File name:

dffsetup-d3drm.exe

Full analysis: https://app.any.run/tasks/68d89b75-0c1e-4cf6-aabb-6a177fff7344
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 26, 2024, 14:35:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
loader
banload
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

DFB8FA37F0C6A0BE4501924B9E24FB42

SHA1:

07BB4092AEFA9811F5284EEACDECD77FBDB79A4B

SHA256:

952ED6D313F585420A73718A2621A057536709D69534B5775FA3EF92E37E73C7

SSDEEP:

98304:Ut0P3H1vh22DvjfNAF1A7CLjQYeqq9T3HARh60Op0JgrtI1SCcwBetm/RDXbmO9p:wYUF6oKA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.tmp (PID: 1492)

    • Banload is detected

      • DLLFixer.exe (PID: 120)
      • DLLFixer.exe (PID: 120)

    • Scans artifacts that could help determine the target

      • DLLFixer.exe (PID: 120)

    • Actions looks like stealing of personal data

      • DLLFixer.exe (PID: 120)

    • Registers / Runs the DLL via REGSVR32.EXE

      • dffsetup-d3drm.tmp (PID: 1492)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.tmp (PID: 1492)

    • Process drops legitimate windows executable

      • dffsetup-d3drm.tmp (PID: 1492)

    • Reads the Windows owner or organization settings

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Searches for installed software

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Reads the Internet Settings

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Reads Microsoft Outlook installation path

      • DLLFixer.exe (PID: 120)

    • Reads the BIOS version

      • DLLFixer.exe (PID: 120)

    • Creates/Modifies COM task schedule object

      • DLLFixer.exe (PID: 120)
      • regsvr32.exe (PID: 3460)

    • Reads security settings of Internet Explorer

      • DLLFixer.exe (PID: 120)

    • Checks for Java to be installed

      • DLLFixer.exe (PID: 120)

    • Checks for the .NET to be installed

      • DLLFixer.exe (PID: 120)

    • Reads the history of recent RDP connections

      • DLLFixer.exe (PID: 120)

    • Reads Internet Explorer settings

      • DLLFixer.exe (PID: 120)

    • Reads Mozilla Firefox installation path

      • DLLFixer.exe (PID: 120)

    • Check the default browser

      • DLLFixer.exe (PID: 120)

  • INFO

    • Create files in a temporary directory

      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.tmp (PID: 1492)

    • Creates files in the program directory

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Checks supported languages

      • dffsetup-d3drm.tmp (PID: 3916)
      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Reads the computer name

      • dffsetup-d3drm.tmp (PID: 3916)
      • DLLFixer.exe (PID: 120)
      • dffsetup-d3drm.tmp (PID: 1492)

    • Creates a software uninstall entry

      • dffsetup-d3drm.tmp (PID: 1492)

    • Creates files or folders in the user directory

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Application launched itself

      • msedge.exe (PID: 4008)
      • msedge.exe (PID: 748)

    • Manual execution by a user

      • msedge.exe (PID: 748)

    • Checks proxy server information

      • DLLFixer.exe (PID: 120)

    • Reads the machine GUID from the registry

      • DLLFixer.exe (PID: 120)

    • Reads Microsoft Office registry keys

      • DLLFixer.exe (PID: 120)

    • Process checks Powershell version

      • DLLFixer.exe (PID: 120)

    • Reads Windows Product ID

      • DLLFixer.exe (PID: 120)

    • Process checks the number of cached credentials

      • DLLFixer.exe (PID: 120)

    • Reads product name

      • DLLFixer.exe (PID: 120)

    • Reads Environment values

      • DLLFixer.exe (PID: 120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:07:09 07:58:13+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 480768
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.2.90.0
ProductVersionNumber: 3.2.90.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Dll-Files.com
FileDescription: Dll-Files Fixer
FileVersion: Dll-Files Fixer
LegalCopyright: © Dll-Files.com
ProductName: Dll-Files Fixer
ProductVersion: 3.2.90
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
68
Monitored processes
29
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dffsetup-d3drm.exe dffsetup-d3drm.tmp no specs dffsetup-d3drm.exe dffsetup-d3drm.tmp regsvr32.exe no specs #BANLOAD dllfixer.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe" dllfileC:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
dffsetup-d3drm.tmp
User:
admin
Company:
Dll-FIles.Com
Integrity Level:
HIGH
Description:
DLL-Files Fixer
Exit code:
0
Version:
3.2.90.3065
Modules
Images
c:\program files\dll-files.com fixer\dllfixer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.dll-files.com/thank-you-for-installing/?type=trial&langid=en&down_file=d3drm.dllC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
840"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
896"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3764 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1492"C:\Users\admin\AppData\Local\Temp\is-RCJ0T.tmp\dffsetup-d3drm.tmp" /SL5="$100130,4868890,546816,C:\Users\admin\AppData\Local\Temp\dffsetup-d3drm.exe" /SPAWNWND=$18013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-RCJ0T.tmp\dffsetup-d3drm.tmp
dffsetup-d3drm.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-rcj0t.tmp\dffsetup-d3drm.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1628 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1656"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 --field-trial-handle=1172,i,9808086023541339572,14289104814939254021,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1736"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3592 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1876"C:\Users\admin\AppData\Local\Temp\dffsetup-d3drm.exe" /SPAWNWND=$18013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\dffsetup-d3drm.exe
dffsetup-d3drm.tmp
User:
admin
Company:
Dll-Files.com
Integrity Level:
HIGH
Description:
Dll-Files Fixer
Exit code:
0
Version:
Dll-Files Fixer
Modules
Images
c:\users\admin\appdata\local\temp\dffsetup-d3drm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2068"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
60 010
Read events
59 692
Write events
225
Delete events
93

