File name:

avast_breach_guard_online_setup.exe

Full analysis: https://app.any.run/tasks/80aadd2e-bed1-4372-a400-ed9bc39af236
Verdict: Malicious activity
Analysis date: April 20, 2024, 17:20:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CAB5D0169EBA35BA3896585A2E2FC761

SHA1:

316B0DCC5CBCC39374AEF171D10EB0FAFB7BFB06

SHA256:

70FEACA7CAC81F7F2F8F7AF2EBEE99C44C2B256AA462844396948AC869E05498

SSDEEP:

49152:AetaPFJkajOGl1BUVhyyXd/w0cQlPSz+iJ2Y3g521AY/7/FAi6f8:ASaB2V5SzPF3g521p7/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • avast_breach_guard_online_setup.exe (PID: 1376)
      • icarus.exe (PID: 4092)
      • icarus.exe (PID: 3692)

    • Creates a writable file in the system directory

      • icarus.exe (PID: 3692)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • avast_breach_guard_online_setup.exe (PID: 1376)

    • Executable content was dropped or overwritten

      • avast_breach_guard_online_setup.exe (PID: 1376)
      • icarus.exe (PID: 3692)
      • icarus.exe (PID: 4092)

    • Starts itself from another location

      • icarus.exe (PID: 4092)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 3692)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 3692)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 3692)

  • INFO

    • Creates files in the program directory

      • icarus.exe (PID: 4092)
      • avast_breach_guard_online_setup.exe (PID: 1376)
      • icarus_ui.exe (PID: 3892)
      • icarus.exe (PID: 3692)

    • Reads the machine GUID from the registry

      • icarus.exe (PID: 4092)
      • avast_breach_guard_online_setup.exe (PID: 1376)
      • icarus_ui.exe (PID: 3892)
      • icarus.exe (PID: 3692)

    • Reads the computer name

      • icarus.exe (PID: 4092)
      • avast_breach_guard_online_setup.exe (PID: 1376)
      • icarus_ui.exe (PID: 3892)
      • icarus.exe (PID: 3692)

    • Checks supported languages

      • avast_breach_guard_online_setup.exe (PID: 1376)
      • icarus.exe (PID: 4092)
      • icarus_ui.exe (PID: 3892)
      • icarus.exe (PID: 3692)

    • Reads the software policy settings

      • avast_breach_guard_online_setup.exe (PID: 1376)

    • Create files in a temporary directory

      • icarus.exe (PID: 4092)
      • icarus.exe (PID: 3692)

    • Reads CPU info

      • icarus.exe (PID: 4092)
      • icarus_ui.exe (PID: 3892)
      • icarus.exe (PID: 3692)

    • Dropped object may contain TOR URL's

      • icarus.exe (PID: 3692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:11:06 17:01:27+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.37
CodeSize: 942080
InitializedDataSize: 485888
UninitializedDataSize: -
EntryPoint: 0x50e40
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 23.8.6421.0
ProductVersionNumber: 24.1.2197.8110
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Avast Software
FileDescription: Avast Self-Extract Package
FileVersion: 23.8.6421.0
InternalName: icarus_sfx
LegalCopyright: Copyright © 2023 Avast Software
MainProductId: avast-bg
OriginalFileName: icarus_sfx.exe
ProductId: avast-icarus
ProductName: Avast Installer
ProductVersion: 24.1.2197.8110
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avast_breach_guard_online_setup.exe icarus.exe icarus_ui.exe no specs icarus.exe avast_breach_guard_online_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1376"C:\Users\admin\Desktop\avast_breach_guard_online_setup.exe" C:\Users\admin\Desktop\avast_breach_guard_online_setup.exe
explorer.exe
User:
admin
Company:
Avast Software
Integrity Level:
HIGH
Description:
Avast Self-Extract Package
Version:
23.8.6421.0
Modules
Images
c:\users\admin\desktop\avast_breach_guard_online_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2764"C:\Users\admin\Desktop\avast_breach_guard_online_setup.exe" C:\Users\admin\Desktop\avast_breach_guard_online_setup.exeexplorer.exe
User:
admin
Company:
Avast Software
Integrity Level:
MEDIUM
Description:
Avast Self-Extract Package
Exit code:
3221226540
Version:
23.8.6421.0
Modules
Images
c:\users\admin\desktop\avast_breach_guard_online_setup.exe
c:\windows\system32\ntdll.dll
3692C:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\avast-bg\icarus.exe /sssid:1376 /er_master:master_ep_a37d3979-acf5-4b38-bbb6-ddd6ccac84fe /er_ui:ui_ep_93810709-965c-4379-9624-8075e8754a92 /er_slave:avast-bg_slave_ep_df105cf6-59aa-46ae-bf2d-095d0b569f15 /slave:avast-bgC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\avast-bg\icarus.exe
icarus.exe
User:
admin
Company:
Avast Software
Integrity Level:
HIGH
Description:
Avast Installer
Version:
23.8.6421.0
Modules
Images
c:\windows\temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\avast-bg\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3892C:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\icarus_ui.exe /sssid:1376 /er_master:master_ep_a37d3979-acf5-4b38-bbb6-ddd6ccac84fe /er_ui:ui_ep_93810709-965c-4379-9624-8075e8754a92C:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\icarus_ui.exeicarus.exe
User:
admin
Company:
Avast Software
Integrity Level:
HIGH
Description:
Avast UI
Version:
23.8.6421.0
Modules
Images
c:\windows\temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\icarus_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
4092C:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\icarus-info.xml /install /sssid:1376C:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\icarus.exe
avast_breach_guard_online_setup.exe
User:
admin
Company:
Avast Software
Integrity Level:
HIGH
Description:
Avast Installer
Version:
23.8.6421.0
Modules
Images
c:\windows\temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
5 320
Read events
5 287
Write events
29
Delete events
4

