File name:

dt.exe

Full analysis: https://app.any.run/tasks/bade179a-5bd5-44a5-9233-c2ab7e280f11
Verdict: Malicious activity
Analysis date: February 21, 2024, 16:36:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CE6E10DCF7BC1EF5603929DBB349D2F6

SHA1:

E1B3A02D9ABC9C28C1ED099C2F25362B32BD5D78

SHA256:

E01C2FED1500D3C8664F0C05CC97EB94B9AF8F1BAFAC63988FF847FEBC2495EB

SSDEEP:

6144:t5ljEwPWiWbbsVwnerast0qAQzG48LfEE7:RESWiWXsVweOst0sK48bJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • dt.exe (PID: 2844)
      • cmd.exe (PID: 2964)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • dt.exe (PID: 2844)
      • cmd.exe (PID: 2964)

    • Reads security settings of Internet Explorer

      • dt.exe (PID: 2844)

    • Reads the Internet Settings

      • dt.exe (PID: 2844)

    • Starts CMD.EXE for commands execution

      • dt.exe (PID: 2844)
      • s.exe (PID: 2268)
      • s.exe (PID: 2432)
      • s.exe (PID: 3684)
      • s.exe (PID: 796)
      • s.exe (PID: 3664)
      • s.exe (PID: 2512)
      • s.exe (PID: 2764)
      • s.exe (PID: 3692)
      • s.exe (PID: 2156)
      • s.exe (PID: 1376)
      • s.exe (PID: 2044)
      • s.exe (PID: 2528)
      • s.exe (PID: 3368)
      • s.exe (PID: 4060)
      • s.exe (PID: 920)
      • s.exe (PID: 2792)
      • s.exe (PID: 3100)
      • s.exe (PID: 2756)
      • s.exe (PID: 3952)
      • s.exe (PID: 3152)
      • s.exe (PID: 3272)
      • s.exe (PID: 3260)
      • s.exe (PID: 3312)
      • s.exe (PID: 3268)
      • s.exe (PID: 2328)
      • s.exe (PID: 1348)
      • s.exe (PID: 4008)
      • s.exe (PID: 3644)
      • s.exe (PID: 4000)
      • s.exe (PID: 448)
      • s.exe (PID: 1196)
      • s.exe (PID: 3120)
      • s.exe (PID: 2172)
      • s.exe (PID: 2448)
      • s.exe (PID: 552)
      • s.exe (PID: 2984)
      • s.exe (PID: 1232)
      • s.exe (PID: 1784)
      • s.exe (PID: 3088)
      • s.exe (PID: 2760)
      • s.exe (PID: 2868)
      • s.exe (PID: 3616)
      • s.exe (PID: 3612)
      • s.exe (PID: 3696)
      • s.exe (PID: 2564)
      • s.exe (PID: 1336)
      • s.exe (PID: 3224)
      • s.exe (PID: 4036)
      • s.exe (PID: 3544)
      • s.exe (PID: 1576)
      • s.exe (PID: 1352)
      • s.exe (PID: 2996)
      • s.exe (PID: 2940)
      • s.exe (PID: 2728)
      • s.exe (PID: 1844)
      • s.exe (PID: 3404)
      • s.exe (PID: 492)
      • s.exe (PID: 3116)
      • s.exe (PID: 2316)
      • s.exe (PID: 3688)
      • s.exe (PID: 3388)
      • s.exe (PID: 4020)
      • s.exe (PID: 3800)
      • s.exe (PID: 3400)
      • s.exe (PID: 332)
      • s.exe (PID: 1340)
      • s.exe (PID: 2820)
      • s.exe (PID: 3200)
      • s.exe (PID: 292)
      • s.exe (PID: 4612)
      • s.exe (PID: 4484)
      • s.exe (PID: 4276)
      • s.exe (PID: 4404)
      • s.exe (PID: 4736)
      • s.exe (PID: 4420)
      • s.exe (PID: 4040)
      • s.exe (PID: 880)
      • s.exe (PID: 4568)
      • s.exe (PID: 4764)
      • s.exe (PID: 5024)
      • s.exe (PID: 5088)
      • s.exe (PID: 5032)
      • s.exe (PID: 5076)
