URL:

http://www.avast.com/

Full analysis: https://app.any.run/tasks/7859532b-93c7-4bdb-b50f-52c166bbcec8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 18, 2025, 11:17:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
stealer
loader
qrcode
Indicators:
MD5:

52ECC7A98F3BA1529083828528589802

SHA1:

3E93E3C4D0C1DE86322FE87C41FA0EF16A328467

SHA256:

6CE4A92E020F9056661D832D66E7D196E7F7A0C29BEFF7DAAF5F0C8D7E58580E

SSDEEP:

3:N1KJS4/K3:Cc4C3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • AvastSvc.exe (PID: 6260)
      • aswEngSrv.exe (PID: 432)
      • engsup.exe (PID: 8364)
      • AvastUI.exe (PID: 3832)

    • Antivirus name has been found in the command line (generic signature)

      • AvastUI.exe (PID: 3832)
      • AvastUI.exe (PID: 8500)
      • AvastUI.exe (PID: 6768)
      • AvastUI.exe (PID: 9704)
      • AvastUI.exe (PID: 4780)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 8336)
      • AvastUI.exe (PID: 8396)

    • Changes the autorun value in the registry

      • icarus.exe (PID: 1040)

    • Actions looks like stealing of personal data

      • engsup.exe (PID: 8364)
      • AvastUI.exe (PID: 3832)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus.exe (PID: 2620)
      • icarus.exe (PID: 5968)
      • engsup.exe (PID: 8480)
      • icarus.exe (PID: 1040)
      • AvEmUpdate.exe (PID: 8892)
      • AvastSvc.exe (PID: 6260)
      • aswOfferTool.exe (PID: 9308)

    • Starts itself from another location

      • icarus.exe (PID: 2620)
      • icarus.exe (PID: 9468)

    • Reads security settings of Internet Explorer

      • icarus_ui.exe (PID: 7984)
      • AvastSvc.exe (PID: 6260)

    • Checks for external IP

      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • AvEmUpdate.exe (PID: 8892)
      • AvastSvc.exe (PID: 6260)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 1040)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 1040)

    • Drops a system driver (possible attempt to evade defenses)

      • icarus.exe (PID: 1040)
      • engsup.exe (PID: 8480)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 1040)
      • icarus.exe (PID: 5968)
      • engsup.exe (PID: 8480)
      • SetupInf.exe (PID: 8548)
      • SetupInf.exe (PID: 8640)
      • SetupInf.exe (PID: 8688)
      • SetupInf.exe (PID: 8732)
      • SetupInf.exe (PID: 8768)
      • SetupInf.exe (PID: 8804)
      • AvEmUpdate.exe (PID: 8848)
      • RegSvr.exe (PID: 9040)
      • RegSvr.exe (PID: 9076)
      • SetupInf.exe (PID: 9112)
      • wsc_proxy.exe (PID: 9152)
      • wsc_proxy.exe (PID: 9180)
      • afwServ.exe (PID: 8204)
      • AvastSvc.exe (PID: 6260)
      • aswToolsSvc.exe (PID: 3944)
      • AvEmUpdate.exe (PID: 8892)
      • aswEngSrv.exe (PID: 432)
      • msedge.exe (PID: 8624)
      • aswidsagent.exe (PID: 9048)
      • icarus.exe (PID: 8884)
      • msedge.exe (PID: 9364)
      • icarus.exe (PID: 9468)
      • icarus.exe (PID: 9592)
      • AvastUI.exe (PID: 3832)
      • AvastNM.exe (PID: 10100)
      • engsup.exe (PID: 8364)
      • overseer.exe (PID: 8552)
      • icarus.exe (PID: 2220)
      • AvastUI.exe (PID: 4780)
      • AvastUI.exe (PID: 6768)
      • AvastUI.exe (PID: 8500)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 8396)
      • AvastUI.exe (PID: 8336)
      • AvastUI.exe (PID: 9704)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 1040)

    • Creates files in the driver directory

      • engsup.exe (PID: 8480)
      • icarus.exe (PID: 1040)

    • Creates or modifies Windows services

      • icarus.exe (PID: 1040)

    • Creates/Modifies COM task schedule object

      • icarus.exe (PID: 1040)
      • RegSvr.exe (PID: 9040)
      • RegSvr.exe (PID: 9076)

