URL:

https://www.emule-project.com/home/perl/general.cgi?l=17&rm=download

Full analysis: https://app.any.run/tasks/af359b23-3245-4ad5-8516-c835b7e02287
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 14, 2025, 10:47:57
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
arch-scr
stealer
loader
antivm
Indicators:
MD5:

987B2C4E93FB7C9BD8D195E0D7696F62

SHA1:

36D92205392D859A54922224638850BC5074550B

SHA256:

2D00B92CBF852F3B0498087243E63474894BF885C9278E72473AF5B0696C8842

SSDEEP:

3:N8DSLiOKKLRyKoIy9iJ5Sl:2OLiqRZo19iel

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • AvastSvc.exe (PID: 6836)
      • aswEngSrv.exe (PID: 6308)
      • engsup.exe (PID: 10080)
      • AvastUI.exe (PID: 9956)

    • Changes the autorun value in the registry

      • icarus.exe (PID: 1828)

    • Antivirus name has been found in the command line (generic signature)

      • AvastUI.exe (PID: 9956)
      • AvastUI.exe (PID: 6640)
      • AvastUI.exe (PID: 9484)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 9524)
      • AvastUI.exe (PID: 7544)
      • AvastUI.exe (PID: 3028)
      • AvastUI.exe (PID: 360)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 10896)
      • AvastUI.exe (PID: 11080)

    • Actions looks like stealing of personal data

      • AvastUI.exe (PID: 9956)
      • engsup.exe (PID: 10080)

  • SUSPICIOUS

    • Checks for external IP

      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • AvEmUpdate.exe (PID: 7820)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)

    • Executable content was dropped or overwritten

      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus.exe (PID: 3788)
      • icarus.exe (PID: 1828)
      • engsup.exe (PID: 5140)
      • AvEmUpdate.exe (PID: 7820)
      • AvastSvc.exe (PID: 6836)
      • icarus.exe (PID: 7176)
      • aswOfferTool.exe (PID: 9260)

    • Starts itself from another location

      • icarus.exe (PID: 3788)
      • icarus.exe (PID: 8948)

    • Reads security settings of Internet Explorer

      • icarus_ui.exe (PID: 5556)
      • WinRAR.exe (PID: 7132)
      • AvastSvc.exe (PID: 6836)
      • AvastUI.exe (PID: 9956)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 1828)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 1828)

    • Drops a system driver (possible attempt to evade defenses)

      • icarus.exe (PID: 1828)
      • engsup.exe (PID: 5140)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 1828)

    • Creates files in the driver directory

      • engsup.exe (PID: 5140)
      • icarus.exe (PID: 1828)

    • Creates/Modifies COM task schedule object

      • icarus.exe (PID: 1828)
      • RegSvr.exe (PID: 8096)
      • RegSvr.exe (PID: 3092)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 7176)
      • SetupInf.exe (PID: 4932)
      • engsup.exe (PID: 5140)
      • AvEmUpdate.exe (PID: 8144)
      • SetupInf.exe (PID: 7368)
      • SetupInf.exe (PID: 3980)
      • icarus.exe (PID: 1828)
      • AvEmUpdate.exe (PID: 7820)
      • RegSvr.exe (PID: 3092)
      • SetupInf.exe (PID: 7492)
      • SetupInf.exe (PID: 1868)
      • SetupInf.exe (PID: 7456)
      • wsc_proxy.exe (PID: 1044)
      • RegSvr.exe (PID: 8096)
      • wsc_proxy.exe (PID: 1096)
      • afwServ.exe (PID: 8120)
      • AvastSvc.exe (PID: 6836)
      • aswidsagent.exe (PID: 8520)
      • aswToolsSvc.exe (PID: 4664)
      • aswEngSrv.exe (PID: 6308)
      • icarus.exe (PID: 8828)
      • icarus.exe (PID: 9156)
      • icarus.exe (PID: 8948)
      • SetupInf.exe (PID: 4444)
      • msedge.exe (PID: 9752)
      • msedge.exe (PID: 8916)
      • engsup.exe (PID: 10080)
      • AvastNM.exe (PID: 9888)
      • msedge.exe (PID: 10224)
      • AvastUI.exe (PID: 9956)
      • overseer.exe (PID: 9988)
      • icarus.exe (PID: 8708)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 6640)
      • AvastUI.exe (PID: 7544)
      • AvastUI.exe (PID: 9484)
      • AvastUI.exe (PID: 9524)
      • msedge.exe (PID: 8772)
      • msedge.exe (PID: 10452)
      • msedge.exe (PID: 10656)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 360)
      • icarus.exe (PID: 3788)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 3028)
      • msedge.exe (PID: 10508)
      • msedge.exe (PID: 10648)
      • msedge.exe (PID: 9936)
      • msedge.exe (PID: 7240)
      • msedge.exe (PID: 9716)
      • AvastUI.exe (PID: 10896)
      • msedge.exe (PID: 10960)
      • AvastUI.exe (PID: 11080)
      • msedge.exe (PID: 9268)
      • msedge.exe (PID: 9712)