      • s.exe (PID: 4996)
      • s.exe (PID: 5220)
      • s.exe (PID: 5372)
      • s.exe (PID: 5012)
      • s.exe (PID: 5180)
      • s.exe (PID: 5068)
      • s.exe (PID: 5440)
      • s.exe (PID: 5056)
      • s.exe (PID: 5188)
      • s.exe (PID: 5212)
      • s.exe (PID: 5112)
      • s.exe (PID: 5104)
      • s.exe (PID: 5264)
      • s.exe (PID: 5204)
      • s.exe (PID: 5228)
      • s.exe (PID: 5244)
      • s.exe (PID: 5256)
      • s.exe (PID: 5308)
      • s.exe (PID: 5332)
      • s.exe (PID: 5432)
      • s.exe (PID: 5348)
      • s.exe (PID: 5320)
      • s.exe (PID: 5356)
      • s.exe (PID: 5392)
      • s.exe (PID: 5280)
      • s.exe (PID: 5236)
      • s.exe (PID: 5592)
      • s.exe (PID: 5692)
      • s.exe (PID: 5700)
      • s.exe (PID: 5544)
      • s.exe (PID: 5664)
      • s.exe (PID: 5384)
      • s.exe (PID: 5480)
      • s.exe (PID: 5364)
      • s.exe (PID: 5528)
      • s.exe (PID: 5492)
      • s.exe (PID: 5648)
      • s.exe (PID: 5900)
      • s.exe (PID: 5340)
      • s.exe (PID: 5876)
      • s.exe (PID: 5560)
      • s.exe (PID: 5640)
      • s.exe (PID: 5776)
      • s.exe (PID: 5864)
      • s.exe (PID: 5520)
      • s.exe (PID: 5420)
      • s.exe (PID: 5680)
      • s.exe (PID: 5628)
      • s.exe (PID: 5672)
      • s.exe (PID: 5724)
      • s.exe (PID: 5828)
      • s.exe (PID: 5848)
      • s.exe (PID: 5820)
      • s.exe (PID: 5764)
      • s.exe (PID: 5512)
      • s.exe (PID: 5468)
      • s.exe (PID: 5856)
      • s.exe (PID: 5552)
      • s.exe (PID: 6020)
      • s.exe (PID: 6360)
      • s.exe (PID: 6676)
      • s.exe (PID: 6524)
      • s.exe (PID: 6064)
      • s.exe (PID: 6464)
      • s.exe (PID: 6568)
      • s.exe (PID: 7168)
      • s.exe (PID: 7280)
      • s.exe (PID: 7152)
      • s.exe (PID: 7312)
      • s.exe (PID: 7072)
      • s.exe (PID: 7288)
      • s.exe (PID: 6616)
      • s.exe (PID: 7212)
      • s.exe (PID: 7128)
      • s.exe (PID: 7760)
      • s.exe (PID: 7368)
      • s.exe (PID: 7828)
      • s.exe (PID: 7408)
      • s.exe (PID: 8188)
      • s.exe (PID: 7592)
      • s.exe (PID: 7696)
      • s.exe (PID: 7180)
      • s.exe (PID: 7224)
      • s.exe (PID: 7688)
      • s.exe (PID: 7528)
      • s.exe (PID: 7768)
      • s.exe (PID: 7800)
      • s.exe (PID: 8084)
      • s.exe (PID: 7864)
      • s.exe (PID: 7744)
      • s.exe (PID: 8180)
      • s.exe (PID: 8076)
      • s.exe (PID: 7484)
      • s.exe (PID: 8280)
      • s.exe (PID: 5688)
      • s.exe (PID: 7956)
      • s.exe (PID: 3364)
      • s.exe (PID: 7936)
      • s.exe (PID: 8068)
      • s.exe (PID: 8024)
      • s.exe (PID: 8036)
      • s.exe (PID: 1056)
      • s.exe (PID: 5752)
      • s.exe (PID: 6960)
      • s.exe (PID: 6164)
      • s.exe (PID: 4592)
      • s.exe (PID: 8128)
      • s.exe (PID: 8000)
      • s.exe (PID: 8156)
      • s.exe (PID: 7972)
      • s.exe (PID: 5716)
      • s.exe (PID: 6344)
      • s.exe (PID: 6848)
      • s.exe (PID: 5944)
      • s.exe (PID: 6172)
      • s.exe (PID: 6856)
      • s.exe (PID: 8408)
