File name:

Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe

Full analysis: https://app.any.run/tasks/169a708d-2974-4c0a-ae9d-75ce8e2945e0
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 23, 2025, 14:45:09
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
teamviewer
rmm-tool
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

0A3C35266522C934DBD700B510D50D8C

SHA1:

8EF5EE2EF19AEB72CF8C54D2DF6BDF6746A1868E

SHA256:

C1B89806EC490847C29A961F693DF2CB96D81C3D7EF335CE1CCFA672AD585917

SSDEEP:

12288:cLVP603RQX2pyf+cnci2N9pKKfyeo+pW1KKRyzEJ:WVP60BM2pMUN9keo+c+zEJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Ninite.exe (PID: 7672)

    • Registers / Runs the DLL via REGSVR32.EXE

      • nvda_slave.exe (PID: 3952)
      • setup.exe (PID: 6892)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7540)
      • Ninite.exe (PID: 7672)

    • Executable content was dropped or overwritten

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • target.exe (PID: 5376)
      • Ninite.exe (PID: 7672)
      • nvda_slave.exe (PID: 3952)
      • setup.exe (PID: 6892)
      • target.exe (PID: 7680)
      • maintenanceservice_installer.exe (PID: 7992)
      • maintenanceservice_tmp.exe (PID: 2340)
      • target.exe (PID: 5400)
      • target.exe (PID: 7864)
      • target.exe (PID: 8140)
      • target.exe (PID: 7896)
      • assistant_package_sfx.exe (PID: 3156)
      • target.exe (PID: 7756)

    • Searches for installed software

      • Ninite.exe (PID: 7672)

    • The process verifies whether the antivirus software is installed

      • Ninite.exe (PID: 7672)

    • Application launched itself

      • Ninite.exe (PID: 7540)
      • target.exe (PID: 5400)
      • target.exe (PID: 7896)
      • assistant_installer.exe (PID: 744)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • target.exe (PID: 5376)
      • setup.exe (PID: 6892)
      • maintenanceservice_installer.exe (PID: 7992)

    • The process drops C-runtime libraries

      • target.exe (PID: 5376)
      • nvda_slave.exe (PID: 3952)
      • target.exe (PID: 7680)
      • setup.exe (PID: 6892)

    • Process drops python dynamic module

      • target.exe (PID: 5376)
      • nvda_slave.exe (PID: 3952)

    • There is functionality for taking screenshot (YARA)

      • target.exe (PID: 5376)
      • nvdaHelperRemoteLoader.exe (PID: 7492)
      • nvda_noUIAccess.exe (PID: 2960)
      • nvda_slave.exe (PID: 3952)

    • The process creates files with name similar to system file names

      • target.exe (PID: 5376)

    • Process drops legitimate windows executable

      • target.exe (PID: 5376)
      • nvda_slave.exe (PID: 3952)
      • target.exe (PID: 7680)
      • setup.exe (PID: 6892)
      • assistant_package_sfx.exe (PID: 3156)

    • Starts CMD.EXE for commands execution

      • nvda_noUIAccess.exe (PID: 2960)
      • nvda.exe (PID: 7208)
      • nvda.exe (PID: 6724)
      • nvda.exe (PID: 3884)
      • nvda_slave.exe (PID: 3952)

    • Uses REG/REGEDIT.EXE to modify registry

      • nvda_slave.exe (PID: 3952)

    • The process drops Mozilla's DLL files

      • target.exe (PID: 7680)
      • setup.exe (PID: 6892)

    • Starts itself from another location

      • target.exe (PID: 5400)

  • INFO

    • The sample compiled with english language support

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • target.exe (PID: 5376)
      • nvda_slave.exe (PID: 3952)
      • target.exe (PID: 7680)
      • setup.exe (PID: 6892)
      • maintenanceservice_installer.exe (PID: 7992)
      • target.exe (PID: 5400)
      • target.exe (PID: 8140)
      • target.exe (PID: 7896)
      • target.exe (PID: 7756)
      • assistant_package_sfx.exe (PID: 3156)

    • Checks supported languages

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7540)
      • Ninite.exe (PID: 7672)
      • target.exe (PID: 5376)
      • identity_helper.exe (PID: 6800)