    • Process checks presence of unattended files

      • icarus.exe (PID: 1828)

    • Creates a software uninstall entry

      • icarus.exe (PID: 1828)

    • Executes as Windows Service

      • afwServ.exe (PID: 8120)
      • wsc_proxy.exe (PID: 1096)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)
      • aswidsagent.exe (PID: 8520)

    • Creates or modifies Windows services

      • icarus.exe (PID: 1828)

    • Modifies hosts file to alter network resolution

      • AvastSvc.exe (PID: 6836)

    • Connects to unusual port

      • AvastSvc.exe (PID: 6836)

    • Adds/modifies Windows certificates

      • AvastSvc.exe (PID: 6836)

    • Reads the date of Windows installation

      • aswidsagent.exe (PID: 8520)
      • AvastUI.exe (PID: 9956)
      • AvastSvc.exe (PID: 6836)

    • Application launched itself

      • icarus.exe (PID: 8948)
      • AvastUI.exe (PID: 9956)

    • Process requests binary or script from the Internet

      • AvastSvc.exe (PID: 6836)
      • overseer.exe (PID: 9988)

    • Checks for Java to be installed

      • AvastSvc.exe (PID: 6836)

    • Read startup parameters

      • aswidsagent.exe (PID: 8520)
      • AvastSvc.exe (PID: 6836)

    • Searches for installed software

      • overseer.exe (PID: 9988)
      • AvastSvc.exe (PID: 6836)

    • Reads Microsoft Outlook installation path

      • AvastSvc.exe (PID: 6836)

    • There is functionality for VM detection VirtualBox (YARA)

      • aswToolsSvc.exe (PID: 4664)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 7428)
      • icarus.exe (PID: 1828)
      • AvEmUpdate.exe (PID: 8144)
      • AvEmUpdate.exe (PID: 7820)
      • afwServ.exe (PID: 8120)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)
      • aswidsagent.exe (PID: 8520)
      • icarus.exe (PID: 6800)
      • AvastUI.exe (PID: 9956)

    • Reads the computer name

      • identity_helper.exe (PID: 7428)
      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus.exe (PID: 3788)
      • icarus_ui.exe (PID: 5556)
      • icarus.exe (PID: 1828)
      • icarus.exe (PID: 7176)
      • engsup.exe (PID: 5140)
      • SetupInf.exe (PID: 7368)
      • SetupInf.exe (PID: 4932)
      • SetupInf.exe (PID: 3980)
      • SetupInf.exe (PID: 7492)
      • SetupInf.exe (PID: 1868)
      • AvEmUpdate.exe (PID: 8144)
      • AvEmUpdate.exe (PID: 7820)
      • RegSvr.exe (PID: 3092)
      • RegSvr.exe (PID: 8096)
      • SetupInf.exe (PID: 7456)
      • wsc_proxy.exe (PID: 1044)
      • wsc_proxy.exe (PID: 1096)
      • afwServ.exe (PID: 8120)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)
      • aswidsagent.exe (PID: 8520)
      • icarus.exe (PID: 8948)
      • icarus.exe (PID: 8828)
      • icarus.exe (PID: 9156)
      • icarus.exe (PID: 7536)
      • icarus.exe (PID: 6800)
      • SetupInf.exe (PID: 4444)
      • icarus_ui.exe (PID: 9276)
      • AvastUI.exe (PID: 9956)
      • engsup.exe (PID: 10080)
      • aswOfferTool.exe (PID: 9260)
      • icarus.exe (PID: 8708)
      • aswOfferTool.exe (PID: 9440)
      • AvastUI.exe (PID: 9484)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 360)
      • AvastUI.exe (PID: 3028)
      • AvastUI.exe (PID: 6640)
      • AvastUI.exe (PID: 7544)
      • overseer.exe (PID: 9988)
      • AvastUI.exe (PID: 9524)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 10896)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 11080)