      • s.exe (PID: 8400)
      • s.exe (PID: 6748)
      • s.exe (PID: 9144)
      • s.exe (PID: 6660)
      • s.exe (PID: 9116)
      • s.exe (PID: 7164)
      • s.exe (PID: 6824)
      • s.exe (PID: 7000)
      • s.exe (PID: 8168)
      • s.exe (PID: 5612)
      • s.exe (PID: 8816)
      • s.exe (PID: 5616)
      • s.exe (PID: 6100)
      • s.exe (PID: 6800)
      • s.exe (PID: 6108)
      • s.exe (PID: 8044)
      • s.exe (PID: 8268)
      • s.exe (PID: 8252)
      • s.exe (PID: 5912)
      • s.exe (PID: 7788)
      • s.exe (PID: 8444)
      • s.exe (PID: 6040)
      • s.exe (PID: 8504)
      • s.exe (PID: 5924)
      • s.exe (PID: 3292)
      • s.exe (PID: 8980)
      • s.exe (PID: 8200)
      • s.exe (PID: 4636)
      • s.exe (PID: 8436)
      • s.exe (PID: 8328)
      • s.exe (PID: 7880)
      • s.exe (PID: 8344)
      • s.exe (PID: 8212)
      • s.exe (PID: 8476)
      • s.exe (PID: 8384)
      • s.exe (PID: 8512)
      • s.exe (PID: 6060)
      • s.exe (PID: 8292)
      • s.exe (PID: 8760)
      • s.exe (PID: 8568)
      • s.exe (PID: 8672)
      • s.exe (PID: 8624)
      • s.exe (PID: 8336)
      • s.exe (PID: 8312)
      • s.exe (PID: 8376)
      • s.exe (PID: 8520)
      • s.exe (PID: 8428)
      • s.exe (PID: 8940)
      • s.exe (PID: 8456)
      • s.exe (PID: 6696)
      • s.exe (PID: 8720)
      • s.exe (PID: 8240)
      • s.exe (PID: 8736)
      • s.exe (PID: 9016)
      • s.exe (PID: 8608)
      • s.exe (PID: 9024)
      • s.exe (PID: 8904)
      • s.exe (PID: 8232)
      • s.exe (PID: 8416)
      • s.exe (PID: 8368)
      • s.exe (PID: 8664)
      • s.exe (PID: 8544)
      • s.exe (PID: 9136)
      • s.exe (PID: 9080)
      • s.exe (PID: 8772)
      • s.exe (PID: 8824)
      • s.exe (PID: 8492)
      • s.exe (PID: 8780)
      • s.exe (PID: 9000)
      • s.exe (PID: 8972)
      • s.exe (PID: 8728)
      • s.exe (PID: 8920)
      • s.exe (PID: 8320)
      • s.exe (PID: 8892)
      • s.exe (PID: 8912)
      • s.exe (PID: 9124)
      • s.exe (PID: 9228)
      • s.exe (PID: 8528)
      • s.exe (PID: 9552)
      • s.exe (PID: 9564)
      • s.exe (PID: 9476)
      • s.exe (PID: 9684)
      • s.exe (PID: 10248)
      • s.exe (PID: 9292)
      • s.exe (PID: 9200)
      • s.exe (PID: 9068)
      • s.exe (PID: 9192)
      • s.exe (PID: 9988)
      • s.exe (PID: 10440)
      • s.exe (PID: 10324)
      • s.exe (PID: 10308)
      • s.exe (PID: 10940)
      • s.exe (PID: 10296)
      • s.exe (PID: 10420)
      • s.exe (PID: 10784)
      • s.exe (PID: 10840)
      • s.exe (PID: 10616)
      • s.exe (PID: 10676)
      • s.exe (PID: 10696)
      • s.exe (PID: 10484)
      • s.exe (PID: 10636)
      • s.exe (PID: 10280)
      • s.exe (PID: 11192)
      • s.exe (PID: 11104)
      • s.exe (PID: 11228)
      • s.exe (PID: 10744)
      • s.exe (PID: 10288)
      • s.exe (PID: 10752)
      • s.exe (PID: 11372)
      • s.exe (PID: 11984)
      • s.exe (PID: 11336)
      • s.exe (PID: 10972)
      • s.exe (PID: 11896)
      • s.exe (PID: 11484)
      • s.exe (PID: 1556)