    • Creates a software uninstall entry

      • icarus.exe (PID: 1040)

    • Process checks presence of unattended files

      • icarus.exe (PID: 1040)

    • Executes as Windows Service

      • wsc_proxy.exe (PID: 9180)
      • afwServ.exe (PID: 8204)
      • AvastSvc.exe (PID: 6260)
      • aswToolsSvc.exe (PID: 3944)
      • aswidsagent.exe (PID: 9048)

    • Modifies hosts file to alter network resolution

      • AvastSvc.exe (PID: 6260)

    • Adds/modifies Windows certificates

      • AvastSvc.exe (PID: 6260)

    • Reads the date of Windows installation

      • aswidsagent.exe (PID: 9048)
      • AvastUI.exe (PID: 3832)

    • Read startup parameters

      • aswidsagent.exe (PID: 9048)
      • AvastSvc.exe (PID: 6260)

    • Application launched itself

      • icarus.exe (PID: 9468)
      • AvastUI.exe (PID: 3832)

    • Checks for Java to be installed

      • AvastSvc.exe (PID: 6260)

    • Process requests binary or script from the Internet

      • AvastSvc.exe (PID: 6260)

    • Searches for installed software

      • overseer.exe (PID: 8552)

    • Reads Microsoft Outlook installation path

      • AvastSvc.exe (PID: 6260)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4724)

    • Checks supported languages

      • identity_helper.exe (PID: 7816)
      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus.exe (PID: 2620)
      • icarus.exe (PID: 5968)
      • icarus.exe (PID: 1040)
      • icarus_ui.exe (PID: 7984)
      • engsup.exe (PID: 8480)
      • SetupInf.exe (PID: 8548)
      • SetupInf.exe (PID: 8640)
      • SetupInf.exe (PID: 8688)
      • SetupInf.exe (PID: 8732)
      • SetupInf.exe (PID: 8768)
      • SetupInf.exe (PID: 8804)
      • AvEmUpdate.exe (PID: 8848)
      • AvEmUpdate.exe (PID: 8892)
      • RegSvr.exe (PID: 9040)
      • RegSvr.exe (PID: 9076)
      • SetupInf.exe (PID: 9112)
      • wsc_proxy.exe (PID: 9152)
      • wsc_proxy.exe (PID: 9180)
      • aswToolsSvc.exe (PID: 3944)
      • AvastSvc.exe (PID: 6260)
      • aswEngSrv.exe (PID: 432)
      • aswidsagent.exe (PID: 9048)
      • icarus.exe (PID: 8884)
      • icarus.exe (PID: 9468)
      • icarus.exe (PID: 9592)
      • afwServ.exe (PID: 8204)
      • icarus.exe (PID: 9968)
      • icarus_ui.exe (PID: 9840)
      • icarus.exe (PID: 9960)
      • AvastNM.exe (PID: 10100)
      • AvastUI.exe (PID: 3832)
      • engsup.exe (PID: 8364)
      • aswOfferTool.exe (PID: 9308)
      • aswOfferTool.exe (PID: 7740)
      • AvastUI.exe (PID: 8500)
      • icarus.exe (PID: 2220)
      • AvastUI.exe (PID: 9704)
      • AvastUI.exe (PID: 6768)
      • AvastUI.exe (PID: 4780)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 8336)
      • AvastUI.exe (PID: 8396)
      • overseer.exe (PID: 8552)

    • The sample compiled with english language support

      • msedge.exe (PID: 4724)
      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • msedge.exe (PID: 7032)
      • icarus.exe (PID: 2620)
      • icarus.exe (PID: 1040)
      • icarus.exe (PID: 5968)
      • engsup.exe (PID: 8480)
      • AvEmUpdate.exe (PID: 8892)
      • AvastSvc.exe (PID: 6260)
      • aswOfferTool.exe (PID: 9308)

    • Reads the machine GUID from the registry

      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • icarus.exe (PID: 2620)
      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus_ui.exe (PID: 7984)
      • icarus.exe (PID: 1040)
      • icarus.exe (PID: 5968)
      • wsc_proxy.exe (PID: 9152)
      • AvastSvc.exe (PID: 6260)
      • afwServ.exe (PID: 8204)
      • aswToolsSvc.exe (PID: 3944)
      • aswidsagent.exe (PID: 9048)
      • icarus.exe (PID: 8884)
      • icarus.exe (PID: 9468)
      • icarus.exe (PID: 9592)
      • icarus_ui.exe (PID: 9840)
      • AvastUI.exe (PID: 3832)
      • overseer.exe (PID: 8552)
      • icarus.exe (PID: 2220)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7032)
      • msedge.exe (PID: 4724)

