File name:

tinytask-1.77-installer_o7-NAP1.exe

Full analysis: https://app.any.run/tasks/afeba922-c594-4b0c-a1d1-6e96c9ec87c2
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 15, 2025, 14:45:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
adware
innosetup
loader
arch-exec
netreactor
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

A3267350AB955121BA76BC454FCDE69E

SHA1:

BC25A1C335C2BCDB735E5A30D99C500200105112

SHA256:

FD25DC2158F5CC388258EFEC31D916FDF451977AE572A867BCAE2426A8779702

SSDEEP:

98304:XLVIF8P3n1BLHxtD59KEKjSvDMjbxgITD3ZLjvO8fcVTzuw4fBNyAGpSMvqlCyt8:hcu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • tinytask-1.77-installer_o7-NAP1.exe (PID: 1720)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • tinytask-1.77-installer_o7-NAP1.exe (PID: 5244)
      • component0.exe (PID: 4644)
      • nvijrnwg.exe (PID: 7472)
      • UnifiedStub-installer.exe (PID: 7508)
      • saBSI.exe (PID: 7256)
      • saBSI.exe (PID: 8008)

    • Reads security settings of Internet Explorer

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 416)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • component0.exe (PID: 4644)
      • saBSI.exe (PID: 7256)
      • saBSI.exe (PID: 8008)

    • Reads the Windows owner or organization settings

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)

    • Reads the date of Windows installation

      • component0.exe (PID: 4644)

    • Process drops legitimate windows executable

      • nvijrnwg.exe (PID: 7472)

    • Creates a software uninstall entry

      • UnifiedStub-installer.exe (PID: 7508)

    • Searches for installed software

      • UnifiedStub-installer.exe (PID: 7508)

    • Executes as Windows Service

      • rsSyncSvc.exe (PID: 7732)

    • Adds/modifies Windows certificates

      • saBSI.exe (PID: 7256)

    • The process verifies whether the antivirus software is installed

      • saBSI.exe (PID: 8008)

  • INFO

    • Checks supported languages

      • tinytask-1.77-installer_o7-NAP1.exe (PID: 1720)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 416)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • tinytask-1.77-installer_o7-NAP1.exe (PID: 5244)
      • component0.exe (PID: 4644)
      • saBSI.exe (PID: 7256)
      • saBSI.exe (PID: 7356)
      • nvijrnwg.exe (PID: 7472)
      • UnifiedStub-installer.exe (PID: 7508)
      • rsSyncSvc.exe (PID: 7668)
      • rsSyncSvc.exe (PID: 7732)
      • saBSI.exe (PID: 8008)
      • identity_helper.exe (PID: 2228)

    • Create files in a temporary directory

      • tinytask-1.77-installer_o7-NAP1.exe (PID: 1720)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • tinytask-1.77-installer_o7-NAP1.exe (PID: 5244)
      • component0.exe (PID: 4644)
      • nvijrnwg.exe (PID: 7472)
      • saBSI.exe (PID: 8008)
      • UnifiedStub-installer.exe (PID: 7508)

    • Process checks computer location settings

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 416)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • component0.exe (PID: 4644)

    • Reads the computer name

      • tinytask-1.77-installer_o7-NAP1.exe (PID: 5244)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • identity_helper.exe (PID: 2228)
      • component0.exe (PID: 4644)
      • saBSI.exe (PID: 7356)
      • saBSI.exe (PID: 7256)
      • UnifiedStub-installer.exe (PID: 7508)
      • rsSyncSvc.exe (PID: 7668)
      • rsSyncSvc.exe (PID: 7732)
      • saBSI.exe (PID: 8008)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 416)

    • Reads the machine GUID from the registry

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • component0.exe (PID: 4644)
      • saBSI.exe (PID: 7256)
      • saBSI.exe (PID: 8008)
      • UnifiedStub-installer.exe (PID: 7508)

    • Detects InnoSetup installer (YARA)