    • Takes ownership (TAKEOWN.EXE)

      • cmd.exe (PID: 2964)

    • Executing commands from a ".bat" file

      • dt.exe (PID: 2844)
      • s.exe (PID: 2268)
      • s.exe (PID: 2764)
      • s.exe (PID: 3684)
      • s.exe (PID: 796)
      • s.exe (PID: 2512)
      • s.exe (PID: 3692)
      • s.exe (PID: 3664)
      • s.exe (PID: 2432)
      • s.exe (PID: 2156)
      • s.exe (PID: 1376)
      • s.exe (PID: 2528)
      • s.exe (PID: 3368)
      • s.exe (PID: 920)
      • s.exe (PID: 2792)
      • s.exe (PID: 4060)
      • s.exe (PID: 3100)
      • s.exe (PID: 2756)
      • s.exe (PID: 3952)
      • s.exe (PID: 2044)
      • s.exe (PID: 3152)
      • s.exe (PID: 3644)
      • s.exe (PID: 3268)
      • s.exe (PID: 3312)
      • s.exe (PID: 2328)
      • s.exe (PID: 3260)
      • s.exe (PID: 1348)
      • s.exe (PID: 4008)
      • s.exe (PID: 2448)
      • s.exe (PID: 3272)
      • s.exe (PID: 2984)
      • s.exe (PID: 1196)
      • s.exe (PID: 4000)
      • s.exe (PID: 3120)
      • s.exe (PID: 2172)
      • s.exe (PID: 1232)
      • s.exe (PID: 552)
      • s.exe (PID: 448)
      • s.exe (PID: 1784)
      • s.exe (PID: 3612)
      • s.exe (PID: 1336)
      • s.exe (PID: 3616)
      • s.exe (PID: 4036)
      • s.exe (PID: 2564)
      • s.exe (PID: 2868)
      • s.exe (PID: 2760)
      • s.exe (PID: 3224)
      • s.exe (PID: 3088)
      • s.exe (PID: 3696)
      • s.exe (PID: 1576)
      • s.exe (PID: 1352)
      • s.exe (PID: 1844)
      • s.exe (PID: 2728)
      • s.exe (PID: 2940)
      • s.exe (PID: 3116)
      • s.exe (PID: 3404)
      • s.exe (PID: 492)
      • s.exe (PID: 3544)
      • s.exe (PID: 2996)
      • s.exe (PID: 3688)
      • s.exe (PID: 2316)
      • s.exe (PID: 3400)
      • s.exe (PID: 3388)
      • s.exe (PID: 4020)
      • s.exe (PID: 332)
      • s.exe (PID: 2820)
      • s.exe (PID: 3800)
      • s.exe (PID: 1340)
      • s.exe (PID: 292)
      • s.exe (PID: 3200)
      • s.exe (PID: 880)
      • s.exe (PID: 4612)
      • s.exe (PID: 4404)
      • s.exe (PID: 4736)
      • s.exe (PID: 4040)
      • s.exe (PID: 4276)
      • s.exe (PID: 4484)
      • s.exe (PID: 4764)
      • s.exe (PID: 5024)
      • s.exe (PID: 5032)
      • s.exe (PID: 5076)
      • s.exe (PID: 5088)
      • s.exe (PID: 4996)
      • s.exe (PID: 4420)
      • s.exe (PID: 4568)
      • s.exe (PID: 5068)
      • s.exe (PID: 5180)
      • s.exe (PID: 5056)
      • s.exe (PID: 5188)
      • s.exe (PID: 5212)
      • s.exe (PID: 5112)
      • s.exe (PID: 5372)
      • s.exe (PID: 5104)
      • s.exe (PID: 5220)
      • s.exe (PID: 5012)
      • s.exe (PID: 5440)
      • s.exe (PID: 5320)
      • s.exe (PID: 5228)
      • s.exe (PID: 5308)
      • s.exe (PID: 5256)
      • s.exe (PID: 5432)
      • s.exe (PID: 5332)
      • s.exe (PID: 5348)
      • s.exe (PID: 5264)
