File name:

avg_antivirus_free_setup.exe

Full analysis: https://app.any.run/tasks/88b6baa8-8bbe-4743-aad7-74c1ecebb911
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 19, 2024, 17:22:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2FB927C7CC366B03CA1828CD40860770

SHA1:

F5E742609E2D2316FB4DA3AF215012F819804598

SHA256:

85DAEDC0863AD82FC79BCDF3F5F6D48798717806067B341DA1DDE21168208BC3

SSDEEP:

3072:hhrEcYTuZF3sDmYFDL56DLiSNMWm5RC3Oy1jjHfJWcCAnzuVmoP7wxi6yd+gf8+t:BYTuZFuB66SBRHJWcPz8/JrL9/w

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • avg_antivirus_free_setup.exe (PID: 3328)
      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • aswOfferTool.exe (PID: 7764)
      • aswOfferTool.exe (PID: 4360)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • avg_antivirus_free_setup.exe (PID: 3328)
      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • aswOfferTool.exe (PID: 7764)
      • aswOfferTool.exe (PID: 4360)

    • Starts itself from another location

      • icarus.exe (PID: 4076)
      • aswOfferTool.exe (PID: 7764)

    • Likely accesses (executes) a file from the Public directory

      • aswOfferTool.exe (PID: 4360)

  • INFO

    • Checks supported languages

      • avg_antivirus_free_setup.exe (PID: 3328)
      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • icarus_ui.exe (PID: 1096)
      • icarus.exe (PID: 6984)
      • icarus.exe (PID: 7084)
      • aswOfferTool.exe (PID: 4360)
      • aswOfferTool.exe (PID: 7764)

    • Reads the machine GUID from the registry

      • avg_antivirus_free_setup.exe (PID: 3328)
      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • icarus_ui.exe (PID: 1096)
      • icarus.exe (PID: 7084)
      • icarus.exe (PID: 6984)

    • Reads the computer name

      • avg_antivirus_free_setup.exe (PID: 3328)
      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • icarus_ui.exe (PID: 1096)
      • icarus.exe (PID: 7084)
      • icarus.exe (PID: 6984)
      • aswOfferTool.exe (PID: 7764)

    • Creates files in the program directory

      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • icarus_ui.exe (PID: 1096)
      • icarus.exe (PID: 7084)

    • Reads the software policy settings

      • avg_antivirus_free_setup.exe (PID: 3328)
      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • slui.exe (PID: 5748)
      • icarus.exe (PID: 4076)

    • Checks proxy server information

      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • slui.exe (PID: 5748)
      • icarus.exe (PID: 4076)

    • Create files in a temporary directory

      • avg_antivirus_free_online_setup.exe (PID: 7608)
      • icarus.exe (PID: 4076)
      • icarus.exe (PID: 6984)
      • icarus.exe (PID: 7084)

    • Reads CPU info

      • icarus.exe (PID: 4076)
      • icarus_ui.exe (PID: 1096)
      • icarus.exe (PID: 6984)
      • icarus.exe (PID: 7084)

    • Dropped object may contain TOR URL's

      • icarus.exe (PID: 4076)
      • aswOfferTool.exe (PID: 7764)