Modification events

(PID) Process:(1376) avast_breach_guard_online_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1376) avast_breach_guard_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(1376) avast_breach_guard_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(1376) avast_breach_guard_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(1376) avast_breach_guard_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(4092) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
3236cbd2-6a72-432a-9f38-addb827a715f
(PID) Process:(4092) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
3236cbd2-6a72-432a-9f38-addb827a715f
(PID) Process:(4092) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
138F65F3DE11A9670C8CF1AB7F8C2DEC
(PID) Process:(4092) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
138F65F3DE11A9670C8CF1AB7F8C2DEC
(PID) Process:(4092) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAe/dyDYxzzkqHTxQJshWdTwQAAAACAAAAAAAQZgAAAAEAACAAAACajq2fusgKHID90EPIqmKBDInh2GFyHXEUffVdAmDJWgAAAAAOgAAAAAIAACAAAACTrD1nK9koq+pmicuqrcEo54T2XN0O0DfhGZAM5bm0FlAAAADND+DN4mgEzSLiORCLpBZvZOP/+6UwnFslAIxxjdmT0J9E8SMp21eatjBk8oNA3Tnu1tBuBj/YcGOdal+IV5PIYS5ldmOr3M+TXKhpvoQITUAAAABAi34Zzp4/DS6+N/GWA+6ZQ0CAfxq4IIbKXOfnGGXSJD6CtDtF+rYclntASgj/fuJr76FzGnZB3yXFcb2N8VpE
Executable files
100
Suspicious files
75
Text files
55
Unknown types
29

Dropped files

PID
Process
Filename
Type
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\product-def.xmlxml
MD5:977C61A9E58A8C5CDF2CCBD5B2F0291A
SHA256:C49CFAAD6CB67F544A272939053BAA7FD558192BD2282B18E08F80DAC1731B82
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\dump_process.exeexecutable
MD5:C0432CD0243C0A2099CD41BC23284188
SHA256:303F7610B714510DC725510B907139F3F81AE85CB551B67DBD29FB47F162D30A
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\f736a02f-cdb6-4658-a6f6-af35c5c0c70fbinary
MD5:9CB4EA719176D2195CB0D8F5C9E60495
SHA256:46FD84BB6A16EE6F34B8CC6A3846F5E9822A568EBDF8E8BCECBC5D6B52215C13
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\f080fc08-9f20-41da-9847-6e5e3915de71lzma
MD5:38BE1CB1B7877A8792D8E1AEACE8C240
SHA256:B468F836B768FCD817B23FCBA4735267D22985279B5119F9356D5F92AA700B4A
4092icarus.exeC:\ProgramData\Avast Software\Icarus\Logs\report.log
MD5:
SHA256:
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\81f10611-668e-4762-936a-faca9432efbabinary
MD5:7D92135343B50EAB0B12450481EDD5F4
SHA256:F4E2E754D54DF1A9FA335FEEEF4018822151E324539E25E2FD0B456D5E01C980
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\eapt.edattext
MD5:4B9DDB0551BAC1A3A2380A356118EEE5
SHA256:32B4881169C5E1B6D8E25538B406477AA9499C9E4E03FEF89FA120783C2DCA7B
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\e0c934c3-97d1-43e0-8320-cc223c293379lzma
MD5:0C9209B2E952291B2F41876D2B9A6C01
SHA256:A2AF4D7C4B416712103E42D117B47762865F9F1EC0FD3E835F8211B07C005DD4
1376avast_breach_guard_online_setup.exeC:\Windows\Temp\asw-30f820fe-e669-4d24-8c3f-7b43773686a7\common\9a41616d-7076-4b79-8a14-61daa889f35ebinary
MD5:7AEE32B7F0D4F7B8791F30A1F57DD0AD
SHA256:1C5FE094ED5EF269B8ACEFEF6117DB324AA453A4B7C1803EAEE78BDDE4FC675A
1376avast_breach_guard_online_setup.exeC:\ProgramData\Avast Software\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
21
DNS requests
21
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
1376
avast_breach_guard_online_setup.exe
34.117.223.223:443
analytics.avcdn.net
GOOGLE-CLOUD-PLATFORM
US
unknown
1376
avast_breach_guard_online_setup.exe
23.32.101.67:443
honzik.avcdn.net
AKAMAI-AS
SE
unknown
4092
icarus.exe
34.117.223.223:443
analytics.avcdn.net
GOOGLE-CLOUD-PLATFORM
US
unknown
4092
icarus.exe
34.160.176.28:443
shepherd.ff.avast.com
GOOGLE
US
unknown
4092
icarus.exe
23.32.101.67:443
honzik.avcdn.net
AKAMAI-AS
SE
unknown
3692
icarus.exe
23.32.101.67:443
honzik.avcdn.net
AKAMAI-AS
SE
unknown

DNS requests

Domain
IP
Reputation
analytics.avcdn.net
  • 34.117.223.223
unknown
honzik.avcdn.net
  • 23.32.101.67
  • 2a02:26f0:3100:1aa::240d
  • 2a02:26f0:3100:1a3::240d
unknown
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avast_breach_guard_online_setup.exe