      • s.exe (PID: 5244)
      • s.exe (PID: 5204)
      • s.exe (PID: 5392)
      • s.exe (PID: 5356)
      • s.exe (PID: 5592)
      • s.exe (PID: 5236)
      • s.exe (PID: 5692)
      • s.exe (PID: 5700)
      • s.exe (PID: 5544)
      • s.exe (PID: 5280)
      • s.exe (PID: 5384)
      • s.exe (PID: 5528)
      • s.exe (PID: 5340)
      • s.exe (PID: 5492)
      • s.exe (PID: 5648)
      • s.exe (PID: 5520)
      • s.exe (PID: 5664)
      • s.exe (PID: 5900)
      • s.exe (PID: 5480)
      • s.exe (PID: 5364)
      • s.exe (PID: 5680)
      • s.exe (PID: 5876)
      • s.exe (PID: 5628)
      • s.exe (PID: 5640)
      • s.exe (PID: 5560)
      • s.exe (PID: 5776)
      • s.exe (PID: 5864)
      • s.exe (PID: 5420)
      • s.exe (PID: 5672)
      • s.exe (PID: 5848)
      • s.exe (PID: 5828)
      • s.exe (PID: 5820)
      • s.exe (PID: 5724)
      • s.exe (PID: 5764)
      • s.exe (PID: 5468)
      • s.exe (PID: 5856)
      • s.exe (PID: 5552)
      • s.exe (PID: 6020)
      • s.exe (PID: 6360)
      • s.exe (PID: 6464)
      • s.exe (PID: 6676)
      • s.exe (PID: 6524)
      • s.exe (PID: 6568)
      • s.exe (PID: 5512)
      • s.exe (PID: 6064)
      • s.exe (PID: 6616)
      • s.exe (PID: 7212)
      • s.exe (PID: 7168)
      • s.exe (PID: 7280)
      • s.exe (PID: 7072)
      • s.exe (PID: 7128)
      • s.exe (PID: 7312)
      • s.exe (PID: 7152)
      • s.exe (PID: 7224)
      • s.exe (PID: 7368)
      • s.exe (PID: 7828)
      • s.exe (PID: 8188)
      • s.exe (PID: 7592)
      • s.exe (PID: 7408)
      • s.exe (PID: 7696)
      • s.exe (PID: 7288)
      • s.exe (PID: 7180)
      • s.exe (PID: 7760)
      • s.exe (PID: 7768)
      • s.exe (PID: 7528)
      • s.exe (PID: 7864)
      • s.exe (PID: 7744)
      • s.exe (PID: 8084)
      • s.exe (PID: 8180)
      • s.exe (PID: 7688)
      • s.exe (PID: 7800)
      • s.exe (PID: 8024)
      • s.exe (PID: 8076)
      • s.exe (PID: 7484)
      • s.exe (PID: 5688)
      • s.exe (PID: 7956)
      • s.exe (PID: 8068)
      • s.exe (PID: 7936)
      • s.exe (PID: 8280)
      • s.exe (PID: 8000)
      • s.exe (PID: 1056)
      • s.exe (PID: 5752)
      • s.exe (PID: 6164)
      • s.exe (PID: 4592)
      • s.exe (PID: 3364)
      • s.exe (PID: 8128)
      • s.exe (PID: 8036)
      • s.exe (PID: 6856)
      • s.exe (PID: 7972)
      • s.exe (PID: 5716)
      • s.exe (PID: 6344)
      • s.exe (PID: 6848)
      • s.exe (PID: 7164)
      • s.exe (PID: 5944)
      • s.exe (PID: 6960)
      • s.exe (PID: 6172)
      • s.exe (PID: 8156)
      • s.exe (PID: 1556)
      • s.exe (PID: 9144)
      • s.exe (PID: 6824)
      • s.exe (PID: 8400)
      • s.exe (PID: 6748)
      • s.exe (PID: 6660)
      • s.exe (PID: 9116)
      • s.exe (PID: 8408)
      • s.exe (PID: 7000)
      • s.exe (PID: 5612)
      • s.exe (PID: 8168)