    • Reads the computer name

      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus_ui.exe (PID: 7984)
      • icarus.exe (PID: 2620)
      • icarus.exe (PID: 5968)
      • identity_helper.exe (PID: 7816)
      • icarus.exe (PID: 1040)
      • engsup.exe (PID: 8480)
      • SetupInf.exe (PID: 8548)
      • SetupInf.exe (PID: 8640)
      • SetupInf.exe (PID: 8688)
      • SetupInf.exe (PID: 8732)
      • SetupInf.exe (PID: 8768)
      • SetupInf.exe (PID: 8804)
      • AvEmUpdate.exe (PID: 8848)
      • AvEmUpdate.exe (PID: 8892)
      • RegSvr.exe (PID: 9040)
      • RegSvr.exe (PID: 9076)
      • SetupInf.exe (PID: 9112)
      • wsc_proxy.exe (PID: 9152)
      • wsc_proxy.exe (PID: 9180)
      • afwServ.exe (PID: 8204)
      • aswToolsSvc.exe (PID: 3944)
      • icarus.exe (PID: 8884)
      • aswidsagent.exe (PID: 9048)
      • icarus.exe (PID: 9468)
      • icarus.exe (PID: 9592)
      • icarus.exe (PID: 9968)
      • icarus.exe (PID: 9960)
      • icarus_ui.exe (PID: 9840)
      • AvastUI.exe (PID: 3832)
      • AvastSvc.exe (PID: 6260)
      • overseer.exe (PID: 8552)
      • aswOfferTool.exe (PID: 9308)
      • engsup.exe (PID: 8364)
      • icarus.exe (PID: 2220)
      • aswOfferTool.exe (PID: 7740)
      • AvastUI.exe (PID: 8500)
      • AvastUI.exe (PID: 6768)
      • AvastUI.exe (PID: 9704)
      • AvastUI.exe (PID: 8336)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 8396)
      • AvastUI.exe (PID: 4780)

    • Reads the software policy settings

      • avast_free_antivirus_online_instellen.exe (PID: 7108)
      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus_ui.exe (PID: 7984)
      • slui.exe (PID: 8116)
      • AvEmUpdate.exe (PID: 8892)
      • AvastSvc.exe (PID: 6260)
      • aswToolsSvc.exe (PID: 3944)

    • Create files in a temporary directory

      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • engsup.exe (PID: 8364)
      • AvastUI.exe (PID: 3832)

    • Checks proxy server information

      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus_ui.exe (PID: 7984)
      • slui.exe (PID: 8116)
      • AvEmUpdate.exe (PID: 8848)
      • AvEmUpdate.exe (PID: 8892)
      • AvastUI.exe (PID: 3832)
      • AvastUI.exe (PID: 8500)
      • AvastUI.exe (PID: 6768)
      • AvastUI.exe (PID: 8396)
      • AvastUI.exe (PID: 9704)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 4780)
      • AvastUI.exe (PID: 8336)

    • Reads CPU info

      • icarus_ui.exe (PID: 7984)
      • icarus.exe (PID: 2620)
      • icarus.exe (PID: 1040)
      • icarus.exe (PID: 5968)
      • engsup.exe (PID: 8480)
      • SetupInf.exe (PID: 8548)
      • SetupInf.exe (PID: 8640)
      • SetupInf.exe (PID: 8688)
      • SetupInf.exe (PID: 8768)
      • SetupInf.exe (PID: 8732)
      • AvEmUpdate.exe (PID: 8848)
      • AvEmUpdate.exe (PID: 8892)
      • RegSvr.exe (PID: 9076)
      • RegSvr.exe (PID: 9040)
      • SetupInf.exe (PID: 9112)
      • wsc_proxy.exe (PID: 9152)
      • wsc_proxy.exe (PID: 9180)
      • afwServ.exe (PID: 8204)
      • aswToolsSvc.exe (PID: 3944)
      • aswEngSrv.exe (PID: 432)
      • aswidsagent.exe (PID: 9048)
      • SetupInf.exe (PID: 8804)
      • icarus.exe (PID: 8884)
      • icarus.exe (PID: 9468)
      • icarus.exe (PID: 9592)
      • icarus.exe (PID: 9960)
      • icarus.exe (PID: 9968)
      • AvastNM.exe (PID: 10100)
      • AvastUI.exe (PID: 3832)
      • AvastSvc.exe (PID: 6260)
      • engsup.exe (PID: 8364)
      • icarus.exe (PID: 2220)
      • AvastUI.exe (PID: 8500)
      • AvastUI.exe (PID: 9704)
      • AvastUI.exe (PID: 6768)
      • AvastUI.exe (PID: 4780)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 8396)
      • AvastUI.exe (PID: 8336)

