File name:

auslogics-anti-malware-setup.exe

Full analysis: https://app.any.run/tasks/356d9e3e-72ec-4aad-9a2b-79697dfa068d
Verdict: Malicious activity
Analysis date: February 13, 2024, 01:20:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
rurat
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F81A9AF403E84FFB74C96D7F2146FB41

SHA1:

00DF997BDAE65CFF7DCBCEF44044D0495E59B886

SHA256:

4F414635A82246D982AAAE3A2CB4AD248FBFC3691B77CFCCE89078D48BD8DB45

SSDEEP:

98304:Lg6b3u03UphFEMG2XVk2hPDVLJfIlKgd4fDDW3496CI8NZPEqMyyn7Jd7jlBabUR:+IDhr+CAaMo+dEwy2btw8x2kmnv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • auslogics-anti-malware-setup.exe (PID: 1384)
      • auslogics-anti-malware-setup.exe (PID: 2852)
      • auslogics-anti-malware-setup.tmp (PID: 2848)

    • Steals credentials from Web Browsers

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • taskhost.exe (PID: 1348)

    • Actions looks like stealing of personal data

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • AntiMalware.exe (PID: 2592)

    • Rurat mutex has been detected

      • AntiMalware.exe (PID: 1976)
      • AntiMalware.exe (PID: 2592)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • auslogics-anti-malware-setup.exe (PID: 1384)
      • auslogics-anti-malware-setup.exe (PID: 2852)
      • auslogics-anti-malware-setup.tmp (PID: 2848)

    • Reads the Windows owner or organization settings

      • auslogics-anti-malware-setup.tmp (PID: 2848)

    • Reads the Internet Settings

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • taskhost.exe (PID: 1348)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Reads the BIOS version

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • AntiMalware.exe (PID: 2592)

    • Process drops SQLite DLL files

      • auslogics-anti-malware-setup.tmp (PID: 2848)

    • Checks Windows Trust Settings

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Executes as Windows Service

      • taskhost.exe (PID: 1348)

    • Reads settings of System Certificates

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • AntiMalware.exe (PID: 2592)
      • InfoDownloader.exe (PID: 2260)

    • Reads security settings of Internet Explorer

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Reads browser cookies

      • auslogics-anti-malware-setup.tmp (PID: 2848)

    • Adds/modifies Windows certificates

      • InfoDownloader.exe (PID: 2260)

  • INFO

    • Checks supported languages

      • auslogics-anti-malware-setup.tmp (PID: 3668)
      • auslogics-anti-malware-setup.exe (PID: 1384)
      • auslogics-anti-malware-setup.exe (PID: 2852)
      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Create files in a temporary directory

      • auslogics-anti-malware-setup.exe (PID: 1384)
      • auslogics-anti-malware-setup.exe (PID: 2852)
      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • InfoDownloader.exe (PID: 2260)

    • Reads the computer name

      • auslogics-anti-malware-setup.tmp (PID: 3668)
      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Process checks computer location settings

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 2592)

    • Reads the machine GUID from the registry

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Reads Windows Product ID

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • AntiMalware.exe (PID: 2592)

    • Creates files in the program directory

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 2592)

    • Reads the software policy settings

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Checks proxy server information

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • AntiMalware.exe (PID: 1976)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Creates files or folders in the user directory

      • auslogics-anti-malware-setup.tmp (PID: 2848)
      • taskhost.exe (PID: 1348)
      • InfoDownloader.exe (PID: 2260)
      • AntiMalware.exe (PID: 2592)

    • Creates a software uninstall entry

      • auslogics-anti-malware-setup.tmp (PID: 2848)

