File name:

dffsetup-d3drm.exe

Full analysis: https://app.any.run/tasks/68d89b75-0c1e-4cf6-aabb-6a177fff7344
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 26, 2024, 14:35:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
loader
banload
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

DFB8FA37F0C6A0BE4501924B9E24FB42

SHA1:

07BB4092AEFA9811F5284EEACDECD77FBDB79A4B

SHA256:

952ED6D313F585420A73718A2621A057536709D69534B5775FA3EF92E37E73C7

SSDEEP:

98304:Ut0P3H1vh22DvjfNAF1A7CLjQYeqq9T3HARh60Op0JgrtI1SCcwBetm/RDXbmO9p:wYUF6oKA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.tmp (PID: 1492)
      • dffsetup-d3drm.exe (PID: 1876)

    • Banload is detected

      • DLLFixer.exe (PID: 120)
      • DLLFixer.exe (PID: 120)

    • Scans artifacts that could help determine the target

      • DLLFixer.exe (PID: 120)

    • Registers / Runs the DLL via REGSVR32.EXE

      • dffsetup-d3drm.tmp (PID: 1492)

    • Actions looks like stealing of personal data

      • DLLFixer.exe (PID: 120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.tmp (PID: 1492)

    • Reads the Windows owner or organization settings

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Process drops legitimate windows executable

      • dffsetup-d3drm.tmp (PID: 1492)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 3460)
      • DLLFixer.exe (PID: 120)

    • Searches for installed software

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Reads Microsoft Outlook installation path

      • DLLFixer.exe (PID: 120)

    • Reads the Internet Settings

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Reads the BIOS version

      • DLLFixer.exe (PID: 120)

    • Reads security settings of Internet Explorer

      • DLLFixer.exe (PID: 120)

    • Checks for Java to be installed

      • DLLFixer.exe (PID: 120)

    • Checks for the .NET to be installed

      • DLLFixer.exe (PID: 120)

    • Reads the history of recent RDP connections

      • DLLFixer.exe (PID: 120)

    • Reads Mozilla Firefox installation path

      • DLLFixer.exe (PID: 120)

    • Check the default browser

      • DLLFixer.exe (PID: 120)

    • Reads Internet Explorer settings

      • DLLFixer.exe (PID: 120)

  • INFO

    • Checks supported languages

      • dffsetup-d3drm.exe (PID: 3652)
      • dffsetup-d3drm.tmp (PID: 3916)
      • DLLFixer.exe (PID: 120)
      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.tmp (PID: 1492)

    • Create files in a temporary directory

      • dffsetup-d3drm.exe (PID: 1876)
      • dffsetup-d3drm.tmp (PID: 1492)
      • dffsetup-d3drm.exe (PID: 3652)

    • Reads the computer name

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)
      • dffsetup-d3drm.tmp (PID: 3916)

    • Creates files in the program directory

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Creates files or folders in the user directory

      • dffsetup-d3drm.tmp (PID: 1492)
      • DLLFixer.exe (PID: 120)

    • Creates a software uninstall entry

      • dffsetup-d3drm.tmp (PID: 1492)

    • Application launched itself

      • msedge.exe (PID: 4008)
      • msedge.exe (PID: 748)

    • Manual execution by a user

      • msedge.exe (PID: 748)

    • Checks proxy server information

      • DLLFixer.exe (PID: 120)

    • Reads the machine GUID from the registry

      • DLLFixer.exe (PID: 120)

    • Reads Microsoft Office registry keys

      • DLLFixer.exe (PID: 120)

    • Process checks Powershell version

      • DLLFixer.exe (PID: 120)

    • Process checks the number of cached credentials

      • DLLFixer.exe (PID: 120)

    • Reads product name

      • DLLFixer.exe (PID: 120)

    • Reads Environment values

      • DLLFixer.exe (PID: 120)

    • Reads Windows Product ID

      • DLLFixer.exe (PID: 120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:07:09 07:58:13+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 480768
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.2.90.0
ProductVersionNumber: 3.2.90.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Dll-Files.com
FileDescription: Dll-Files Fixer
FileVersion: Dll-Files Fixer
LegalCopyright: © Dll-Files.com
ProductName: Dll-Files Fixer
ProductVersion: 3.2.90
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
68
Monitored processes
29
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dffsetup-d3drm.exe dffsetup-d3drm.tmp no specs dffsetup-d3drm.exe dffsetup-d3drm.tmp regsvr32.exe no specs #BANLOAD dllfixer.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe" dllfileC:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
dffsetup-d3drm.tmp
User:
admin
Company:
Dll-FIles.Com
Integrity Level:
HIGH
Description:
DLL-Files Fixer
Exit code:
0
Version:
3.2.90.3065
Modules
Images
c:\program files\dll-files.com fixer\dllfixer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.dll-files.com/thank-you-for-installing/?type=trial&langid=en&down_file=d3drm.dllC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
840"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
896"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3764 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1492"C:\Users\admin\AppData\Local\Temp\is-RCJ0T.tmp\dffsetup-d3drm.tmp" /SL5="$100130,4868890,546816,C:\Users\admin\AppData\Local\Temp\dffsetup-d3drm.exe" /SPAWNWND=$18013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-RCJ0T.tmp\dffsetup-d3drm.tmp
dffsetup-d3drm.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-rcj0t.tmp\dffsetup-d3drm.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1628 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1656"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 --field-trial-handle=1172,i,9808086023541339572,14289104814939254021,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1736"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3592 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1876"C:\Users\admin\AppData\Local\Temp\dffsetup-d3drm.exe" /SPAWNWND=$18013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\dffsetup-d3drm.exe
dffsetup-d3drm.tmp
User:
admin
Company:
Dll-Files.com
Integrity Level:
HIGH
Description:
Dll-Files Fixer
Exit code:
0
Version:
Dll-Files Fixer
Modules
Images
c:\users\admin\appdata\local\temp\dffsetup-d3drm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2068"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1276,i,7634326151086349116,3303570862453539041,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
60 010
Read events
59 692
Write events
225
Delete events
93

