File name:

dmaster.exe

Full analysis: https://app.any.run/tasks/ce524104-a0a7-44bc-b3bf-89f5316b89d0
Verdict: Malicious activity
Analysis date: September 06, 2024, 19:44:40
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

55F2155A18103B1AD0906B8B41A0564D

SHA1:

3C09F8B510E61EAE350F8117E0561030D714948C

SHA256:

B9977F9E501FF7E873B5B5809296B8F98EE56D07E7BB87F61D6DBC5F3746A5F9

SSDEEP:

98304:7+cD4dnkGG9z9+iZjReRj98yC0u2ho6IiSgfUr8B4HmWPBhC4zH72dm5dtOIOzZC:G3/FuZMPDpA9YTJPBSV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • dmaster.exe (PID: 3176)

    • Registers / Runs the DLL via REGSVR32.EXE

      • dmaster.tmp (PID: 5124)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • dmaster.exe (PID: 6840)
      • dmaster.exe (PID: 5264)
      • dmaster.tmp (PID: 5124)
      • dmaster.exe (PID: 3176)

    • Reads security settings of Internet Explorer

      • dmaster.tmp (PID: 4976)
      • dmaster.exe (PID: 3176)

    • Reads the Windows owner or organization settings

      • dmaster.tmp (PID: 5124)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6372)
      • regsvr32.exe (PID: 2264)

    • There is functionality for communication over UDP network (YARA)

      • dmaster.exe (PID: 3176)

    • There is functionality for taking screenshot (YARA)

      • dmaster.exe (PID: 3176)

  • INFO

    • Create files in a temporary directory

      • dmaster.exe (PID: 6840)
      • dmaster.exe (PID: 5264)
      • dmaster.tmp (PID: 5124)

    • Checks supported languages

      • dmaster.exe (PID: 6840)
      • dmaster.tmp (PID: 4976)
      • dmaster.exe (PID: 5264)
      • dmaster.tmp (PID: 5124)
      • dmaster.exe (PID: 3176)
      • identity_helper.exe (PID: 1640)

    • Reads the computer name

      • dmaster.tmp (PID: 4976)
      • dmaster.tmp (PID: 5124)
      • dmaster.exe (PID: 3176)
      • identity_helper.exe (PID: 1640)

    • Process checks computer location settings

      • dmaster.tmp (PID: 4976)
      • dmaster.exe (PID: 3176)

    • Creates files in the program directory

      • dmaster.tmp (PID: 5124)

    • Creates files or folders in the user directory

      • dmaster.exe (PID: 3176)

    • Sends debugging messages

      • dmaster.exe (PID: 3176)

    • Disables trace logs

      • dmaster.exe (PID: 3176)

    • Reads the machine GUID from the registry

      • dmaster.exe (PID: 3176)

    • The process uses the downloaded file

      • dmaster.exe (PID: 3176)

    • Creates a software uninstall entry

      • dmaster.tmp (PID: 5124)

    • Application launched itself

      • firefox.exe (PID: 2892)
      • chrome.exe (PID: 3328)
      • firefox.exe (PID: 2492)
      • msedge.exe (PID: 2820)

    • Checks proxy server information

      • dmaster.exe (PID: 3176)

    • Reads Environment values

      • identity_helper.exe (PID: 1640)

    • UPX packer has been detected

      • dmaster.exe (PID: 3176)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 7.1.2.0
ProductVersionNumber: 7.1.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: WestByte
FileDescription: Download Master Setup
FileVersion: 7.1.2
LegalCopyright: Copyright (c) 2002-2024 WestByte
OriginalFileName:
ProductName: Download Master
ProductVersion: 7.1.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
74
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start dmaster.exe dmaster.tmp no specs dmaster.exe dmaster.tmp regsvr32.exe no specs regsvr32.exe no specs THREAT dmaster.exe chrome.exe msedge.exe firefox.exe no specs firefox.exe msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3492 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6324 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4220 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1608"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x324,0x328,0x32c,0x320,0x318,0x7fffd58e5fd8,0x7fffd58e5fe4,0x7fffd58e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1640"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6428 --field-trial-handle=2372,i,5003136424730970882,8617722905261057881,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2080"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fffd332dc40,0x7fffd332dc4c,0x7fffd332dc58C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2264"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Download Master\dmiehlp.dll"C:\Windows\SysWOW64\regsvr32.exedmaster.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2492"C:\Program Files\Mozilla Firefox\firefox.exe" https://westbyte.com/dm/firefox/pluginC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
Total events
36 343
Read events
35 827
Write events
514
Delete events
2

