8264)
      • infinst.exe (PID: 1652)
      • infinst.exe (PID: 4124)
      • infinst.exe (PID: 9212)
      • infinst.exe (PID: 7848)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 7352)
      • infinst.exe (PID: 8724)
      • infinst.exe (PID: 8200)
      • infinst.exe (PID: 8904)
      • infinst.exe (PID: 8892)
      • infinst.exe (PID: 5988)
      • infinst.exe (PID: 8624)
      • infinst.exe (PID: 8024)
      • infinst.exe (PID: 9104)

    • Process checks computer location settings

      • Extreme Injector v3.exe (PID: 6060)

    • Potential library load (Base64 Encoded 'LoadLibrary')

      • Extreme Injector v3.exe (PID: 3996)

    • Application launched itself

      • msedge.exe (PID: 2940)
      • msedge.exe (PID: 8652)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 2940)

    • Reads the machine GUID from the registry

      • Extreme Injector v3.exe (PID: 3996)
      • dxwsetup.exe (PID: 2120)
      • Extreme Injector v3.exe (PID: 6060)

    • Potential access to remote process (Base64 Encoded 'OpenProcess')

      • Extreme Injector v3.exe (PID: 3996)

    • Create files in a temporary directory

      • dxwebsetup.exe (PID: 7764)
      • dxwsetup.exe (PID: 2120)

    • Launching a file from a Registry key

      • dxwebsetup.exe (PID: 7764)

    • Creates files or folders in the user directory

      • dxwsetup.exe (PID: 2120)

    • Manages system restore points

      • SrTasks.exe (PID: 7820)

    • Creating file in SysWOW64

      • dxwsetup.exe (PID: 2120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

FileVersion: RAR v4
CompressedSize: 1301121
UncompressedSize: 1968128
OperatingSystem: Win32
ModifyDate: 2017:12:10 09:48:48
PackingMethod: Normal
ArchivedFileName: Extreme Injector v3.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
307
Monitored processes
161
Malicious processes
3
Suspicious processes
73

Behavior graph

Click at the process to see the details
start winrar.exe extreme injector v3.exe no specs extreme injector v3.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dxwebsetup.exe no specs dxwebsetup.exe dxwsetup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs SPPSurrogate no specs vssvc.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe msedge.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe msedge.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs msedge.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs SPPSurrogate no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6080,i,18138712495803746210,16666592224351295172,262144 --variations-seed-version --mojo-platform-channel-handle=8316 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
552C:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe XACT2_2_x64.infC:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dxd322.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3672,i,18138712495803746210,16666592224351295172,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
800C:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe D3DX9_40_x64.infC:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dxd322.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1164C:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe X3DAudio1_2_x64.infC:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dxd322.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1504C:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe d3dx9_28_x64.infC:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dxd322.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1652C:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe XACT3_5_x64.infC:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dxd322.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2116"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5100,i,18138712495803746210,16666592224351295172,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120C:\Users\admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
dxwebsetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
DirectX Setup
Exit code:
2852126720
Version:
4.9.0.0904
Modules
Images
c:\users\admin\appdata\local\temp\ixp000.tmp\dxwsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2156C:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe d3dx9_36_x64.infC:\Users\admin\AppData\Local\Temp\DXD322.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dxd322.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
662
Suspicious files
2 055
Text files
334
Unknown types
214

Dropped files

PID
Process
Filename
Type
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFea5d1.TMP
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFea5d1.TMP
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFea5d1.TMP
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFea5d1.TMP
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFea5d1.TMP
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFea5e0.TMP
MD5:
SHA256:
2940msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 462
TCP/UDP connections
223
DNS requests
259
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
6892
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
3996
Extreme Injector v3.exe
GET
302
23.59.18.102:443
https://www.microsoft.com/download/confirmation.aspx?id=35
US
whitelisted
3996
Extreme Injector v3.exe
GET
302
23.59.18.102:443
https://www.microsoft.com/nb-no/download/confirmation.aspx?id=35
US
whitelisted
6892
SIHClient.exe
GET
200
20.165.94.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
6892
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
6892
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
4872
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
4872
svchost.exe
GET
200
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=0&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
text
5.80 Kb
whitelisted
4872
svchost.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4872
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
184.86.251.7:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4872
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4872
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
google.com
  • 142.251.20.102
  • 142.251.20.138
  • 142.251.20.113
  • 142.251.20.100
  • 142.251.20.101
  • 142.251.20.139
whitelisted
www.bing.com
  • 184.86.251.7
  • 184.86.251.19
  • 184.86.251.22
  • 184.86.251.27
  • 2.16.204.141
  • 2.16.204.161
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
  • 2.16.164.49
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.59.18.102
whitelisted
raw.githubusercontent.com
  • 185.199.109.133
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.111.133
whitelisted
login.live.com
  • 20.190.160.66
  • 40.126.32.76
  • 20.190.160.65
  • 20.190.160.4
  • 20.190.160.67
  • 20.190.160.17
  • 40.126.32.134
  • 20.190.160.64
whitelisted

Threats

PID
Process
Class
Message
4872
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2232
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
5784
msedge.exe
Misc activity
ET INFO EXE - Served Attached HTTP
Process
Message
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
Invalid parameter passed to C runtime function.
dxwsetup.exe
Invalid parameter passed to C runtime function.
dxwsetup.exe
DLL_PROCESS_DETACH
dxwsetup.exe
DLL_PROCESS_DETACH
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
DLL_PROCESS_DETACH
dxwsetup.exe
DLL_PROCESS_DETACH
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Extreme.Injector.v3.7.3.-.by.master131.rar