      • s.exe (PID: 5616)
      • s.exe (PID: 8816)
      • s.exe (PID: 8444)
      • s.exe (PID: 6800)
      • s.exe (PID: 6108)
      • s.exe (PID: 6040)
      • s.exe (PID: 8044)
      • s.exe (PID: 5912)
      • s.exe (PID: 7788)
      • s.exe (PID: 8252)
      • s.exe (PID: 5924)
      • s.exe (PID: 8504)
      • s.exe (PID: 3292)
      • s.exe (PID: 8980)
      • s.exe (PID: 8200)
      • s.exe (PID: 8268)
      • s.exe (PID: 8436)
      • s.exe (PID: 8328)
      • s.exe (PID: 4636)
      • s.exe (PID: 8476)
      • s.exe (PID: 8512)
      • s.exe (PID: 8384)
      • s.exe (PID: 6060)
      • s.exe (PID: 8292)
      • s.exe (PID: 8760)
      • s.exe (PID: 7880)
      • s.exe (PID: 8344)
      • s.exe (PID: 8212)
      • s.exe (PID: 8428)
      • s.exe (PID: 8568)
      • s.exe (PID: 8624)
      • s.exe (PID: 8336)
      • s.exe (PID: 8672)
      • s.exe (PID: 8312)
      • s.exe (PID: 8376)
      • s.exe (PID: 8520)
      • s.exe (PID: 8940)
      • s.exe (PID: 8456)
      • s.exe (PID: 6696)
      • s.exe (PID: 8720)
      • s.exe (PID: 9016)
      • s.exe (PID: 9136)
      • s.exe (PID: 8736)
      • s.exe (PID: 8608)
      • s.exe (PID: 8240)
      • s.exe (PID: 9080)
      • s.exe (PID: 8904)
      • s.exe (PID: 8416)
      • s.exe (PID: 8232)
      • s.exe (PID: 9024)
      • s.exe (PID: 8664)
      • s.exe (PID: 8368)
      • s.exe (PID: 8544)
      • s.exe (PID: 8320)
      • s.exe (PID: 8780)
      • s.exe (PID: 8824)
      • s.exe (PID: 8972)
      • s.exe (PID: 8728)
      • s.exe (PID: 8492)
      • s.exe (PID: 8772)
      • s.exe (PID: 9000)
      • s.exe (PID: 9228)
      • s.exe (PID: 8892)
      • s.exe (PID: 8528)
      • s.exe (PID: 8912)
      • s.exe (PID: 8920)
      • s.exe (PID: 9476)
      • s.exe (PID: 9552)
      • s.exe (PID: 9564)
      • s.exe (PID: 9684)
      • s.exe (PID: 9124)
      • s.exe (PID: 9292)
      • s.exe (PID: 9200)
      • s.exe (PID: 9068)
      • s.exe (PID: 9192)
      • s.exe (PID: 10248)
      • s.exe (PID: 10440)
      • s.exe (PID: 10308)
      • s.exe (PID: 10940)
      • s.exe (PID: 10296)
      • s.exe (PID: 10420)
      • s.exe (PID: 10696)
      • s.exe (PID: 10324)
      • s.exe (PID: 10484)
      • s.exe (PID: 10840)
      • s.exe (PID: 10636)
      • s.exe (PID: 10784)
      • s.exe (PID: 10676)
      • s.exe (PID: 10616)
      • s.exe (PID: 10744)
      • s.exe (PID: 11192)
      • s.exe (PID: 11228)
      • s.exe (PID: 10288)
      • s.exe (PID: 10280)
      • s.exe (PID: 10752)
      • s.exe (PID: 11484)
      • s.exe (PID: 11372)
      • s.exe (PID: 11984)
      • s.exe (PID: 11336)
      • s.exe (PID: 10972)
      • s.exe (PID: 11896)
      • s.exe (PID: 6100)
      • s.exe (PID: 9988)
      • s.exe (PID: 11104)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2964)