Modification events

(PID) Process:(1492) dffsetup-d3drm.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
D40500002E8F5A05C168DA01
(PID) Process:(1492) dffsetup-d3drm.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
AD2B6999D74EFF51D089ABB9149884989DE5191A243E1B33B3711965893C9822
(PID) Process:(1492) dffsetup-d3drm.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\OLEScript
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\CLSID
Operation:delete keyName:(default)
Value:
(PID) Process:(3460) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveScript\OLEScript
Operation:delete keyName:(default)
Value:
Executable files
17
Suspicious files
33
Text files
89
Unknown types
32

Dropped files

PID
Process
Filename
Type
1876dffsetup-d3drm.exeC:\Users\admin\AppData\Local\Temp\is-RCJ0T.tmp\dffsetup-d3drm.tmpexecutable
MD5:872A7B9F46D89380D89B6B076926570E
SHA256:8C0564C696985EA5856ED58F06C28E8F8A5342D14C9C205F69A040E3E8202C22
3652dffsetup-d3drm.exeC:\Users\admin\AppData\Local\Temp\is-SBCTE.tmp\dffsetup-d3drm.tmpexecutable
MD5:872A7B9F46D89380D89B6B076926570E
SHA256:8C0564C696985EA5856ED58F06C28E8F8A5342D14C9C205F69A040E3E8202C22
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\install_left_image.bmpimage
MD5:ADB8260F652F66110C4A01EDABBBDF17
SHA256:8FD48DDA177561C4373B24AEE3D26F90411F6A1B3D6E8D257079716A453E1FA4
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-TT5Q3.tmpexecutable
MD5:28735680CCE3442E2CB5D67A74157693
SHA256:E431E984F036B1E3E715D43FC43C5267EE8CEE394FB38E3B5A95ECEBA4844717
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-QA9IH.tmpexecutable
MD5:CBAC13AEEC0B8C35BCD8BE3F815CD7E8
SHA256:78CA94130C9463175DC1DD427AABF1BE57EBB75C221208401FD78EA595D3040E
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\isxdl.dllexecutable
MD5:8192B56014894E7869374FD3B042E386
SHA256:A0AD24D6C6A606200FD2C295C74E551A84CF7282909B6DB463FBC022A5202DBC
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-5FUU3.tmpexecutable
MD5:8192B56014894E7869374FD3B042E386
SHA256:A0AD24D6C6A606200FD2C295C74E551A84CF7282909B6DB463FBC022A5202DBC
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\is-HSR0O.tmpexecutable
MD5:623EBF8CE787BA94EE7E3DD3A2115372
SHA256:11F95FF48EBD0259D36AE56628439E21F775EDAFFE68A215E6959C043BDEB2BB
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\CleanSchedule.exeexecutable
MD5:28735680CCE3442E2CB5D67A74157693
SHA256:E431E984F036B1E3E715D43FC43C5267EE8CEE394FB38E3B5A95ECEBA4844717
1492dffsetup-d3drm.tmpC:\Program Files\Dll-Files.com Fixer\Chinese_rcp.initext
MD5:76C53E1B9D66C1E3EABFACBCED91CACB
SHA256:5E65F06D4617847C8E5A65D179DD7A4648C3E22D2151A8F957B32E6E6E1B3306
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
27
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2968
msedge.exe
GET
301
169.150.247.38:80
http://www.dll-files.com/thank-you-for-installing/?type=trial&langid=en&down_file=d3drm.dll
unknown
html
162 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2968
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
748
msedge.exe
239.255.255.250:1900
unknown
2968
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2968
msedge.exe
169.150.247.38:80
www.dll-files.com
GB
unknown
2968
msedge.exe
169.150.247.38:443
www.dll-files.com
GB
unknown
2968
msedge.exe
216.58.212.142:443
www.google-analytics.com
GOOGLE
US
whitelisted
2968
msedge.exe
23.37.226.96:443
www.bing.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.dll-files.com
  • 169.150.247.38
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.google-analytics.com
  • 216.58.212.142
whitelisted
www.bing.com
  • 23.37.226.96
  • 23.37.226.106
  • 23.37.226.98
  • 23.37.226.90
  • 23.37.226.97
  • 23.37.226.99
  • 23.37.226.104
  • 23.37.226.105
  • 23.37.226.107
whitelisted
stats.g.doubleclick.net
  • 64.233.166.155
  • 64.233.166.157
  • 64.233.166.154
  • 64.233.166.156
whitelisted
www.googletagmanager.com
  • 142.250.186.104
whitelisted
www.google.com
  • 142.250.186.36
whitelisted
www.google.de
  • 142.250.186.131
whitelisted
region1.analytics.google.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted

Threats

No threats detected
Process
Message
DLLFixer.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
DLLFixer.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
DLLFixer.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dffsetup-d3drm.exe