Modification events

(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:InstallLanguage
Value:
English
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:InstallPath
Value:
C:\Program Files (x86)\Download Master
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:ExeFile
Value:
C:\Program Files (x86)\Download Master\dmaster.exe
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:IEInt
Value:
0
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:UseAltCtrlKeys
Value:
1
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:UseAutoFU
Value:
1
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:DownloadExtensions
Value:
EXE ZIP RAR ARJ Z GZ LZH GZIP TAR MP3 AVI MPG MPEG QT PLJ ASF WMA WMV MOV TIF TIFF BIN ACE ISO WAV VQF OGG MPE MPA RAM 7Z
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:IgnoreURLFromSites
Value:
update.microsoft.com .buydirect.com
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:atinmb
Value:
(PID) Process:(5124) dmaster.tmpKey:HKEY_CURRENT_USER\SOFTWARE\2VG\Download Master
Operation:writeName:LastFUDate
Value:
Executable files
34
Suspicious files
472
Text files
314
Unknown types
2

Dropped files

PID
Process
Filename
Type
6840dmaster.exeC:\Users\admin\AppData\Local\Temp\is-F4CPI.tmp\dmaster.tmpexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
5264dmaster.exeC:\Users\admin\AppData\Local\Temp\is-IF925.tmp\dmaster.tmpexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-A0009.tmpexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
5124dmaster.tmpC:\Users\admin\AppData\Local\Temp\is-93E69.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-QCPSD.tmpchm
MD5:62ADDA6C6743CB916EEE3E95C36EC45F
SHA256:87098D6E21F876C2CD732D0DF22A229657C716FCE0B34577D784FEB48CBF57FE
5124dmaster.tmpC:\Program Files (x86)\Download Master\dmaster.exeexecutable
MD5:B93967938842E6F5F50FD49F72C059FA
SHA256:F1A78D34D45D84DB5B8C461EBB81ADB8A53EBB7EF5AAD5B62C21C7C6E077A33E
5124dmaster.tmpC:\Program Files (x86)\Download Master\unins000.exeexecutable
MD5:C7364C74062AB62A663A623C83A7B677
SHA256:FC3CA471B8BE530E91C6B305D1A68A7C3479FFD5993D239F8F6B6CFEAB5456A1
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-BB1EH.tmptext
MD5:C601E846701DC5A2E945CA36197D00AB
SHA256:FC9581B09EA234963CCB1D71153E833766BE666629676F29F7FB7A7C24A2648D
5124dmaster.tmpC:\Program Files (x86)\Download Master\other_str.txttext
MD5:C601E846701DC5A2E945CA36197D00AB
SHA256:FC9581B09EA234963CCB1D71153E833766BE666629676F29F7FB7A7C24A2648D
5124dmaster.tmpC:\Program Files (x86)\Download Master\is-R3QJ5.tmpexecutable
MD5:B93967938842E6F5F50FD49F72C059FA
SHA256:F1A78D34D45D84DB5B8C461EBB81ADB8A53EBB7EF5AAD5B62C21C7C6E077A33E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
190
TCP/UDP connections
175
DNS requests
191
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7008
svchost.exe
GET
200
104.84.57.181:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7072
RUXIMICS.exe
GET
200
104.84.57.181:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
178.62.232.239:443
https://westbyte.com/dm/start?lng=English
unknown
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
OPTIONS
23.48.23.152:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
unknown
GET
200
13.107.6.203:443
https://microsoftedge.microsoft.com/addons/css/site.css
unknown
unknown
GET
301
142.250.186.100:443
https://chrome.google.com/webstore/detail/download-master/dljdacfojgikogldjffnkdcielnklkce
unknown
unknown
POST
200
167.71.76.238:443
https://activeapp.org/activation.php
unknown
text
140 b
unknown
GET
200
204.79.197.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
2.49 Kb
unknown
GET
200
94.245.104.56:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
unknown
binary
59 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
7072
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7008
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7072
RUXIMICS.exe
104.84.57.181:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7008
svchost.exe
104.84.57.181:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
52.167.249.196:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
7008
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 52.167.249.196
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.microsoft.com
  • 104.84.57.181
  • 184.30.21.171
whitelisted
activeapp.org
  • 167.71.76.238
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
westbyte.com
  • 178.62.232.239
unknown
api.edgeoffer.microsoft.com
  • 94.245.104.56
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
Process
Message
dmaster.exe
VCLFixPack patch installed: GridFlickerFix
dmaster.exe
VCLFixPack patch installed: CancelHintDeadlockFix
dmaster.exe
VCLFixPack patch installed: ControlResizeFix
dmaster.exe
VCLFixPack patch installed: ActionListAVFix
dmaster.exe
VCLFixPack patch installed: ContextMenuFix
dmaster.exe
VCLFixPack patch installed: SysUtilsAbortFix
dmaster.exe
VCLFixPack patch installed: MDIChildFocusFix
dmaster.exe
VCLFixPack patch installed: PageControlPaintingFix
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dmaster.exe