    • Reads the computer name

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7672)
      • Ninite.exe (PID: 7540)
      • target.exe (PID: 5376)
      • identity_helper.exe (PID: 6800)

    • Reads the machine GUID from the registry

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7672)

    • Creates files or folders in the user directory

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7672)

    • Checks proxy server information

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7672)

    • Reads the software policy settings

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • Ninite.exe (PID: 7672)
      • slui.exe (PID: 7732)

    • Create files in a temporary directory

      • Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe (PID: 7436)
      • target.exe (PID: 5376)
      • Ninite.exe (PID: 7672)

    • Process checks computer location settings

      • Ninite.exe (PID: 7540)

    • TEAMVIEWER has been detected

      • Ninite.exe (PID: 7672)

    • The sample compiled with Italian language support

      • target.exe (PID: 5376)
      • nvda_slave.exe (PID: 3952)

    • Reads Environment values

      • identity_helper.exe (PID: 6800)

    • Checks operating system version

      • nvda_noUIAccess.exe (PID: 2960)
      • nvda.exe (PID: 6724)
      • nvda.exe (PID: 3884)
      • nvda.exe (PID: 7208)
      • nvda_slave.exe (PID: 3952)

    • Application launched itself

      • msedge.exe (PID: 4724)
      • msedge.exe (PID: 300)
      • msedge.exe (PID: 6852)
      • firefox.exe (PID: 1388)
      • firefox.exe (PID: 2332)

    • Manual execution by a user

      • msedge.exe (PID: 300)
      • nvda_slave.exe (PID: 6424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:04:12 00:19:47+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 233472
InitializedDataSize: 182272
UninitializedDataSize: -
EntryPoint: 0x1a53a
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.1.1.1183
ProductVersionNumber: 0.1.1.1183
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Secure By Design Inc.
FileDescription: Ninite
FileVersion: 0,1,1,1183
InternalName: Ninite
LegalCopyright: Copyright (C) 2009 Secure By Design Inc
OriginalFileName: -
ProductName: Ninite
ProductVersion: 0,1,1,1183
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
261
Monitored processes
117
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ninite 7zip aimp avg anydesk audacity avast avira installer.exe ninite.exe no specs ninite.exe sppextcomobj.exe no specs slui.exe target.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs nvda_nouiaccess.exe cmd.exe no specs conhost.exe no specs nvdahelperremoteloader.exe no specs nvda_slave.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs nvda.exe no specs nvda.exe no specs cmd.exe no specs conhost.exe no specs shellexecute.exe no specs conhost.exe no specs nvda_slave.exe no specs target.exe nvda.exe no specs nvda.exe cmd.exe no specs conhost.exe no specs nvda.exe no specs nvda.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs nvdahelperremoteloader.exe no specs UIAutomationCrossBitnessHook64 Class no specs msedge.exe no specs setup.exe regsvr32.exe no specs maintenanceservice_installer.exe maintenanceservice_tmp.exe default-browser-agent.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs target.exe msedge.exe no specs target.exe msedge.exe no specs target.exe target.exe target.exe msedge.exe no specs UIAutomationCrossBitnessHook64 Class no specs assistant_package_sfx.exe assistant_installer.exe no specs assistant_installer.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://ninite.com/feedback?source=multiget&key=010009c60ad868cf725c66bb31e5c4f13db30b7cC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
744"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202505231449581\assistant\assistant_installer.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202505231449581\assistant\assistant_installer.exetarget.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Browser Assistant Installer
Exit code:
0
Version:
119.0.5497.40
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202505231449581\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
872C:\WINDOWS\Sysnative\reg.exe import C:\Users\admin\AppData\Local\Temp\nseD2E.tmp\app\COMRegistrationFixes\oleaccProxy.regC:\Windows\System32\reg.exenvda_slave.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4228 --field-trial-handle=2260,i,6001427593766692138,9008436557940575994,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
976"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5548 --field-trial-handle=2272,i,16867615433333711693,9131406893519766988,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1004"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
138.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4084 --field-trial-handle=2272,i,16867615433333711693,9131406893519766988,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2264 --field-trial-handle=2260,i,6001427593766692138,9008436557940575994,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=2272,i,16867615433333711693,9131406893519766988,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
42 377
Read events
41 982
Write events
368
Delete events
27