Modification events

(PID) Process:(1492) dffsetup-d3drm.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
D40500002E8F5A05C168DA01
(PID) Process:(1492) dffsetup-d3drm.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
AD2B6999D74EFF51D089ABB9149884989DE5191A243E1B33B3711965893C9822
(PID) Process:(1492) dffsetup-d3drm.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\OLEScript
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\CLSID
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\OLEScript
Operation:delete keyName:(default)
Value:
Executable files
17
Suspicious files
33
Text files
89
Unknown types
32

Dropped files

PID
Process
Filename
Type
3652dffsetup-d3drm.exeC:\Users\admin\AppData\Local\Temp\is-SBCTE.tmp\dffsetup-d3drm.tmpexecutable
MD5:872A7B9F46D89380D89B6B076926570E
SHA256:8C0564C696985EA5856ED58F06C28E8F8A5342D14C9C205F69A040E3E8202C22
1876dffsetup-d3drm.exeC:\Users\admin\AppData\Local\Temp\is-RCJ0T.tmp\dffsetup-d3drm.tmpexecutable
MD5:872A7B9F46D89380D89B6B076926570E
SHA256:8C0564C696985EA5856ED58F06C28E8F8A5342D14C9C205F69A040E3E8202C22
1492dffsetup-d3drm.tmpC:\Users\admin\AppData\Local\Temp\is-C3645.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-2VPJ7.tmpexecutable
MD5:872A7B9F46D89380D89B6B076926570E
SHA256:8C0564C696985EA5856ED58F06C28E8F8A5342D14C9C205F69A040E3E8202C22
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-HSR0O.tmpexecutable
MD5:623EBF8CE787BA94EE7E3DD3A2115372
SHA256:11F95FF48EBD0259D36AE56628439E21F775EDAFFE68A215E6959C043BDEB2BB
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-TT5Q3.tmpexecutable
MD5:28735680CCE3442E2CB5D67A74157693
SHA256:E431E984F036B1E3E715D43FC43C5267EE8CEE394FB38E3B5A95ECEBA4844717
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\DLLFixer.exeexecutable
MD5:623EBF8CE787BA94EE7E3DD3A2115372
SHA256:11F95FF48EBD0259D36AE56628439E21F775EDAFFE68A215E6959C043BDEB2BB
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\unins000.exeexecutable
MD5:872A7B9F46D89380D89B6B076926570E
SHA256:8C0564C696985EA5856ED58F06C28E8F8A5342D14C9C205F69A040E3E8202C22
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\install_left_image.bmpimage
MD5:ADB8260F652F66110C4A01EDABBBDF17
SHA256:8FD48DDA177561C4373B24AEE3D26F90411F6A1B3D6E8D257079716A453E1FA4
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-GUAFL.tmpimage
MD5:ADB8260F652F66110C4A01EDABBBDF17
SHA256:8FD48DDA177561C4373B24AEE3D26F90411F6A1B3D6E8D257079716A453E1FA4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
27
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2968
msedge.exe
GET
301
169.150.247.38:80
http://www.dll-files.com/thank-you-for-installing/?type=trial&langid=en&down_file=d3drm.dll
unknown
html
162 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2968
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
748
msedge.exe
239.255.255.250:1900
unknown
2968
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2968
msedge.exe
169.150.247.38:80
www.dll-files.com
GB
unknown
2968
msedge.exe
169.150.247.38:443
www.dll-files.com
GB
unknown
2968
msedge.exe
216.58.212.142:443
www.google-analytics.com
GOOGLE
US
whitelisted
2968
msedge.exe
23.37.226.96:443
www.bing.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.dll-files.com
  • 169.150.247.38
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.google-analytics.com
  • 216.58.212.142
whitelisted
www.bing.com
  • 23.37.226.96
  • 23.37.226.106
  • 23.37.226.98
  • 23.37.226.90
  • 23.37.226.97
  • 23.37.226.99
  • 23.37.226.104
  • 23.37.226.105
  • 23.37.226.107
whitelisted
stats.g.doubleclick.net
  • 64.233.166.155
  • 64.233.166.157
  • 64.233.166.154
  • 64.233.166.156
whitelisted
www.googletagmanager.com
  • 142.250.186.104
whitelisted
www.google.com
  • 142.250.186.36
whitelisted
www.google.de
  • 142.250.186.131
whitelisted
region1.analytics.google.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted

Threats

No threats detected
Process
Message
DLLFixer.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
DLLFixer.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
DLLFixer.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dffsetup-d3drm.exe