    • Manual execution by a user

      • explorer.exe (PID: 3556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 438272
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.23.0.0
ProductVersionNumber: 1.23.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Auslogics
FileDescription: Auslogics Anti-Malware Installation File
FileVersion: 1.x
LegalCopyright: Copyright © 2008-2023 Auslogics Labs Pty Ltd
ProductName: Auslogics Anti-Malware
ProductVersion: 1.23.0.0
OriginalFileName: auslogics-anti-malware-setup.exe
InternalName: auslogics-anti-malware-setup
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
9
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
start auslogics-anti-malware-setup.exe auslogics-anti-malware-setup.tmp no specs auslogics-anti-malware-setup.exe auslogics-anti-malware-setup.tmp taskhost.exe antimalware.exe infodownloader.exe antimalware.exe explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1348"taskhost.exe"C:\Windows\System32\taskhost.exe
services.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Host Process for Windows Tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1384"C:\Users\admin\AppData\Local\Temp\auslogics-anti-malware-setup.exe" C:\Users\admin\AppData\Local\Temp\auslogics-anti-malware-setup.exe
explorer.exe
User:
admin
Company:
Auslogics
Integrity Level:
MEDIUM
Description:
Auslogics Anti-Malware Installation File
Exit code:
0
Version:
1.x
Modules
Images
c:\users\admin\appdata\local\temp\auslogics-anti-malware-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1976"C:\Program Files\Auslogics\Anti-Malware\AntiMalware.exe" /install /setautostartC:\Program Files\Auslogics\Anti-Malware\AntiMalware.exe
auslogics-anti-malware-setup.tmp
User:
admin
Company:
Auslogics
Integrity Level:
HIGH
Description:
Anti-Malware
Exit code:
0
Version:
1.23.0.0
Modules
Images
c:\program files\auslogics\anti-malware\antimalware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2260"C:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\InfoDownloader.exe" "https://www.auslogics.com/en/software/boost-speed/downloads" "boost-speed-setup.exe" "/verysilent /Campaign:am_installer"C:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\InfoDownloader.exe
auslogics-anti-malware-setup.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\is-v16c6.tmp\infodownloader.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2592"C:\Program Files\Auslogics\Anti-Malware\AntiMalware.exe" /FromInstallC:\Program Files\Auslogics\Anti-Malware\AntiMalware.exe
auslogics-anti-malware-setup.tmp
User:
admin
Company:
Auslogics
Integrity Level:
HIGH
Description:
Anti-Malware
Exit code:
0
Version:
1.23.0.0
Modules
Images
c:\program files\auslogics\anti-malware\antimalware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2848"C:\Users\admin\AppData\Local\Temp\is-79G4G.tmp\auslogics-anti-malware-setup.tmp" /SL5="$100130,15179491,505856,C:\Users\admin\AppData\Local\Temp\auslogics-anti-malware-setup.exe" /SPAWNWND=$18013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-79G4G.tmp\auslogics-anti-malware-setup.tmp
auslogics-anti-malware-setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-79g4g.tmp\auslogics-anti-malware-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2852"C:\Users\admin\AppData\Local\Temp\auslogics-anti-malware-setup.exe" /SPAWNWND=$18013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\auslogics-anti-malware-setup.exe
auslogics-anti-malware-setup.tmp
User:
admin
Company:
Auslogics
Integrity Level:
HIGH
Description:
Auslogics Anti-Malware Installation File
Exit code:
0
Version:
1.x
Modules
Images
c:\users\admin\appdata\local\temp\auslogics-anti-malware-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3556"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3668"C:\Users\admin\AppData\Local\Temp\is-VEPRD.tmp\auslogics-anti-malware-setup.tmp" /SL5="$E0170,15179491,505856,C:\Users\admin\AppData\Local\Temp\auslogics-anti-malware-setup.exe" C:\Users\admin\AppData\Local\Temp\is-VEPRD.tmp\auslogics-anti-malware-setup.tmpauslogics-anti-malware-setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-veprd.tmp\auslogics-anti-malware-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
113 779
Read events
113 561
Write events
183
Delete events
35

Modification events

(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Anti-Malware\1.x\Settings
Operation:writeName:General.Tracking.URLMarkers
Value:
antimalwarenosid
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC55DE0-35BB-EBA5-7DDF-E543538420C8}\Version
Operation:writeName:Assembly
Value:
F6F783637AB920B8266E9D52CBB4584AF6F783637AB920B8266E9D52CBB4584A88AD8CBB5ED3F66B83A8A2CDF194269C890BB34AEBD806E41A50D3BD9C0B4765219909F09E75DEC0927FF4E8152284CD219909F09E75DEC0927FF4E8152284CD59B5414605BAE21E9735786EB516D3F8DE1283C2AFF9BF99D33ED2740C86BBD2F8157495FE950FA4A01046BB55F00DAD0F20AA1B1ADFE602954529934D03147D
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Anti-Malware\1.x\Settings
Operation:writeName:General.Language
Value:
ENU
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics
Operation:writeName:ClientID
Value:
{91B526AE-B969-43B4-9A7F-91DF089D6576}
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2848) auslogics-anti-malware-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
Executable files
69
Suspicious files
40
Text files
25
Unknown types
23

