File name:

dmaster.exe

Full analysis: https://app.any.run/tasks/ce524104-a0a7-44bc-b3bf-89f5316b89d0
Verdict: Malicious activity
Analysis date: September 06, 2024, 19:44:40
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

55F2155A18103B1AD0906B8B41A0564D

SHA1:

3C09F8B510E61EAE350F8117E0561030D714948C

SHA256:

B9977F9E501FF7E873B5B5809296B8F98EE56D07E7BB87F61D6DBC5F3746A5F9

SSDEEP:

98304:7+cD4dnkGG9z9+iZjReRj98yC0u2ho6IiSgfUr8B4HmWPBhC4zH72dm5dtOIOzZC:G3/FuZMPDpA9YTJPBSV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • dmaster.tmp (PID: 5124)

    • Changes the autorun value in the registry

      • dmaster.exe (PID: 3176)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • dmaster.tmp (PID: 4976)
      • dmaster.exe (PID: 3176)

    • Executable content was dropped or overwritten

      • dmaster.exe (PID: 5264)
      • dmaster.tmp (PID: 5124)
      • dmaster.exe (PID: 6840)
      • dmaster.exe (PID: 3176)

    • Reads the Windows owner or organization settings

      • dmaster.tmp (PID: 5124)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6372)
      • regsvr32.exe (PID: 2264)

    • There is functionality for taking screenshot (YARA)

      • dmaster.exe (PID: 3176)

    • There is functionality for communication over UDP network (YARA)

      • dmaster.exe (PID: 3176)

  • INFO

    • Create files in a temporary directory

      • dmaster.exe (PID: 6840)
      • dmaster.exe (PID: 5264)
      • dmaster.tmp (PID: 5124)

    • Checks supported languages

      • dmaster.exe (PID: 6840)
      • dmaster.exe (PID: 5264)
      • dmaster.tmp (PID: 4976)
      • dmaster.tmp (PID: 5124)
      • dmaster.exe (PID: 3176)
      • identity_helper.exe (PID: 1640)

    • Process checks computer location settings

      • dmaster.tmp (PID: 4976)
      • dmaster.exe (PID: 3176)

    • Reads the computer name

      • dmaster.tmp (PID: 4976)
      • dmaster.tmp (PID: 5124)
      • dmaster.exe (PID: 3176)
      • identity_helper.exe (PID: 1640)

    • Creates files in the program directory

      • dmaster.tmp (PID: 5124)

    • Creates a software uninstall entry

      • dmaster.tmp (PID: 5124)

    • Sends debugging messages

      • dmaster.exe (PID: 3176)

    • Reads the machine GUID from the registry

      • dmaster.exe (PID: 3176)

    • Creates files or folders in the user directory

      • dmaster.exe (PID: 3176)

    • Disables trace logs

      • dmaster.exe (PID: 3176)

    • Application launched itself

      • firefox.exe (PID: 2892)
      • chrome.exe (PID: 3328)
      • firefox.exe (PID: 2492)
      • msedge.exe (PID: 2820)

    • The process uses the downloaded file

      • dmaster.exe (PID: 3176)

    • Checks proxy server information

      • dmaster.exe (PID: 3176)

    • Reads Environment values

      • identity_helper.exe (PID: 1640)

    • UPX packer has been detected

      • dmaster.exe (PID: 3176)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 7.1.2.0
ProductVersionNumber: 7.1.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: WestByte
FileDescription: Download Master Setup
FileVersion: 7.1.2
LegalCopyright: Copyright (c) 2002-2024 WestByte
OriginalFileName:
ProductName: Download Master
ProductVersion: 7.1.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
74
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start dmaster.exe dmaster.tmp no specs dmaster.exe dmaster.tmp regsvr32.exe no specs regsvr32.exe no specs THREAT dmaster.exe chrome.exe msedge.exe firefox.exe no specs firefox.exe msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3492 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6324 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4220 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1608"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x324,0x328,0x32c,0x320,0x318,0x7fffd58e5fd8,0x7fffd58e5fe4,0x7fffd58e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1640"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6428 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2080"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fffd332dc40,0x7fffd332dc4c,0x7fffd332dc58C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2264"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Download Master\dmiehlp.dll"C:\Windows\SysWOW64\regsvr32.exedmaster.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2492"C:\Program Files\Mozilla Firefox\firefox.exe" https://westbyte.com/dm/firefox/pluginC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
Total events
36 343
Read events
35 827
Write events
514
Delete events
2