    • Reads Environment values

      • icarus.exe (PID: 1040)
      • identity_helper.exe (PID: 7816)
      • AvEmUpdate.exe (PID: 8848)
      • AvEmUpdate.exe (PID: 8892)
      • afwServ.exe (PID: 8204)
      • AvastSvc.exe (PID: 6260)
      • aswToolsSvc.exe (PID: 3944)
      • aswidsagent.exe (PID: 9048)
      • icarus.exe (PID: 9968)
      • AvastUI.exe (PID: 3832)

    • Creates files in the program directory

      • avast_free_antivirus_online_setup.exe (PID: 7052)
      • icarus_ui.exe (PID: 7984)
      • icarus.exe (PID: 1040)
      • icarus.exe (PID: 5968)
      • icarus.exe (PID: 2620)
      • engsup.exe (PID: 8480)
      • AvEmUpdate.exe (PID: 8848)
      • AvEmUpdate.exe (PID: 8892)
      • wsc_proxy.exe (PID: 9152)
      • afwServ.exe (PID: 8204)
      • AvastSvc.exe (PID: 6260)
      • aswToolsSvc.exe (PID: 3944)
      • aswidsagent.exe (PID: 9048)
      • icarus.exe (PID: 9468)
      • icarus_ui.exe (PID: 9840)
      • AvastNM.exe (PID: 10100)
      • AvastUI.exe (PID: 3832)
      • engsup.exe (PID: 8364)
      • aswOfferTool.exe (PID: 9308)

    • Creates files or folders in the user directory

      • icarus_ui.exe (PID: 7984)
      • AvastUI.exe (PID: 3832)
      • AvastUI.exe (PID: 4780)

    • The sample compiled with czech language support

      • icarus.exe (PID: 1040)

    • Process checks computer location settings

      • aswToolsSvc.exe (PID: 3944)
      • AvastSvc.exe (PID: 6260)
      • AvastUI.exe (PID: 3832)
      • AvastUI.exe (PID: 9704)
      • AvastUI.exe (PID: 8396)
      • AvastUI.exe (PID: 6808)
      • AvastUI.exe (PID: 8336)

    • Reads the time zone

      • aswidsagent.exe (PID: 9048)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • aswidsagent.exe (PID: 9048)

    • Reads product name

      • aswidsagent.exe (PID: 9048)

    • Launching a file from a Registry key

      • icarus.exe (PID: 1040)