Dropped files

PID
Process
Filename
Type
2852auslogics-anti-malware-setup.exeC:\Users\admin\AppData\Local\Temp\is-79G4G.tmp\auslogics-anti-malware-setup.tmpexecutable
MD5:CB48F12B90FD2DDCCA484A5823A5CFC7
SHA256:B7097E521A9B6F426C5C8C08A81E5BDAC24A424980D1D9797F96CE753689B7A3
1384auslogics-anti-malware-setup.exeC:\Users\admin\AppData\Local\Temp\is-VEPRD.tmp\auslogics-anti-malware-setup.tmpexecutable
MD5:CB48F12B90FD2DDCCA484A5823A5CFC7
SHA256:B7097E521A9B6F426C5C8C08A81E5BDAC24A424980D1D9797F96CE753689B7A3
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\BrowserHelper.dllexecutable
MD5:03A5133DDA45EBCE070F637031A619EE
SHA256:3525F07E97349A42C498ABF282EE5730988447244AD173EBDC49D9A5039A63A5
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\SetupCustom.dllexecutable
MD5:F7E7582CA1BE9A1BED703C05651D5DF8
SHA256:A24FFB13B1E68EF1212CC35C4080D01235F8EB73294778D03F8076E773774D24
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\CFAHelper.dllexecutable
MD5:19D99922CB5127844B526FCAC7AABDAD
SHA256:DDA3170B4555FF7B3BF426B2E27A092D884377E110755227B8F8132610E944CE
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\AntiMalware.exeexecutable
MD5:A396E1015EFBCBF7207D93877B952892
SHA256:B59D8916C503D409E5B65FF4A4D966EC0960417E039724BC589A675ACEFCFD2B
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\CommonForms.Site.dllexecutable
MD5:E756F2A7A1506338DC7959A1F40D132F
SHA256:64A1D1506063F86B20BC996F14C2B1B6E5F545FA62262EF5995965AA1DA2A593
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\AxComponentsVCL.bplbinary
MD5:80A664CAB832E94DC6609B95077232A7
SHA256:DD97F84F01B33CB0E13D52189678764FF8FB7881CD50CAA17E282A6FF39539E3
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\sqlite3.dllexecutable
MD5:3253A9B3D0CA0E370A8D09F10E858EB0
SHA256:111F823205AA18B9129DDF517BEF88C5E7FB43D0941DE9AF8D603D9E1966B1EB
2848auslogics-anti-malware-setup.tmpC:\Users\admin\AppData\Local\Temp\is-V16C6.tmp\Localizer.dllexecutable
MD5:995800F844BBD5488C09DA73B82EEC9B
SHA256:12D794BBCA2C294A55F025E37B3319C5D58BEE12E9CB398C45D71D1D5BF70F53
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
21
DNS requests
11
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2848
auslogics-anti-malware-setup.tmp
POST
200
142.250.185.110:80
http://www.google-analytics.com/collect
unknown
image
35 b
unknown
2260
InfoDownloader.exe
GET
200
72.246.169.163:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
2260
InfoDownloader.exe
GET
200
23.15.179.138:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0711511d471f2a03
unknown
compressed
65.2 Kb
unknown
2848
auslogics-anti-malware-setup.tmp
POST
200
142.250.185.110:80
http://www.google-analytics.com/collect
unknown
image
35 b
unknown
2848
auslogics-anti-malware-setup.tmp
POST
200
142.250.185.110:80
http://www.google-analytics.com/collect
unknown
image
35 b
unknown
2848
auslogics-anti-malware-setup.tmp
GET
304
23.15.179.138:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5640091f244ed244
unknown
unknown
2848
auslogics-anti-malware-setup.tmp
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D
unknown
binary
471 b
unknown
2848
auslogics-anti-malware-setup.tmp
GET
200
192.229.221.95:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAdpVDZkciT8g1iEeh8ZYO0%3D
unknown
binary
471 b
unknown
2260
InfoDownloader.exe
GET
200
23.1.254.163:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNxYtsAdm0%2FkX4W5rCqQ8td9A%3D%3D
unknown
binary
503 b
unknown
2592
AntiMalware.exe
GET
200
23.35.209.75:80
http://oem.avira-update.com/update/idx/savapi4lib-win32-en.info.gz
unknown
compressed
1.94 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2848
auslogics-anti-malware-setup.tmp
45.79.82.237:443
www.auslogics.com
Linode, LLC
US
unknown
2848
auslogics-anti-malware-setup.tmp
142.250.185.110:80
www.google-analytics.com
GOOGLE
US
whitelisted
2848
auslogics-anti-malware-setup.tmp
23.15.179.138:80
ctldl.windowsupdate.com
Akamai International B.V.
FR
whitelisted
2848
auslogics-anti-malware-setup.tmp
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1976
AntiMalware.exe
142.250.185.110:80
www.google-analytics.com
GOOGLE
US
whitelisted
2260
InfoDownloader.exe
45.79.82.237:443
www.auslogics.com
Linode, LLC
US
unknown
2260
InfoDownloader.exe
51.79.116.215:443
downloads.auslogics.com
OVH SAS
CA
unknown

DNS requests

Domain
IP
Reputation
www.auslogics.com
  • 45.79.82.237
whitelisted
www.google-analytics.com
  • 142.250.185.110
whitelisted
ctldl.windowsupdate.com
  • 23.15.179.138
  • 23.15.179.161
  • 23.15.179.185
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
status.rapidssl.com
  • 192.229.221.95
shared
downloads.auslogics.com
  • 51.79.116.215
unknown
x1.c.lencr.org
  • 72.246.169.163
whitelisted
ads.auslogics.com
  • 142.4.207.128
whitelisted
r3.o.lencr.org
  • 23.1.254.163
  • 23.1.254.176
shared
oem.avira-update.com
  • 23.35.209.75
unknown

Threats

Found threats are available for the paid subscriptions
5 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
auslogics-anti-malware-setup.exe