File name:

dimscreen-1.1-installer_vM-7sS2.exe

Full analysis: https://app.any.run/tasks/e9c4a91d-2a12-42c5-bf2a-742c39d91687
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: December 24, 2025, 22:59:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
adware
innosetup
arch-exec
loader
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

923D197FD7449795E5A0836C88A449AF

SHA1:

95CE25AA6184344BA60B66877261714C3BAAF95D

SHA256:

5C16F6C43A0EB5CACB3AFB2F2D5CFCE2E5AA70F19C8322B2DD58BF9241436054

SSDEEP:

98304:DPTDKuP2bxmi/0bmhgDsUWUn+BwmRgewc0rNHHDiOtxdUlYhhXrg13dlsV0273xt:YkF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • instup.exe (PID: 7916)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7536)
      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7780)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7220)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)

    • Reads security settings of Internet Explorer

      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7564)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • Reads the Windows owner or organization settings

      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • Starts itself from another location

      • Instup.exe (PID: 1572)

    • Process checks presence of unattended files

      • instup.exe (PID: 7916)

    • Executes application which crashes

      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • The process verifies whether the antivirus software is installed

      • instup.exe (PID: 7916)

  • INFO

    • Checks supported languages

      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7536)
      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7780)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7564)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7220)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7324)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)
      • sbr.exe (PID: 8132)
      • identity_helper.exe (PID: 6080)

    • Reads the computer name

      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7564)
      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7780)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7220)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)
      • identity_helper.exe (PID: 6080)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7324)

    • Process checks computer location settings

      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7564)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • Create files in a temporary directory

      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7536)
      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7780)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • Detects InnoSetup installer (YARA)

      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7536)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7564)
      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7780)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • Compiled with Borland Delphi (YARA)

      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7536)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7564)
      • dimscreen-1.1-installer_vM-7sS2.exe (PID: 7780)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)

    • Reads the machine GUID from the registry

      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7220)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)

    • Reads CPU info

      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)

    • Manual execution by a user

      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7344)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7324)
      • msedge.exe (PID: 8028)

    • The sample compiled with english language support

      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 7220)
      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)

    • Checks proxy server information

      • dimscreen-1.1-installer_vM-7sS2.tmp (PID: 7824)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • slui.exe (PID: 2952)
      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)
      • WerFault.exe (PID: 424)
      • WerFault.exe (PID: 6484)

    • Creates files in the program directory

      • avast_free_antivirus_setup_online_x64.exe (PID: 7500)
      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)

    • Reads Environment values

      • Instup.exe (PID: 1572)
      • instup.exe (PID: 7916)
      • identity_helper.exe (PID: 6080)

    • Application launched itself

      • msedge.exe (PID: 2220)
      • msedge.exe (PID: 8028)
      • msedge.exe (PID: 6556)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 424)
      • WerFault.exe (PID: 6484)

    • Launching a file from a Registry key

      • instup.exe (PID: 7916)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:08:12 16:07:07+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 716800
InitializedDataSize: 110592
UninitializedDataSize: -
EntryPoint: 0xb0028
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.41.3.9397
ProductVersionNumber: 2.41.3.9397
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Plooto Star LLC
FileVersion: 2.41.3.9397.1337
LegalCopyright: ©2023 Plooto Star LLC
OriginalFileName:
ProductName: Plooto Star LLC
ProductVersion: 2.1.8.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
191
Monitored processes
43
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start dimscreen-1.1-installer_vm-7ss2.exe dimscreen-1.1-installer_vm-7ss2.tmp no specs dimscreen-1.1-installer_vm-7ss2.exe dimscreen-1.1-installer_vm-7ss2.tmp slui.exe cookie_mmm_irs_ppi_005_888_a.exe cookie_mmm_irs_ppi_005_888_a.exe no specs cookie_mmm_irs_ppi_005_888_a.exe avast_free_antivirus_setup_online_x64.exe instup.exe instup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs werfault.exe sbr.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
424C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7824 -s 968C:\Windows\SysWOW64\WerFault.exe
dimscreen-1.1-installer_vM-7sS2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5312,i,16826687916496536196,14660815101342892614,262144 --variations-seed-version --mojo-platform-channel-handle=1600 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=6372,i,16826687916496536196,14660815101342892614,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\WINDOWS\Temp\asw.451f10963cc0c3e9\instup.exe" /sfx:lite /sfxstorage:C:\WINDOWS\Temp\asw.451f10963cc0c3e9 /edition:1 /prod:ais /stub_context:72712c55-e66a-415c-acd9-4c16a07863bf:11961752 /guid:c843f2fa-65f4-42ea-9dcb-73334236a216 /ga_clientid:b6819121-f191-4cfa-ba61-b0dd5aa22de0 /silent /ws /psh:2bJ1koYmXeheS4m0Rb5rHT86xShJhSqWL4YibbX3i9bdpK9uWjxChbDCLrdH0DNgLu1ppHhDPzpV8 /cookie:mmm_irs_ppi_005_888_a /ga_clientid:b6819121-f191-4cfa-ba61-b0dd5aa22de0 /edat_dir:C:\WINDOWS\Temp\asw.197b3f3704a0235bC:\Windows\Temp\asw.451f10963cc0c3e9\Instup.exe
avast_free_antivirus_setup_online_x64.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Version:
25.12.10659.0
Modules
Images
c:\windows\temp\asw.451f10963cc0c3e9\instup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wtsapi32.dll
2144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5752,i,16826687916496536196,14660815101342892614,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2220"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gsf-fl.softonic.com/615/cc0/39b6fa0e0363cd7b9275391af4b4f09606/file?Expires=1766372456&Signature=51a996e164196898521582aeed8ae07a1d519735&url=https://dimscreen.en.softonic.com/&Filename=fileC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exedimscreen-1.1-installer_vM-7sS2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,16826687916496536196,14660815101342892614,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7172,i,16826687916496536196,14660815101342892614,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2952C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2740,i,16826687916496536196,14660815101342892614,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
35 752
Read events
31 508
Write events
4 240
Delete events
4