Modification events

(PID) Process:(7672) Ninite.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7672) Ninite.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7672) Ninite.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7672) Ninite.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4724) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
27F8CEF164942F00
(PID) Process:(300) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(300) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
Executable files
343
Suspicious files
1 136
Text files
2 585
Unknown types
4

Dropped files

PID
Process
Filename
Type
7672Ninite.exeC:\Users\admin\AppData\Local\Temp\8c0123ac-37e4-11f0-b4ed-18f7786f96ee\target.exe_8c0123ae-37e4-11f0-b4ed-18f7786f96ee
MD5:
SHA256:
7672Ninite.exeC:\Users\admin\AppData\Local\Temp\8c0123ac-37e4-11f0-b4ed-18f7786f96ee\target.exe
MD5:
SHA256:
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517binary
MD5:89F70AD14FB046D70F9D7C82B3795ABA
SHA256:C48E35FC1FBAC3E05330485B3381A706CDDF9A7224D72E89A80FEA957F1D0630
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517binary
MD5:07AF81F5497E067981209C534CCCB5D5
SHA256:84ECC0969905BEF0D4CEA20CD2D6B3E334863860B5670434ABCE7C2B52381FD3
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_BCCFCBC66B448214318C9391CA0E275Fbinary
MD5:0F40F24086D16E046D188D4A08D3F19F
SHA256:847424671516B590522379CA54EE39EA6B1AF37770D864F326EEC3C77A522A53
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_BCCFCBC66B448214318C9391CA0E275Fbinary
MD5:0EC8C90134CC232850B1AB0EBE9A538C
SHA256:271D56181E1C9A5BF221DBA1E31AF3B845983B107D17E31DC4A49AE9BAAED285
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164binary
MD5:57CEA197537B747734B2CC982F8E92EF
SHA256:BCBD435FB9CD3D27530200D7A60124C59A337288026547C8CC7704536D96BAC9
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164binary
MD5:663AD1DF57666DB2540440A3B9164B31
SHA256:AE1228DC6714D2E5C89540F04A2FA9837AC697FB2529BC7FAC4E38D550034E53
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41Cbinary
MD5:9E7987A554E2CBEED26FD147C3BC1179
SHA256:34984DD2028AD671B9EA5EC197E8B9557F969AC0F233CD18B31E67614526A4C2
7436Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exeC:\Users\admin\AppData\Local\Temp\8a887b3a-37e4-11f0-b4ed-18f7786f96ee\Ninite.exeexecutable
MD5:8C2C71081C6AFB8884501914E81FA20D
SHA256:AE60E4F6ED4EC4AA15E5A957A3A659AD06BB051A1C5BAF536B2D452CCF3D5494
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
75
TCP/UDP connections
125
DNS requests
100
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGEJFcIpBz28BuO60qVQ%3D
unknown
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
GET
200
18.245.38.41:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7672
Ninite.exe
GET
200
142.250.185.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
7672
Ninite.exe
GET
200
142.250.185.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgOhtwj4VKsGchDZBEc%3D
unknown
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/gsgccr45codesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLuA3ygnKW%2F7xuSx%2F09F%2BhHVuEUQQU2rONwCSQo2t30wygWd0hZ2R2C3gCDGPUxoqhhiZifL455A%3D%3D
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7672
Ninite.exe
GET
200
18.245.65.219:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA1Li7YBN7RrmcmQi5xUsGk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
2.20.245.137:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
52.222.214.66:443
ninite.com
AMAZON-02
US
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
18.245.38.41:80
ocsp.rootca1.amazontrust.com
US
whitelisted
7436
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe
151.101.130.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
7672
Ninite.exe
52.222.214.66:443
ninite.com
AMAZON-02
US
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.20.245.137
  • 2.20.245.139
whitelisted
www.microsoft.com
  • 2.16.253.202
  • 23.219.150.101
whitelisted
ninite.com
  • 52.222.214.66
  • 52.222.214.108
  • 52.222.214.61
  • 52.222.214.55
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.38.41
whitelisted
ocsp.globalsign.com
  • 151.101.130.133
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.194.133
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
www.nvaccess.org
  • 172.67.68.118
  • 104.26.5.58
  • 104.26.4.58
malicious
c.pki.goog
  • 142.250.185.163
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ninite 7Zip AIMP AVG AnyDesk Audacity Avast Avira Installer.exe