    • Application launched itself

      • msedge.exe (PID: 4984)

    • Checks supported languages

      • identity_helper.exe (PID: 7428)
      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus.exe (PID: 3788)
      • icarus_ui.exe (PID: 5556)
      • icarus.exe (PID: 7176)
      • icarus.exe (PID: 1828)
      • engsup.exe (PID: 5140)
      • SetupInf.exe (PID: 7368)
      • SetupInf.exe (PID: 4932)
      • SetupInf.exe (PID: 3980)
      • SetupInf.exe (PID: 4444)
      • SetupInf.exe (PID: 7492)
      • SetupInf.exe (PID: 1868)
      • AvEmUpdate.exe (PID: 8144)
      • AvEmUpdate.exe (PID: 7820)
      • RegSvr.exe (PID: 3092)
      • wsc_proxy.exe (PID: 1044)
      • RegSvr.exe (PID: 8096)
      • SetupInf.exe (PID: 7456)
      • wsc_proxy.exe (PID: 1096)
      • AvastSvc.exe (PID: 6836)
      • afwServ.exe (PID: 8120)
      • aswToolsSvc.exe (PID: 4664)
      • aswEngSrv.exe (PID: 6308)
      • aswidsagent.exe (PID: 8520)
      • icarus.exe (PID: 8828)
      • icarus.exe (PID: 8948)
      • icarus.exe (PID: 9156)
      • icarus.exe (PID: 6800)
      • icarus.exe (PID: 7536)
      • icarus_ui.exe (PID: 9276)
      • AvastNM.exe (PID: 9888)
      • overseer.exe (PID: 9988)
      • AvastUI.exe (PID: 9956)
      • engsup.exe (PID: 10080)
      • aswOfferTool.exe (PID: 9260)
      • icarus.exe (PID: 8708)
      • aswOfferTool.exe (PID: 9440)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 7544)
      • AvastUI.exe (PID: 360)
      • AvastUI.exe (PID: 3028)
      • AvastUI.exe (PID: 9484)
      • AvastUI.exe (PID: 6640)
      • AvastUI.exe (PID: 9524)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 10896)
      • AvastUI.exe (PID: 11080)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4984)
      • msedge.exe (PID: 3948)

    • The sample compiled with english language support

      • msedge.exe (PID: 3948)
      • msedge.exe (PID: 4984)
      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus.exe (PID: 3788)
      • icarus.exe (PID: 1828)
      • icarus.exe (PID: 7176)
      • engsup.exe (PID: 5140)
      • AvEmUpdate.exe (PID: 7820)
      • AvastSvc.exe (PID: 6836)
      • aswOfferTool.exe (PID: 9260)

    • Reads the software policy settings

      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus_ui.exe (PID: 5556)
      • slui.exe (PID: 8048)
      • AvEmUpdate.exe (PID: 7820)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)
      • AvastUI.exe (PID: 9956)

    • Reads the machine GUID from the registry

      • avast_antivirus_gratuit_installateur_en-ligne.exe (PID: 2808)
      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus.exe (PID: 3788)
      • icarus_ui.exe (PID: 5556)
      • icarus.exe (PID: 7176)
      • icarus.exe (PID: 1828)
      • wsc_proxy.exe (PID: 1044)
      • afwServ.exe (PID: 8120)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)
      • aswidsagent.exe (PID: 8520)
      • icarus.exe (PID: 8948)
      • icarus.exe (PID: 8828)
      • icarus.exe (PID: 9156)
      • icarus_ui.exe (PID: 9276)
      • AvastUI.exe (PID: 9956)
      • overseer.exe (PID: 9988)
      • icarus.exe (PID: 8708)

    • Creates files in the program directory

      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus.exe (PID: 3788)
      • icarus_ui.exe (PID: 5556)
      • icarus.exe (PID: 1828)
      • icarus.exe (PID: 7176)
      • engsup.exe (PID: 5140)
      • AvEmUpdate.exe (PID: 8144)
      • AvEmUpdate.exe (PID: 7820)
      • wsc_proxy.exe (PID: 1044)
      • AvastSvc.exe (PID: 6836)
      • aswToolsSvc.exe (PID: 4664)
      • afwServ.exe (PID: 8120)
      • aswidsagent.exe (PID: 8520)
      • icarus.exe (PID: 8948)
      • icarus_ui.exe (PID: 9276)
      • AvastUI.exe (PID: 9956)
      • engsup.exe (PID: 10080)
      • AvastNM.exe (PID: 9888)
      • aswOfferTool.exe (PID: 9260)