    • The process executes VB scripts

      • cmd.exe (PID: 2964)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 2964)

  • INFO

    • Reads the computer name

      • dt.exe (PID: 2844)

    • Checks supported languages

      • dt.exe (PID: 2844)

    • Create files in a temporary directory

      • dt.exe (PID: 2844)

    • Manual execution by a user

      • explorer.exe (PID: 3428)
      • wmpnscfg.exe (PID: 1836)
      • msedge.exe (PID: 1404)
      • msedge.exe (PID: 2208)
      • msedge.exe (PID: 1932)

    • Application launched itself

      • msedge.exe (PID: 3768)
      • msedge.exe (PID: 2208)
      • msedge.exe (PID: 1932)
      • msedge.exe (PID: 3500)
      • msedge.exe (PID: 2576)
      • msedge.exe (PID: 1404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (41)
.exe | Win64 Executable (generic) (36.3)
.dll | Win32 Dynamic Link Library (generic) (8.6)
.exe | Win32 Executable (generic) (5.9)
.exe | Win16/32 Executable Delphi generic (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:07:30 08:52:50+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 2.5
CodeSize: 68608
InitializedDataSize: 121344
UninitializedDataSize: -
EntryPoint: 0x1000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 315
Monitored processes
966
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dt.exe cmd.exe takeown.exe no specs explorer.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs taskkill.exe no specs wscript.exe no specs timeout.exe no specs msedge.exe no specs timeout.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs timeout.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs timeout.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs timeout.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs timeout.exe no specs wmpnscfg.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs notepad.exe no specs timeout.exe no specs wscript.exe no specs timeout.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs cmd.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs cmd.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs s.exe no specs dt.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\C14D.tmp\C14E.tmp\C14F.bat C:\Users\s.exe"C:\Windows\System32\cmd.exes.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
292C:\Users\s.exeC:\Users\s.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
324"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3160 --field-trial-handle=1352,i,16629488589701412089,3002607863608260737,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
332C:\Users\s.exeC:\Users\s.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1004 --field-trial-handle=1268,i,16885170448584176757,17134247813836388341,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
448C:\Users\s.exeC:\Users\s.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
492C:\Users\s.exeC:\Users\s.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
532"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1352,i,16629488589701412089,3002607863608260737,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
552C:\Users\s.exeC:\Users\s.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
572"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 --field-trial-handle=1336,i,10768850320610159482,13005966009912708655,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
30 262
Read events
30 025
Write events
221
Delete events
16

Modification events

(PID) Process:(2844) dt.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2844) dt.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2844) dt.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2844) dt.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2964) cmd.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2964) cmd.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2964) cmd.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2964) cmd.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2576) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2576) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
Executable files
5
Suspicious files
98
Text files
368
Unknown types
55

Dropped files

PID
Process
Filename
Type
3528msedge.exe
MD5:
SHA256:
2844dt.exeC:\Users\admin\AppData\Local\Temp\4AE.tmp\4AF.tmp\4B0.battext
MD5:0583FD85F61699A531B7AF5A3F139C67
SHA256:252722F1A2414EEE2ED3BB62E364EE0DA608DF52C5E4B38A2F4917FD7B3A47E4
2844dt.exeC:\Users\admin\AppData\Local\Temp\sx.exeexecutable
MD5:51FDCDB90DD6AB30A3D5E2D1F8D5E195
SHA256:168057F966E0000ECC99CE853F5730147E9F0C710DD27C6B0FFA8EFD75FFDDF5
1404msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF197b12.TMP
MD5:
SHA256:
1404msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1404msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF197b21.TMP
MD5:
SHA256:
1404msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2844dt.exeC:\Users\admin\AppData\Local\Temp\logonui.exeexecutable
MD5:3356091762342902F3B63CD5009AD274
SHA256:48A9814466DB838E98642EC18B35454431A78766D4ED8FAD10409B339CCF6930
1864msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
2964cmd.exeC:\Windows\lol.vbstext
MD5:586B054A4BEE3FA176B1B692037CB90F
SHA256:E90DBE051DCF5B307B5640178CB0DA9AA1037C24610994A65D608E2A0B3EA24A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
63
DNS requests
72
Threats
1

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
1404
msedge.exe
239.255.255.250:1900
unknown
3232
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3232
msedge.exe
142.250.186.132:443
www.google.com
GOOGLE
US
unknown
3232
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3232
msedge.exe
142.250.181.227:443
fonts.gstatic.com
GOOGLE
US
unknown
3232
msedge.exe
92.123.104.64:443
www.bing.com
Akamai International B.V.
DE
unknown
2208
msedge.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.google.com
  • 142.250.186.132
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
fonts.gstatic.com
  • 142.250.181.227
whitelisted
www.bing.com
  • 92.123.104.64
  • 92.123.104.32
  • 92.123.104.7
  • 92.123.104.38
  • 92.123.104.21
  • 92.123.104.33
  • 92.123.104.19
  • 92.123.104.61
  • 92.123.104.17
  • 92.123.104.52
  • 92.123.104.40
  • 92.123.104.59
  • 92.123.104.47
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
consent.google.com
  • 142.250.185.78
shared
www.gstatic.com
  • 142.250.186.163
whitelisted
apis.google.com
  • 142.250.185.206
whitelisted
ogs.google.com
  • 142.250.185.238
whitelisted

Threats

PID
Process
Class
Message
752
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dt.exe