Modification events

(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:InstallLanguage
Value:
English
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:InstallPath
Value:
C:\Program Files (x86)\Download Master
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:ExeFile
Value:
C:\Program Files (x86)\Download Master\dmaster.exe
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:IEInt
Value:
0
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:UseAltCtrlKeys
Value:
1
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:UseAutoFU
Value:
1
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:DownloadExtensions
Value:
EXE ZIP RAR ARJ Z GZ LZH GZIP TAR MP3 AVI MPG MPEG QT PLJ ASF WMA WMV MOV TIF TIFF BIN ACE ISO WAV VQF OGG MPE MPA RAM 7Z
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:IgnoreURLFromSites
Value:
update.microsoft.com .buydirect.com
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:atinmb
Value:
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:LastFUDate
Value:
Executable files
34
Suspicious files
472
Text files
314
Unknown types
2

Dropped files

PID
Process
Filename
Type
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-DJ8QI.tmpimage
MD5:D97AC2DC81CEA733A6BC49E609B75213
SHA256:AF207DCDE55FFF6A1597C3E16764B58841197930ED2909F5075B44053C5C5AFE
5124dmaster.tmpC:\Program Files (x86)\Download Master\lvcolors.cfgtext
MD5:69031E6ED2E4B83BF7B9D187347C0190
SHA256:D90950F0CCC19FE055A0EA13832A0614EEA8D80594180C20A7849918CF4224B5
5264dmaster.exeC:\Users\admin\AppData\Local\Temp\is-IF925.tmp\dmaster.tmpexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-A0009.tmpexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
6840dmaster.exeC:\Users\admin\AppData\Local\Temp\is-F4CPI.tmp\dmaster.tmpexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-KCV0I.tmptext
MD5:69031E6ED2E4B83BF7B9D187347C0190
SHA256:D90950F0CCC19FE055A0EA13832A0614EEA8D80594180C20A7849918CF4224B5
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-GBQU7.tmpxml
MD5:FD639DBA86FCF71113DDAD9A1471D402
SHA256:CA9234586986483B6C5D27FF2B037BEC08E9AC067BD98A756290887450748EC6
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-CCD3Q.tmpimage
MD5:541C0204B4A322C0C1BD136C8F294901
SHA256:EDC7F98DD74855A086F16B7E9D79749BAD19F441BED186271431B4B083376085
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-BB1EH.tmptext
MD5:C601E846701DC5A2E945CA36197D00AB
SHA256:FC9581B09EA234963CCB1D71153E833766BE666629676F29F7FB7A7C24A2648D
5124dmaster.tmpC:\Program Files (x86)\Download Master\unins000.exeexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
190
TCP/UDP connections
175
DNS requests
191
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7072
RUXIMICS.exe
GET
200
104.84.57.181:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
178.62.232.239:443
https://westbyte.com/dm/start?lng=English
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
7008
svchost.exe
GET
200
104.84.57.181:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
OPTIONS
23.48.23.152:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
GET
200
13.107.6.203:443
https://microsoftedge.microsoft.com/addons/css/site.css
unknown
GET
301
142.250.186.100:443
https://chrome.google.com/webstore/detail/download-master/dljdacfojgikogldjffnkdcielnklkce
unknown
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=42&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
12.2 Kb
GET
301
178.62.232.239:443
https://westbyte.com/dm/edge/plugin
unknown
html
385 b
GET
200
94.245.104.56:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
unknown
binary
59 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
7072
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7008
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7072
RUXIMICS.exe
104.84.57.181:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7008
svchost.exe
104.84.57.181:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
52.167.249.196:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
7008
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 52.167.249.196
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.microsoft.com
  • 104.84.57.181
  • 184.30.21.171
whitelisted
activeapp.org
  • 167.71.76.238
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
westbyte.com
  • 178.62.232.239
unknown
api.edgeoffer.microsoft.com
  • 94.245.104.56
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
Process
Message
dmaster.exe
VCLFixPack patch installed: GridFlickerFix
dmaster.exe
VCLFixPack patch installed: CancelHintDeadlockFix
dmaster.exe
VCLFixPack patch installed: ControlResizeFix
dmaster.exe
VCLFixPack patch installed: ActionListAVFix
dmaster.exe
VCLFixPack patch installed: ContextMenuFix
dmaster.exe
VCLFixPack patch installed: SysUtilsAbortFix
dmaster.exe
VCLFixPack patch installed: MDIChildFocusFix
dmaster.exe
VCLFixPack patch installed: PageControlPaintingFix
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
dmaster.exe