    • Create files in a temporary directory

      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • engsup.exe (PID: 10080)
      • AvastUI.exe (PID: 9956)

    • Checks proxy server information

      • avast_free_antivirus_online_setup.exe (PID: 7576)
      • icarus_ui.exe (PID: 5556)
      • slui.exe (PID: 8048)
      • AvEmUpdate.exe (PID: 8144)
      • AvEmUpdate.exe (PID: 7820)
      • AvastUI.exe (PID: 9956)
      • AvastUI.exe (PID: 9484)
      • AvastUI.exe (PID: 6640)
      • AvastUI.exe (PID: 360)
      • AvastUI.exe (PID: 7544)
      • AvastUI.exe (PID: 3028)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 9524)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 10896)
      • AvastUI.exe (PID: 11080)

    • Reads CPU info

      • icarus_ui.exe (PID: 5556)
      • icarus.exe (PID: 3788)
      • icarus.exe (PID: 7176)
      • icarus.exe (PID: 1828)
      • engsup.exe (PID: 5140)
      • SetupInf.exe (PID: 7368)
      • SetupInf.exe (PID: 4932)
      • SetupInf.exe (PID: 3980)
      • SetupInf.exe (PID: 4444)
      • SetupInf.exe (PID: 1868)
      • AvEmUpdate.exe (PID: 8144)
      • AvEmUpdate.exe (PID: 7820)
      • RegSvr.exe (PID: 3092)
      • RegSvr.exe (PID: 8096)
      • SetupInf.exe (PID: 7456)
      • wsc_proxy.exe (PID: 1044)
      • wsc_proxy.exe (PID: 1096)
      • AvastSvc.exe (PID: 6836)
      • afwServ.exe (PID: 8120)
      • aswToolsSvc.exe (PID: 4664)
      • aswEngSrv.exe (PID: 6308)
      • aswidsagent.exe (PID: 8520)
      • icarus.exe (PID: 8948)
      • icarus.exe (PID: 8828)
      • icarus.exe (PID: 9156)
      • icarus.exe (PID: 6800)
      • SetupInf.exe (PID: 7492)
      • icarus.exe (PID: 7536)
      • AvastUI.exe (PID: 9956)
      • engsup.exe (PID: 10080)
      • AvastNM.exe (PID: 9888)
      • icarus.exe (PID: 8708)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 6640)
      • AvastUI.exe (PID: 9524)
      • AvastUI.exe (PID: 7544)
      • AvastUI.exe (PID: 9484)
      • AvastUI.exe (PID: 360)
      • AvastUI.exe (PID: 3028)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 10896)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 11080)

    • Creates files or folders in the user directory

      • icarus_ui.exe (PID: 5556)
      • AvastUI.exe (PID: 9956)
      • AvastUI.exe (PID: 6640)
      • AvastSvc.exe (PID: 6836)

    • The sample compiled with czech language support

      • icarus.exe (PID: 1828)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 4984)
      • WinRAR.exe (PID: 7132)

    • Process checks computer location settings

      • aswToolsSvc.exe (PID: 4664)
      • AvastSvc.exe (PID: 6836)
      • AvastUI.exe (PID: 9956)
      • AvastUI.exe (PID: 360)
      • AvastUI.exe (PID: 3028)
      • AvastUI.exe (PID: 7544)
      • AvastUI.exe (PID: 6124)
      • AvastUI.exe (PID: 11060)
      • AvastUI.exe (PID: 9636)
      • AvastUI.exe (PID: 10896)
      • AvastUI.exe (PID: 11080)

    • Reads the time zone

      • aswidsagent.exe (PID: 8520)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • aswidsagent.exe (PID: 8520)

    • Reads product name

      • aswidsagent.exe (PID: 8520)

    • Launching a file from a Registry key

      • icarus.exe (PID: 1828)

    • Manual execution by a user

      • AvastUI.exe (PID: 9956)

    • Process checks whether UAC notifications are on

      • AvastSvc.exe (PID: 6836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
274
Monitored processes
119
Malicious processes
43
Suspicious processes
15