Modification events

(PID) Process:(7824) dimscreen-1.1-installer_vM-7sS2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E9070C0003001800170000003800D002010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(7824) dimscreen-1.1-installer_vM-7sS2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E9070C0003001800170000003800C102010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
Operation:delete keyName:(default)
Value:
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
Operation:writeName:SymbolicLinkValue
Value:
\Registry\MACHINE\SOFTWARE\Avast Software
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
0
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
85
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
92
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
100
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
7
(PID) Process:(7500) avast_free_antivirus_setup_online_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
14
Executable files
35
Suspicious files
123
Text files
267
Unknown types
1

Dropped files

PID
Process
Filename
Type
7536dimscreen-1.1-installer_vM-7sS2.exeC:\Users\admin\AppData\Local\Temp\is-ADAUU.tmp\dimscreen-1.1-installer_vM-7sS2.tmpexecutable
MD5:7A7F22259AEA5C4F43156CA3F26C6C94
SHA256:8D594614338BD4D29A5406FD04698354E93B02DEA2902D25F398AABE6F623B7C
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\FAILED.pngimage
MD5:9C90580B75BCCAB509DD2236C43C90FB
SHA256:3A48B7ADC5DEB2560EB12640391FE32C00661D5B2AEFAB83B2DB15B025E42FD2
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7780dimscreen-1.1-installer_vM-7sS2.exeC:\Users\admin\AppData\Local\Temp\is-F29VC.tmp\dimscreen-1.1-installer_vM-7sS2.tmpexecutable
MD5:7A7F22259AEA5C4F43156CA3F26C6C94
SHA256:8D594614338BD4D29A5406FD04698354E93B02DEA2902D25F398AABE6F623B7C
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\is-RLO1O.tmpcompressed
MD5:C0526C31262A1C5BCC1F0DE4838A65E8
SHA256:4248B397B4ADEE48F749F004B8233FD41ECCEF3A0417CB7655070A875EA0CF74
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\image.pngimage
MD5:138E8B0875EFFB44B7ACCA4F5508FD2F
SHA256:3751369C966E8552E88A5DD4B58A63C2B5CA2D047508FFDC4A15CE7ACFB3617A
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\SUCCESS.pngimage
MD5:E8C9048FAF21F1CC959D73A0DE5534FD
SHA256:2B394E114DEB3A0700C70FEB80D74328C4C8668AA221B0E427DE783D1AB8371E
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\component0.zipcompressed
MD5:C0526C31262A1C5BCC1F0DE4838A65E8
SHA256:4248B397B4ADEE48F749F004B8233FD41ECCEF3A0417CB7655070A875EA0CF74
7824dimscreen-1.1-installer_vM-7sS2.tmpC:\Users\admin\AppData\Local\Temp\is-H24PI.tmp\is-M9CD2.tmphtml
MD5:0DCFE816D7211CD69B91227A52BD7F5D
SHA256:08573FECB5E0E267024C578C10DE345B54DABF1C8011DF315B5640C56B38859D
7220cookie_mmm_irs_ppi_005_888_a.exeC:\Windows\Temp\asw.197b3f3704a0235b\ecoo.edattext
MD5:C1C3F32398130DFB38F9847F02F6786E
SHA256:25EC04BCE97A15D7ABF948FEFAEEAD48E95ABC5F945361759D8BCC05BB20638F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
528
TCP/UDP connections
258
DNS requests
242
Threats
27