    • Reads Environment values

      • icarus.exe (PID: 7084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:04:12 08:36:29+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 137216
InitializedDataSize: 89088
UninitializedDataSize: -
EntryPoint: 0x1020
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.1.99.0
ProductVersionNumber: 2.1.99.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: AVG Technologies CZ, s.r.o.
Edition: 15
FileDescription: AVG Installer
FileVersion: 2.1.99.0
InternalName: microstub
LegalCopyright: Copyright (C) 2023 AVG Technologies CZ, s.r.o.
OriginalFileName: microstub.exe
ProductName: AVG
ProductVersion: 2.1.99.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
11
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start avg_antivirus_free_setup.exe slui.exe no specs avg_antivirus_free_online_setup.exe slui.exe icarus.exe icarus_ui.exe no specs icarus.exe no specs icarus.exe no specs aswoffertool.exe aswoffertool.exe avg_antivirus_free_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1096C:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus_ui.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\WINDOWS\Temp\asw.d9fa3473777e2ed5 /track-guid:5986c3c3-1e87-4639-90d3-5baaa4b99b48 /sssid:7608 /er_master:master_ep_3372e839-1fc0-4e03-bd26-b967371ebb33 /er_ui:ui_ep_9539fee3-ebf4-42a9-9799-2acacee6e15fC:\Windows\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus_ui.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG UI
Version:
24.6.7511.0
Modules
Images
c:\windows\temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ucrtbase.dll
3328"C:\Users\admin\Desktop\avg_antivirus_free_setup.exe" C:\Users\admin\Desktop\avg_antivirus_free_setup.exe
explorer.exe
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
2.1.99.0
Modules
Images
c:\users\admin\desktop\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4076C:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus.exe /icarus-info-path:C:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\icarus-info.xml /install /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\WINDOWS\Temp\asw.d9fa3473777e2ed5 /track-guid:5986c3c3-1e87-4639-90d3-5baaa4b99b48 /sssid:7608C:\Windows\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus.exe
avg_antivirus_free_online_setup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
24.6.7511.0
Modules
Images
c:\windows\temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\winhttp.dll
4360"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFCC:\Users\Public\Documents\aswOfferTool.exe
aswOfferTool.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Offer Installation Tool
Exit code:
0
Version:
24.6.7511.0
Modules
Images
c:\users\public\documents\aswoffertool.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcp_win.dll
5748C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6800"C:\Users\admin\Desktop\avg_antivirus_free_setup.exe" C:\Users\admin\Desktop\avg_antivirus_free_setup.exeexplorer.exe
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
MEDIUM
Description:
AVG Installer
Exit code:
3221226540
Version:
2.1.99.0
Modules
Images
c:\users\admin\desktop\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6972C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6984C:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\avg-av-vps\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\WINDOWS\Temp\asw.d9fa3473777e2ed5 /track-guid:5986c3c3-1e87-4639-90d3-5baaa4b99b48 /sssid:7608 /er_master:master_ep_3372e839-1fc0-4e03-bd26-b967371ebb33 /er_ui:ui_ep_9539fee3-ebf4-42a9-9799-2acacee6e15f /er_slave:avg-av-vps_slave_ep_16618284-afc2-4838-aff6-a3af9e55dc5c /slave:avg-av-vpsC:\Windows\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\avg-av-vps\icarus.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
24.6.7590.0
Modules
Images
c:\windows\temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\avg-av-vps\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
7084C:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\avg-av\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\WINDOWS\Temp\asw.d9fa3473777e2ed5 /track-guid:5986c3c3-1e87-4639-90d3-5baaa4b99b48 /sssid:7608 /er_master:master_ep_3372e839-1fc0-4e03-bd26-b967371ebb33 /er_ui:ui_ep_9539fee3-ebf4-42a9-9799-2acacee6e15f /er_slave:avg-av_slave_ep_1822a4b2-23bb-4675-b1c7-67cabf8623e4 /slave:avg-avC:\Windows\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\avg-av\icarus.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
24.6.7511.0
Modules
Images
c:\windows\temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\avg-av\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\winhttp.dll
7608"C:\WINDOWS\Temp\asw.d9fa3473777e2ed5\avg_antivirus_free_online_setup.exe" /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /ga_clientid:5986c3c3-1e87-4639-90d3-5baaa4b99b48 /edat_dir:C:\WINDOWS\Temp\asw.d9fa3473777e2ed5C:\Windows\Temp\asw.d9fa3473777e2ed5\avg_antivirus_free_online_setup.exe
avg_antivirus_free_setup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Self-Extract Package
Version:
24.6.7511.0
Modules
Images
c:\windows\temp\asw.d9fa3473777e2ed5\avg_antivirus_free_online_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
Total events
16 114
Read events
16 085
Write events
29
Delete events
0