      • tinytask-1.77-installer_o7-NAP1.exe (PID: 1720)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 416)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • tinytask-1.77-installer_o7-NAP1.exe (PID: 5244)

    • Reads the software policy settings

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • component0.exe (PID: 4644)
      • saBSI.exe (PID: 7256)
      • UnifiedStub-installer.exe (PID: 7508)
      • saBSI.exe (PID: 8008)
      • slui.exe (PID: 2708)

    • Compiled with Borland Delphi (YARA)

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 416)
      • tinytask-1.77-installer_o7-NAP1.exe (PID: 1720)
      • tinytask-1.77-installer_o7-NAP1.exe (PID: 5244)
      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)

    • Checks proxy server information

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • component0.exe (PID: 4644)
      • UnifiedStub-installer.exe (PID: 7508)
      • saBSI.exe (PID: 7256)
      • saBSI.exe (PID: 8008)
      • slui.exe (PID: 2708)

    • The sample compiled with english language support

      • tinytask-1.77-installer_o7-NAP1.tmp (PID: 2216)
      • component0.exe (PID: 4644)
      • nvijrnwg.exe (PID: 7472)
      • UnifiedStub-installer.exe (PID: 7508)
      • saBSI.exe (PID: 7256)

    • Application launched itself

      • msedge.exe (PID: 3876)
      • msedge.exe (PID: 6780)

    • Reads Environment values

      • identity_helper.exe (PID: 2228)
      • component0.exe (PID: 4644)
      • UnifiedStub-installer.exe (PID: 7508)

    • Disables trace logs

      • component0.exe (PID: 4644)
      • UnifiedStub-installer.exe (PID: 7508)

    • Manual execution by a user

      • saBSI.exe (PID: 7308)
      • saBSI.exe (PID: 7356)

    • Creates files in the program directory

      • saBSI.exe (PID: 7256)
      • UnifiedStub-installer.exe (PID: 7508)

    • .NET Reactor protector has been detected

      • UnifiedStub-installer.exe (PID: 7508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:03 14:45:36+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 704512
InitializedDataSize: 162304
UninitializedDataSize: -
EntryPoint: 0xacfe0
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.41.2.9280
ProductVersionNumber: 2.41.2.9280
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic International SA
FileVersion: 2.41.2.9280
LegalCopyright: ©2023 Softonic International SA
OriginalFileName:
ProductName: Softonic International SA
ProductVersion: 3.1.5.8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
181
Monitored processes
42
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start tinytask-1.77-installer_o7-nap1.exe tinytask-1.77-installer_o7-nap1.tmp no specs tinytask-1.77-installer_o7-nap1.exe tinytask-1.77-installer_o7-nap1.tmp msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs component0.exe msedge.exe no specs sabsi.exe sabsi.exe no specs sabsi.exe msedge.exe no specs nvijrnwg.exe unifiedstub-installer.exe rssyncsvc.exe no specs conhost.exe no specs rssyncsvc.exe no specs msedge.exe no specs msedge.exe no specs sabsi.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
416"C:\Users\admin\AppData\Local\Temp\is-QQ7CL.tmp\tinytask-1.77-installer_o7-NAP1.tmp" /SL5="$602DE,872750,867840,C:\Users\admin\Desktop\tinytask-1.77-installer_o7-NAP1.exe" C:\Users\admin\AppData\Local\Temp\is-QQ7CL.tmp\tinytask-1.77-installer_o7-NAP1.tmptinytask-1.77-installer_o7-NAP1.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-qq7cl.tmp\tinytask-1.77-installer_o7-nap1.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2772,i,2924583959472109554,12423950657000411608,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1268"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7392,i,2924583959472109554,12423950657000411608,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1720"C:\Users\admin\Desktop\tinytask-1.77-installer_o7-NAP1.exe" C:\Users\admin\Desktop\tinytask-1.77-installer_o7-NAP1.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Softonic International SA
Version:
2.41.2.9280
Modules
Images
c:\users\admin\desktop\tinytask-1.77-installer_o7-nap1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
2216"C:\Users\admin\AppData\Local\Temp\is-0V98T.tmp\tinytask-1.77-installer_o7-NAP1.tmp" /SL5="$702BE,872750,867840,C:\Users\admin\Desktop\tinytask-1.77-installer_o7-NAP1.exe" /SPAWNWND=$40366 /NOTIFYWND=$602DE C:\Users\admin\AppData\Local\Temp\is-0V98T.tmp\tinytask-1.77-installer_o7-NAP1.tmp
tinytask-1.77-installer_o7-NAP1.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-0v98t.tmp\tinytask-1.77-installer_o7-nap1.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
2228"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6544,i,2924583959472109554,12423950657000411608,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
2708C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2808"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5336,i,2924583959472109554,12423950657000411608,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2876"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3648,i,2924583959472109554,12423950657000411608,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2480,i,2924583959472109554,12423950657000411608,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
28 080
Read events
27 951
Write events
108
Delete events
21