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4964
svchost.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=562&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
4404
RUXIMICS.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=186&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
6640
svchost.exe
POST
200
20.190.160.66:443
https://login.live.com/RST2.srf
US
xml
11.1 Kb
whitelisted
6640
svchost.exe
POST
200
20.190.160.66:443
https://login.live.com/RST2.srf
US
xml
10.3 Kb
whitelisted
6640
svchost.exe
POST
200
20.190.160.66:443
https://login.live.com/RST2.srf
US
xml
11.0 Kb
whitelisted
POST
200
20.190.160.65:443
https://login.live.com/RST2.srf
US
xml
10.3 Kb
unknown
6640
svchost.exe
POST
200
20.190.160.66:443
https://login.live.com/RST2.srf
US
xml
10.3 Kb
whitelisted
4404
RUXIMICS.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
4964
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4964
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4404
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4964
svchost.exe
2.16.164.9:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
4404
RUXIMICS.exe
2.16.164.9:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.120
  • 2.16.164.81
  • 2.16.164.96
  • 2.16.164.129
  • 2.16.164.114
  • 2.16.164.88
  • 2.16.164.24
  • 2.16.164.89
  • 2.16.164.51
  • 2.16.164.90
  • 2.16.164.73
  • 2.16.164.112
  • 2.16.164.122
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
login.live.com
  • 20.190.160.66
  • 40.126.32.140
  • 20.190.160.14
  • 20.190.160.4
  • 40.126.32.68
  • 40.126.32.133
  • 20.190.160.65
  • 40.126.32.134
  • 20.190.160.20
  • 20.190.160.132
  • 20.190.160.128
  • 40.126.32.76
  • 20.190.160.3
whitelisted
slscr.update.microsoft.com
  • 135.232.92.137
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
self.events.data.microsoft.com
  • 104.46.162.226
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
A Network Trojan was detected
ET ADWARE_PUP Win32/OfferCore Checkin M1
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
A Network Trojan was detected
ET ADWARE_PUP Win32/OfferCore Checkin M1
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Process
Message
avast_free_antivirus_setup_online_x64.exe
[2025-12-24 23:01:02.392] [notice ] [sfxinst ] [ 7500: 7504] [D1F2FC: 393] Registry link creation 'SOFTWARE\WOW6432Node\Avast Software' -> 'SOFTWARE\Avast Software' was successful.
avast_free_antivirus_setup_online_x64.exe
[2025-12-24 23:01:02.392] [info ] [sfxinst ] [ 7500: 7504] [D1F2FC: 410] Running SFX 'C:\WINDOWS\Temp\asw.197b3f3704a0235b\avast_free_antivirus_setup_online_x64.exe'
avast_free_antivirus_setup_online_x64.exe
[2025-12-24 23:01:02.439] [info ] [sfxinst ] [ 7500: 7504] [D1F2FC: 658] Moved extra data file 'ecoo.edat' to 'C:\WINDOWS\Temp\asw.451f10963cc0c3e9\cookie.bin'.
avast_free_antivirus_setup_online_x64.exe
[2025-12-24 23:01:03.048] [notice ] [burger_rep ] [ 7500: 7744] [C4CA44: 64] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70.
avast_free_antivirus_setup_online_x64.exe
[2025-12-24 23:01:03.127] [info ] [sfxstats ] [ 7500: 7748] [4C561E: 149] Statistics sent successfully.
avast_free_antivirus_setup_online_x64.exe
[2025-12-24 23:01:03.408] [info ] [sfxinst ] [ 7500: 7504] [D1F2FC: 964] Starting installer/updater executable 'C:\WINDOWS\Temp\asw.451f10963cc0c3e9\instup.exe'
Instup.exe
[2025-12-24 23:01:03.658] [debug ] [repsup ] [ 1572: 3368] [EBE0E6: 58] PfroMutant: \PendingRenameMutex mutant has been successfully opened.
Instup.exe
[2025-12-24 23:01:03.658] [info ] [instup ] [ 1572: 3368] [3DE294:2657] Command: '"C:\WINDOWS\Temp\asw.451f10963cc0c3e9\instup.exe" /sfx:lite /sfxstorage:C:\WINDOWS\Temp\asw.451f10963cc0c3e9 /edition:1 /prod:ais /stub_context:72712c55-e66a-415c-acd9-4c16a07863bf:11961752 /guid:c843f2fa-65f4-42ea-9dcb-73334236a216 /ga_clientid:b6819121-f191-4cfa-ba61-b0dd5aa22de0 /silent /ws /psh:2bJ1koYmXeheS4m0Rb5rHT86xShJhSqWL4YibbX3i9bdpK9uWjxChbDCLrdH0DNgLu1ppHhDPzpV8 /cookie:mmm_irs_ppi_005_888_a /ga_clientid:b6819121-f191-4cfa-ba61-b0dd5aa22de0 /edat_dir:C:\WINDOWS\Temp\asw.197b3f3704a0235b'
Instup.exe
[2025-12-24 23:01:03.658] [info ] [instup ] [ 1572: 3368] [3DE294:2663] CPU: AMD Ryzen 5 3500 6-Core Processor,6
Instup.exe
[2025-12-24 23:01:03.658] [info ] [instup ] [ 1572: 3368] [3DE294:2668] OS: Windows 10 (10.0.19045) x64
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dimscreen-1.1-installer_vM-7sS2.exe