    • Manual execution by a user

      • AvastUI.exe (PID: 3832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
245
Monitored processes
95
Malicious processes
38
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs avast_free_antivirus_online_instellen.exe no specs avast_free_antivirus_online_instellen.exe avast_free_antivirus_online_setup.exe icarus.exe icarus_ui.exe slui.exe icarus.exe icarus.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs engsup.exe setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs afwserv.exe no specs avastsvc.exe aswtoolssvc.exe aswengsrv.exe msedge.exe no specs aswidsagent.exe no specs wpr.exe no specs conhost.exe no specs icarus.exe msedge.exe no specs icarus.exe unsecapp.exe no specs icarus.exe icarus.exe no specs icarus.exe no specs icarus_ui.exe no specs avastnm.exe no specs avastui.exe overseer.exe engsup.exe aswoffertool.exe icarus.exe aswoffertool.exe no specs avastui.exe avastui.exe no specs avastui.exe no specs avastui.exe avastui.exe no specs avastui.exe no specs avastui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7480,i,13581114246157957604,17054275882066699244,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
432"C:\Program Files\Avast Software\Avast\aswEngSrv.exe" /pipename="2B527289-6D13-F636-F02D-D6683337F8EA" /binpath="C:\Program Files\Avast Software\Avast" /logpath="C:\ProgramData\Avast Software\Avast\log"C:\Program Files\Avast Software\Avast\aswEngSrv.exe
AvastSvc.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
Avast Antivirus engine server
Version:
25.6.10221.0
Modules
Images
c:\program files\avast software\avast\aswengsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ole32.dll
472\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewpr.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040C:\WINDOWS\Temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\avast-av\icarus.exe /cookie:mmm_ava_999_999_a9g_m:dlid_FAV-ONLINE-HP /edat_dir:C:\WINDOWS\Temp\asw.2456f33b78518571 /geo:NL /track-guid:d92f82e8-c137-4c24-ab62-1385fc4e471d /sssid:7052 /er_master:master_ep_8b28f69b-aaa3-491b-9149-6769d999670f /er_ui:ui_ep_7cecb32a-cc79-4391-8ce5-4795b99d257e /er_slave:avast-av_slave_ep_e4f9e961-d501-4aff-9eed-7e6b7ee7b943 /slave:avast-avC:\Windows\Temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\avast-av\icarus.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Installer
Exit code:
0
Version:
25.6.9397.0
Modules
Images
c:\windows\temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\avast-av\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6020,i,13581114246157957604,17054275882066699244,262144 --variations-seed-version --mojo-platform-channel-handle=1508 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1844"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=8536,i,13581114246157957604,17054275882066699244,262144 --variations-seed-version --mojo-platform-channel-handle=8772 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2220"C:\Program Files\Common Files\Avast Software\Icarus\avast-av-vps\icarus.exe" /checkforupdates:avast-av-vps /silentC:\Program Files\Common Files\Avast Software\Icarus\avast-av-vps\icarus.exe
AvastSvc.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
Avast Installer
Exit code:
0
Version:
25.6.9397.0
Modules
Images
c:\program files\common files\avast software\icarus\avast-av-vps\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\avast software\avast\aswhook.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2464"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=8140,i,13581114246157957604,17054275882066699244,262144 --variations-seed-version --mojo-platform-channel-handle=8180 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2620C:\WINDOWS\Temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\common\icarus.exe /icarus-info-path:C:\WINDOWS\Temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\icarus-info.xml /install /cookie:mmm_ava_999_999_a9g_m:dlid_FAV-ONLINE-HP /edat_dir:C:\WINDOWS\Temp\asw.2456f33b78518571 /geo:NL /track-guid:d92f82e8-c137-4c24-ab62-1385fc4e471d /sssid:7052C:\Windows\Temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\common\icarus.exe
avast_free_antivirus_online_setup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Installer
Version:
25.6.9397.0
Modules
Images
c:\windows\temp\asw-fda8dc53-ecf7-41c6-98fc-8cfbb7721133\common\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ucrtbase.dll
2692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2748,i,13581114246157957604,17054275882066699244,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
62 505
Read events
61 412
Write events
981
Delete events
112

Modification events

(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4724) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
FAE90B8DC8982F00
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394006
Operation:writeName:WindowTabManagerFileMappingId
Value:
{38E5B4D1-1C5F-466E-9F2E-6C78CFDD608D}
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394006
Operation:writeName:WindowTabManagerFileMappingId
Value:
{58D68235-4069-4F93-B41B-F82983532E24}
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394006
Operation:writeName:WindowTabManagerFileMappingId
Value:
{F049EA10-AC8F-4500-8B91-92E78DB85ED8}
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394006
Operation:writeName:WindowTabManagerFileMappingId
Value:
{8D7E16BC-7898-4FB1-B959-A5294BE1F2D2}
(PID) Process:(4724) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394006
Operation:writeName:WindowTabManagerFileMappingId
Value:
{A6EC353C-DDEF-4004-8FAB-6B6226FF41FA}
Executable files
800
Suspicious files
2 367
Text files
468
Unknown types
6