Modification events

(PID) Process:(416) tinytask-1.77-installer_o7-NAP1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6780) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
1
(PID) Process:(6780) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(416) tinytask-1.77-installer_o7-NAP1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(416) tinytask-1.77-installer_o7-NAP1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(416) tinytask-1.77-installer_o7-NAP1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3876) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3876) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6780) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6780) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
ACE80A208F982F00
Executable files
75
Suspicious files
222
Text files
63
Unknown types
100

Dropped files

PID
Process
Filename
Type
2216tinytask-1.77-installer_o7-NAP1.tmpC:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\is-1IR7U.tmpimage
MD5:11E35DB67B0650207A9F6FCF7E967734
SHA256:51C36D00BBF2179EF8A1CA9C2EFFBE6123E7CC4905AEB3BF84D7276B98449D4D
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:7AF411DF5CEC8406E64836643DD383DD
SHA256:001B7E6CBDEE87E60BAA9DC20348CDA2C45E57FB7046973F92C233DD6D90A480
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF17e985.TMP
MD5:
SHA256:
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF17e975.TMP
MD5:
SHA256:
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF17e995.TMP
MD5:
SHA256:
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2216tinytask-1.77-installer_o7-NAP1.tmpC:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\is-3FP2T.tmpimage
MD5:5FD73821F3F097D177009D88DFD33605
SHA256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
6780msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF17e9c3.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
444
TCP/UDP connections
273
DNS requests
249
Threats
28

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6260
RUXIMICS.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
142.250.185.238:443
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
unknown
5876
msedge.exe
GET
200
150.171.30.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:0j4AAME_4a1zfCzWNHjzjhMRmM6ARaKQdOtXXUuWbjk&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
GET
200
54.192.87.21:443
https://d20rp3wwf0n82p.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png
unknown
image
56.8 Kb
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=51&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
unknown
binary
1.16 Kb
whitelisted
GET
200
54.192.87.181:443
https://d20rp3wwf0n82p.cloudfront.net/f/WebAdvisor/images/880/update2/EN.png
unknown
image
46.8 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6260
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6260
RUXIMICS.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.55.110.193
  • 23.55.110.211
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
d20rp3wwf0n82p.cloudfront.net
  • 54.192.87.183
  • 54.192.87.181
  • 54.192.87.21
  • 54.192.87.73
whitelisted
images.sftcdn.net
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
whitelisted
edge.microsoft.com
  • 150.171.30.11
  • 150.171.29.11
whitelisted
config.edge.skype.com
  • 13.107.43.16
whitelisted
www.mcafee.com
  • 104.102.47.240
whitelisted
copilot.microsoft.com
  • 2.16.241.220
  • 2.16.241.224
whitelisted

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET ADWARE_PUP Win32/OfferCore Checkin M1
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
5876
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
5876
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
5876
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Process
Message
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\component1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\component1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\component1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\component1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\component1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-6PIJ3.tmp\component1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tinytask-1.77-installer_o7-NAP1.exe