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs avast_antivirus_gratuit_installateur_en-ligne.exe no specs avast_antivirus_gratuit_installateur_en-ligne.exe avast_free_antivirus_online_setup.exe icarus.exe icarus_ui.exe icarus.exe icarus.exe slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs engsup.exe msedge.exe no specs msedge.exe no specs setupinf.exe no specs msedge.exe no specs msedge.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs winrar.exe no specs msedge.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs mspaint.exe no specs afwserv.exe no specs avastsvc.exe aswtoolssvc.exe aswengsrv.exe aswidsagent.exe no specs wpr.exe no specs conhost.exe no specs icarus.exe icarus.exe unsecapp.exe no specs icarus.exe icarus.exe no specs icarus.exe no specs msedge.exe no specs msedge.exe no specs icarus_ui.exe no specs msedge.exe no specs avastnm.exe no specs avastui.exe overseer.exe engsup.exe msedge.exe no specs aswoffertool.exe icarus.exe aswoffertool.exe no specs avastui.exe avastui.exe no specs avastui.exe avastui.exe no specs avastui.exe no specs avastui.exe no specs avastui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs avastui.exe no specs avastui.exe no specs avastui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs avastui.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
360"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --field-trial-handle=7888,1010700180605165456,6218898174811684459,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=9324 /prefetch:1C:\Program Files\Avast Software\Avast\AvastUI.exeAvastUI.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Antivirus
Version:
25.6.10221.0
Modules
Images
c:\program files\avast software\avast\avastui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\avast software\avast\aswhook.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
1044"C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /svc /register /ppl_svcC:\Program Files\Avast Software\Avast\wsc_proxy.exeicarus.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast remediation exe
Exit code:
0
Version:
21.4.6162.0
Modules
Images
c:\program files\avast software\avast\wsc_proxy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\avast software\avast\wsc.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1096"C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserverC:\Program Files\Avast Software\Avast\wsc_proxy.exeservices.exe
User:
SYSTEM
Company:
AVAST Software
Integrity Level:
SYSTEM
Description:
Avast remediation exe
Version:
21.4.6162.0
Modules
Images
c:\program files\avast software\avast\wsc_proxy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\avast\wsc.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
1352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7636,i,8588795142001206168,5606552030762790224,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,8588795142001206168,5606552030762790224,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1712"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5752,i,8588795142001206168,5606552030762790224,262144 --variations-seed-version --mojo-platform-channel-handle=8596 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1828C:\WINDOWS\Temp\asw-a9d47b97-fc6a-44f3-b267-8a8467d9a74c\avast-av\icarus.exe /cookie:mmm_ava_012_999_x9g_m:brs_msft /edat_dir:C:\WINDOWS\Temp\asw.f0cdf5195454f574 /geo:FR /track-guid:2dc0ab46-2dfd-45a7-b327-ce5855be9aca /sssid:7576 /er_master:master_ep_78719b65-4690-4e62-a0ef-61967b1e7729 /er_ui:ui_ep_08aa34bd-5647-4b04-9b26-ddf4c1d738d4 /er_slave:avast-av_slave_ep_050d96c3-f148-4e2c-8e58-9d28a2bc4686 /slave:avast-avC:\Windows\Temp\asw-a9d47b97-fc6a-44f3-b267-8a8467d9a74c\avast-av\icarus.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Installer
Exit code:
0
Version:
25.6.9397.0
Modules
Images
c:\windows\temp\asw-a9d47b97-fc6a-44f3-b267-8a8467d9a74c\avast-av\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1868"C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswRvrt.catC:\Program Files\Avast Software\Avast\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Exit code:
0
Version:
25.6.10221.0
Modules
Images
c:\program files\avast software\avast\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1668,i,8588795142001206168,5606552030762790224,262144 --variations-seed-version --mojo-platform-channel-handle=8236 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7160,i,8588795142001206168,5606552030762790224,262144 --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
92 588
Read events
90 529
Write events
1 831
Delete events
228

Modification events

(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4984) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
54F57EAD77982F00
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262938
Operation:writeName:WindowTabManagerFileMappingId
Value:
{EA2F2283-8B2F-4BCE-916A-50C52EB77748}
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262938
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B74D831D-18BD-46E2-A832-7AE7F489D46E}
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262938
Operation:writeName:WindowTabManagerFileMappingId
Value:
{E455051A-8841-4FE5-9B65-9030106E37E1}
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262938
Operation:writeName:WindowTabManagerFileMappingId
Value:
{17042E19-F73C-4143-8457-15FD3D18B596}
(PID) Process:(4984) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262938
Operation:writeName:WindowTabManagerFileMappingId
Value:
{0D8D6995-30A4-438C-9685-F8F7E5A638FF}
Executable files
749
Suspicious files
2 764
Text files
764
Unknown types
524