Dropped files

PID
Process
Filename
Type
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18d24f.TMP
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18d24f.TMP
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18d25e.TMP
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF18d25e.TMP
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF18d25e.TMP
MD5:
SHA256:
4724msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
145
TCP/UDP connections
348
DNS requests
366
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7032
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:ouS9nu2Gwz0v0Oa15dVFFECjQbr8C67STh6ud4piWDU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7876
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4032
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7108
avast_free_antivirus_online_instellen.exe
POST
200
142.250.184.238:80
http://www.google-analytics.com/collect
unknown
whitelisted
7876
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7984
icarus_ui.exe
GET
200
142.250.74.195:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
7108
avast_free_antivirus_online_instellen.exe
POST
200
142.250.184.238:80
http://www.google-analytics.com/collect
unknown
whitelisted
7984
icarus_ui.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5968
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7032
msedge.exe
2.19.225.229:80
www.avast.com
AKAMAI-AS
FR
whitelisted
7032
msedge.exe
13.107.43.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7032
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7032
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7032
msedge.exe
2.19.225.229:443
www.avast.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 172.217.16.206
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.43.16
whitelisted
www.avast.com
  • 2.19.225.229
whitelisted
copilot.microsoft.com
  • 92.123.104.47
  • 92.123.104.53
whitelisted
static3.avast.com
  • 23.212.218.111
whitelisted
www.bing.com
  • 92.123.104.41
  • 92.123.104.38
  • 92.123.104.37
  • 92.123.104.31
  • 92.123.104.35
  • 92.123.104.36
  • 92.123.104.33
  • 92.123.104.30
  • 92.123.104.32
  • 92.123.104.23
  • 92.123.104.18
  • 92.123.104.26
  • 92.123.104.19
  • 92.123.104.20
  • 92.123.104.22
  • 92.123.104.24
  • 92.123.104.21
  • 2.16.241.207
  • 2.16.241.204
  • 2.16.241.205
  • 2.16.241.206
  • 2.16.241.218
  • 2.16.241.216
  • 2.16.241.222
  • 2.16.241.201
  • 2.16.241.225
whitelisted
cdn.cookielaw.org
  • 104.18.86.42
  • 104.18.87.42
whitelisted
static.avast.com
  • 23.212.218.111
whitelisted

Threats

PID
Process
Class
Message
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
7108
avast_free_antivirus_online_instellen.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7032
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
AvastSvc.exe
[2025-07-18 11:20:09.309] [error ] [events_rep ] [ 6260: 7332] [A3380B: 49] asw::burger_event::regular_burger_event_reporter_holder::start_all : starting of class asw::burger_event::data_sharing_preference_report failed with an exception : Identity of Burger client was not set.
AvastSvc.exe
[2025-07-18 11:20:12.353] [error ] [dnsdoh ] [ 6260: 8892] [A9C6CF: 73] failed to restore usage statistics Exception: corrupted file
AvastSvc.exe
[2025-07-18 11:20:12.970] [error ] [tasks ] [ 6260: 6796] [526EA1: 321] task Burger::EventConsumer::OnFlush: failed without a caller check. Exception: Identity of Burger client was not set.
AvastSvc.exe
[2025-07-18 11:20:13.520] [info ] [nsf_urlinfo] [ 6260: 8892] [DAC2A0: 46] Starting UrlInfo
AvastSvc.exe
[2025-07-18 11:20:13.520] [info ] [nsf_urlinfo] [ 6260: 8892] [BE5A29: 39] Initialize UrlInfoMgr
AvastSvc.exe
[2025-07-18 11:20:13.710] [info ] [nsf_urlinfo] [ 6260: 8892] [BE5A29: 72] UrlInfoMgr initialized
AvastSvc.exe
[2025-07-18 11:20:15.091] [error ] [tasks ] [ 6260: 2148] [875544: 321] task wait_for_request_handler_data svc.alpha.GetOneMigrationData: failed without a caller check. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
AvastSvc.exe
[2025-07-18 11:20:23.110] [error ] [evnt_mgr ] [ 6260: 6208] [39A8FE: 501] Set options and identity failed. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
AvastSvc.exe
[2025-07-18 11:20:23.812] [error ] [evnt_mgr ] [ 6260: 6208] [39A8FE: 501] Set options and identity failed. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
AvastSvc.exe
[2025-07-18 11:20:25.056] [error ] [evnt_mgr ] [ 6260: 3860] [39A8FE: 501] Set options and identity failed. Exception: Unable to convert module "pam" to product enum. Code: 0x00000057 (87)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.avast.com/