Modification events

(PID) Process:(3328) avg_antivirus_free_setup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\WINDOWS\Temp\asw.d9fa3473777e2ed5
(PID) Process:(7608) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(7608) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(7608) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAb/itXNi0r0S04bKqrtyaiwQAAAACAAAAAAAQZgAAAAEAACAAAACedUTb2BoTuvHKiGAYriPDWTbfwq6NO5qjemLGaoCZywAAAAAOgAAAAAIAACAAAAD6qAMkSBFCMTFvxjkkBqog5bln5zyCT3XmUmOkrezHq1AAAACNH6FZ13n0NBcd4Zw12hktEXCpMMJQ2UOENnFhPVZJebklAVLtrTSrEkn7DwwC9pTxSHMW4Q4YBIVJEgaqCsReuq1UUpKwrIV90/t52BBes0AAAADAx9zSiYnuy49b2CaBW/v3vXzalbwJ1xceYgBCGz3ZD+99aGJdIYBamYot359nzhFXfwve1AQrzGwkoKbRMx4i
(PID) Process:(7608) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAb/itXNi0r0S04bKqrtyaiwQAAAACAAAAAAAQZgAAAAEAACAAAACedUTb2BoTuvHKiGAYriPDWTbfwq6NO5qjemLGaoCZywAAAAAOgAAAAAIAACAAAAD6qAMkSBFCMTFvxjkkBqog5bln5zyCT3XmUmOkrezHq1AAAACNH6FZ13n0NBcd4Zw12hktEXCpMMJQ2UOENnFhPVZJebklAVLtrTSrEkn7DwwC9pTxSHMW4Q4YBIVJEgaqCsReuq1UUpKwrIV90/t52BBes0AAAADAx9zSiYnuy49b2CaBW/v3vXzalbwJ1xceYgBCGz3ZD+99aGJdIYBamYot359nzhFXfwve1AQrzGwkoKbRMx4i
(PID) Process:(7608) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
ebf0f152-e569-4989-8ddc-8537489a0dd4
(PID) Process:(7608) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
ebf0f152-e569-4989-8ddc-8537489a0dd4
(PID) Process:(4076) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
ebf0f152-e569-4989-8ddc-8537489a0dd4
(PID) Process:(4076) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
ebf0f152-e569-4989-8ddc-8537489a0dd4
(PID) Process:(4076) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
Executable files
21
Suspicious files
21
Text files
21
Unknown types
0