Dropped files

PID
Process
Filename
Type
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF175757.TMP
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF175767.TMP
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF175767.TMP
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF175767.TMP
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF175767.TMP
MD5:
SHA256:
4984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
184
TCP/UDP connections
642
DNS requests
477
Threats
20

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3948
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:0_zpD3YWEhIODBL5dAqfqZWLeQEKVX20uOvTgS-IP6o&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7724
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5444
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7724
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2808
avast_antivirus_gratuit_installateur_en-ligne.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
2808
avast_antivirus_gratuit_installateur_en-ligne.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
2808
avast_antivirus_gratuit_installateur_en-ligne.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
unknown
whitelisted
2808
avast_antivirus_gratuit_installateur_en-ligne.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1936
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3948
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3948
msedge.exe
142.250.181.226:443
pagead2.googlesyndication.com
GOOGLE
US
whitelisted
3948
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3948
msedge.exe
94.16.113.2:443
www.emule-project.com
netcup GmbH
AT
whitelisted
3948
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 172.217.18.110
  • 142.250.186.110
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.emule-project.com
  • 94.16.113.2
unknown
copilot.microsoft.com
  • 2.16.241.220
  • 2.16.241.224
whitelisted
www.bing.com
  • 2.16.241.219
  • 2.16.241.206
  • 2.16.241.216
  • 2.16.241.218
  • 2.16.241.212
  • 2.16.241.201
  • 2.16.241.205
  • 2.16.241.207
  • 2.16.241.200
  • 2.16.241.222
  • 2.16.241.197
  • 2.16.241.223
  • 2.16.241.221
  • 2.16.241.211
  • 2.16.241.224
  • 2.23.227.215
  • 2.23.227.208
whitelisted
pagead2.googlesyndication.com
  • 142.250.181.226
  • 172.217.18.2
whitelisted
sflogo.sourceforge.net
  • 104.18.12.149
  • 104.18.13.149
whitelisted
googleads.g.doubleclick.net
  • 172.217.16.194
whitelisted

Threats

PID
Process
Class
Message
3948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2808
avast_antivirus_gratuit_installateur_en-ligne.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
7820
AvEmUpdate.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Process
Message
AvastSvc.exe
[2025-07-14 10:50:51.765] [error ] [events_rep ] [ 6836: 6548] [244FEC: 49] asw::burger_event::regular_burger_event_reporter_holder::start_all : starting of class asw::burger_event::data_sharing_preference_report failed with an exception : Identity of Burger client was not set.
AvastSvc.exe
[2025-07-14 10:50:54.719] [error ] [dnsdoh ] [ 6836: 8492] [4D6837: 73] failed to restore usage statistics Exception: corrupted file
AvastSvc.exe
[2025-07-14 10:50:55.328] [error ] [tasks ] [ 6836: 5708] [526EA1: 321] task Burger::EventConsumer::OnFlush: failed without a caller check. Exception: Identity of Burger client was not set.
AvastSvc.exe
[2025-07-14 10:50:55.843] [info ] [nsf_urlinfo] [ 6836: 8492] [BA6D43: 46] Starting UrlInfo
AvastSvc.exe
[2025-07-14 10:50:55.843] [info ] [nsf_urlinfo] [ 6836: 8492] [C22399: 39] Initialize UrlInfoMgr
AvastSvc.exe
[2025-07-14 10:50:55.968] [info ] [nsf_urlinfo] [ 6836: 8492] [C22399: 72] UrlInfoMgr initialized
AvastSvc.exe
[2025-07-14 10:50:57.445] [error ] [tasks ] [ 6836: 1136] [526EA1: 321] task wait_for_request_handler_data svc.alpha.GetOneMigrationData: failed without a caller check. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
AvastSvc.exe
[2025-07-14 10:51:03.641] [error ] [evnt_mgr ] [ 6836: 6320] [44AF47: 501] Set options and identity failed. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
AvastSvc.exe
[2025-07-14 10:51:05.094] [error ] [evnt_mgr ] [ 6836: 6780] [44AF47: 501] Set options and identity failed. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
AvastSvc.exe
[2025-07-14 10:51:07.432] [error ] [evnt_mgr ] [ 6836: 6780] [44AF47: 501] Set options and identity failed. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.emule-project.com/home/perl/general.cgi?l=17&rm=download