Dropped files

PID
Process
Filename
Type
3328avg_antivirus_free_setup.exeC:\windows\temp\asw.d9fa3473777e2ed5\ecoo.edattext
MD5:AAA8F0CA4ACC800E63EC0CC3F9598380
SHA256:9FA614083EBC934B52510CC41EB3246E1B0D199329AB1FD3AEA08A5BCE62BCDF
7608avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3binary
MD5:51CACEA0FBAE8346C20FB94EFEEF8809
SHA256:5749457FC3E5EE160FE41B6BC0743A890B38FD3F09965828BD19FE269E5BD434
7608avg_antivirus_free_online_setup.exeC:\ProgramData\AVG\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
3328avg_antivirus_free_setup.exeC:\WINDOWS\Temp\asw.d9fa3473777e2ed5\avg_antivirus_free_online_setup.exeexecutable
MD5:89799311702BD341AA9B7DAEE903B5C2
SHA256:FDD5DB7B0BA463D31FC12A0478854E393E02102164F6B19CEBB7CD3AC496E2D3
7608avg_antivirus_free_online_setup.exeC:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus_mod.dllexecutable
MD5:F37B83A39F1C7B6A87D0C4B41091CD87
SHA256:DBEFC0C1A7785FE08AE05046F72095ACF3F3BFC348D370C99E4AC05B09C7EF46
7608avg_antivirus_free_online_setup.exeC:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\3503039f-9de4-4579-9f6f-4151d2879e96compressed
MD5:FB9FBA796A334A0FAAC0357771F24332
SHA256:A155D1A1917ADE8CB53877A578650EBA018745E165253E1D546A4901FC1D4A64
7608avg_antivirus_free_online_setup.exeC:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\icarus.exeexecutable
MD5:251369428A0E2D87308E7A9FAA387270
SHA256:2445F8A0B75BEB1A77428C2D605189876222FB9D53E3B187F7B7FE8ABE3386C0
7608avg_antivirus_free_online_setup.exeC:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\product-info.xmlxml
MD5:1CD82588F7C425083E7C2DF8D3A635DA
SHA256:275E2B5FDA8C7924DAC945914CA156E4B5A6D7C76947D7299A7B907D798DE199
7608avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0binary
MD5:14D02FDEC609E3A765B514DD24A13EE7
SHA256:971917228F65276A1356C77D9A71CF10E9C3B3AE6890F2CCC74A46D5AA22DEB8
7608avg_antivirus_free_online_setup.exeC:\WINDOWS\Temp\asw-1f7dc815-8f5f-4503-be81-1b158c3f1b32\common\bug_report.exeexecutable
MD5:B269C45CA54AF5B57A5B2115D9CDB8D5
SHA256:D9367C5E474BCA83CB06F583F2FB42EF2517D769CC82722201A0902C0B90A32A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
44
TCP/UDP connections
60
DNS requests
60
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
216.239.32.178:80
http://www.google-analytics.com/collect
unknown
unknown
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
unknown
GET
200
20.3.187.198:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
GET
200
23.32.101.67:443
https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
unknown
executable
1.55 Mb
POST
200
20.86.201.138:443
https://arc.msn.com/v4/api/register?asid=5230A7E707734FA481E2616B7580E005&placement=cdmdevreg&country=US&locale=en-US&poptin=0&fmt=json&arch=AMD64&chassis=1&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19045.4046&dinst=1661339444&dmret=0&flightbranch=&flightring=Retail&icluc=0&localid=w%3AAC7699B0-48EA-FD22-C8DC-06A02098A0F0&oem=DELL&osbranch=vb_release&oslocale=en-US&osret=1&ossku=Professional&osskuid=48&prccn=4&prccs=3094&prcmf=AuthenticAMD&procm=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&ram=4096&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=15.3&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=260281&frdsk=218542&lo=3610641&tsu=1001171
unknown
POST
20.190.160.17:443
https://login.live.com/RST2.srf
unknown
GET
200
184.86.251.4:443
https://www.bing.com/client/config?cc=US&setlang=en-US
unknown
binary
2.15 Kb
GET
200
23.32.101.67:443
https://honzik.avcdn.net/universe/dbef/c0c1/a778/dbefc0c1a7785fe08ae05046f72095acf3f3bfc348d370c99e4ac05b09c7ef46.lzma
unknown
binary
9.34 Kb
GET
200
23.32.101.67:443
https://honzik.avcdn.net/defs/avg-av/release.xml.lzma
unknown
binary
2.63 Kb
GET
200
20.223.35.26:443
https://fd.api.iris.microsoft.com/v4/api/selection?&asid=DB87FD734D26419EA5C9FA1C0F902C1D&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&arch=AMD64&chassis=1&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19045.4046&dinst=1661339444&dmret=0&flightbranch=&flightring=Retail&icluc=0&localid=w%3AAC7699B0-48EA-FD22-C8DC-06A02098A0F0&oem=DELL&osbranch=vb_release&oslocale=en-US&osret=1&ossku=Professional&osskuid=48&prccn=4&prccs=3094&prcmf=AuthenticAMD&procm=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&ram=4096&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=15.3&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=260281&frdsk=218542&lo=3610641&tsu=1001171
unknown
binary
102 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4716
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
192.168.100.255:137
whitelisted
5620
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7856
svchost.exe
4.209.32.198:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
3328
avg_antivirus_free_setup.exe
34.117.223.223:80
v7event.stats.avast.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3328
avg_antivirus_free_setup.exe
23.32.101.67:443
honzik.avcdn.net
AKAMAI-AS
SE
unknown
3328
avg_antivirus_free_setup.exe
216.239.32.178:80
www.google-analytics.com
GOOGLE
US
unknown
8108
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.0
  • 20.190.159.64
  • 40.126.31.67
  • 20.190.159.75
  • 20.190.159.68
  • 20.190.159.71
  • 20.190.159.73
  • 40.126.31.71
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.78
whitelisted
v7event.stats.avast.com
  • 34.117.223.223
whitelisted
honzik.avcdn.net
  • 23.32.101.67
  • 23.212.89.10
  • 2a02:26f0:7100:9b0::240d
  • 2a02:26f0:7100:9a4::240d
whitelisted
www.google-analytics.com
  • 216.239.32.178
  • 216.239.38.178
  • 216.239.34.178
  • 216.239.36.178
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
www.bing.com
  • 184.86.251.5
  • 184.86.251.4
  • 184.86.251.24
  • 184.86.251.16
  • 184.86.251.27
  • 184.86.251.20
  • 184.86.251.28
  • 184.86.251.30
  • 184.86.251.19
whitelisted
analytics.avcdn.net
  • 34.117.223.223
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
A Network Trojan was detected
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
A Network Trojan was detected
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
A Network Trojan was detected
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
A Network Trojan was detected
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
A Network Trojan was detected
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
A Network Trojan was detected
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avg_antivirus_free_setup.exe