| File name: | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe |
| Full analysis: | https://app.any.run/tasks/604c34ce-1fe5-4ab2-87c2-208314ec5bd2 |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | August 21, 2025, 10:43:51 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections |
| MD5: | 50F41DFCA71D71341115BDAFB0809115 |
| SHA1: | 940136634045BAE4FD280B585CD396FE327C5AA2 |
| SHA256: | 86EA7316FC12B8268D80ED7408BAF03064302B2868B7697A55E12000BBCE7BA1 |
| SSDEEP: | 6144:oIuaJEM/Jt1zJR+c0mbOoDTOu1hVs9zsq:oIuaJEiH+cBdDqu1hVhq |
MALICIOUS
Steals credentials from Web Browsers
- AvastSvc.exe (PID: 4112)
- aswEngSrv.exe (PID: 5684)
- engsup.exe (PID: 7888)
- AvastUI.exe (PID: 7332)
Changes the autorun value in the registry
- icarus.exe (PID: 536)
Antivirus name has been found in the command line (generic signature)
- AvastUI.exe (PID: 7332)
- AvastUI.exe (PID: 8336)
- AvastUI.exe (PID: 8460)
- AvastUI.exe (PID: 8468)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 8280)
- AvastUI.exe (PID: 4476)
- AvastUI.exe (PID: 8640)
Actions looks like stealing of personal data
- engsup.exe (PID: 7888)
- AvastUI.exe (PID: 7332)
XORed URL has been found (YARA)
- aswEngSrv.exe (PID: 5684)
SUSPICIOUS
Checks for external IP
- svchost.exe (PID: 2200)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- AvEmUpdate.exe (PID: 4916)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- AvastUI.exe (PID: 7332)
Starts itself from another location
- icarus.exe (PID: 1100)
Reads security settings of Internet Explorer
- icarus_ui.exe (PID: 1216)
- AvastSvc.exe (PID: 4112)
- AvastUI.exe (PID: 7332)
The process creates files with name similar to system file names
- icarus.exe (PID: 536)
The process verifies whether the antivirus software is installed
- icarus.exe (PID: 536)
- icarus.exe (PID: 3108)
- engsup.exe (PID: 5652)
- SetupInf.exe (PID: 2312)
- SetupInf.exe (PID: 7008)
- SetupInf.exe (PID: 6428)
- SetupInf.exe (PID: 3572)
- SetupInf.exe (PID: 1644)
- SetupInf.exe (PID: 1236)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- RegSvr.exe (PID: 6668)
- RegSvr.exe (PID: 7060)
- wsc_proxy.exe (PID: 3672)
- wsc_proxy.exe (PID: 5496)
- afwServ.exe (PID: 5352)
- SetupInf.exe (PID: 3584)
- aswToolsSvc.exe (PID: 6704)
- AvastSvc.exe (PID: 4112)
- AvastNM.exe (PID: 7196)
- aswidsagent.exe (PID: 7280)
- aswEngSrv.exe (PID: 5684)
- AvastUI.exe (PID: 7332)
- engsup.exe (PID: 7888)
- icarus.exe (PID: 7204)
- icarus.exe (PID: 1100)
- AvastUI.exe (PID: 8336)
- AvastUI.exe (PID: 8468)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 8460)
- AvastUI.exe (PID: 4476)
- AvastUI.exe (PID: 8280)
- overseer.exe (PID: 7648)
- AvastUI.exe (PID: 8640)
- firefox.exe (PID: 7384)
- firefox.exe (PID: 8476)
- firefox.exe (PID: 8940)
- firefox.exe (PID: 8664)
- firefox.exe (PID: 1052)
- firefox.exe (PID: 2880)
- firefox.exe (PID: 1592)
- firefox.exe (PID: 8160)
- firefox.exe (PID: 8100)
- firefox.exe (PID: 5184)
Process drops legitimate windows executable
- icarus.exe (PID: 536)
The process drops C-runtime libraries
- icarus.exe (PID: 536)
Creates or modifies Windows services
- icarus.exe (PID: 536)
Creates/Modifies COM task schedule object
- icarus.exe (PID: 536)
- RegSvr.exe (PID: 6668)
- RegSvr.exe (PID: 7060)
Creates a software uninstall entry
- icarus.exe (PID: 536)
Process checks presence of unattended files
- icarus.exe (PID: 536)
Creates files in the driver directory
- icarus.exe (PID: 536)
Executes as Windows Service
- wsc_proxy.exe (PID: 5496)
- afwServ.exe (PID: 5352)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- aswidsagent.exe (PID: 7280)
Modifies hosts file to alter network resolution
- AvastSvc.exe (PID: 4112)
Adds/modifies Windows certificates
- AvastSvc.exe (PID: 4112)
Reads the date of Windows installation
- aswidsagent.exe (PID: 7280)
- AvastSvc.exe (PID: 4112)
- AvastUI.exe (PID: 7332)
Checks for Java to be installed
- AvastSvc.exe (PID: 4112)
Application launched itself
- AvastUI.exe (PID: 7332)
Read startup parameters
- aswidsagent.exe (PID: 7280)
- AvastSvc.exe (PID: 4112)
Potential Corporate Privacy Violation
- AvastUI.exe (PID: 7332)
Reads Microsoft Outlook installation path
- AvastSvc.exe (PID: 4112)
Searches for installed software
- AvastSvc.exe (PID: 4112)
- overseer.exe (PID: 7648)
There is functionality for VM detection antiVM strings (YARA)
- aswEngSrv.exe (PID: 5684)
There is functionality for VM detection VirtualBox (YARA)
- aswToolsSvc.exe (PID: 6704)
INFO
Checks supported languages
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 2388)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- avast_free_antivirus_online_setup.exe (PID: 3688)
- icarus.exe (PID: 1100)
- icarus_ui.exe (PID: 1216)
- icarus.exe (PID: 3108)
- icarus.exe (PID: 536)
- engsup.exe (PID: 5652)
- SetupInf.exe (PID: 7008)
- SetupInf.exe (PID: 2312)
- SetupInf.exe (PID: 6428)
- SetupInf.exe (PID: 3572)
- SetupInf.exe (PID: 1644)
- SetupInf.exe (PID: 1236)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- RegSvr.exe (PID: 6668)
- RegSvr.exe (PID: 7060)
- wsc_proxy.exe (PID: 3672)
- wsc_proxy.exe (PID: 5496)
- afwServ.exe (PID: 5352)
- SetupInf.exe (PID: 3584)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- aswEngSrv.exe (PID: 5684)
- AvastNM.exe (PID: 7196)
- aswidsagent.exe (PID: 7280)
- AvastUI.exe (PID: 7332)
- overseer.exe (PID: 7648)
- engsup.exe (PID: 7888)
- icarus.exe (PID: 7204)
- aswOfferTool.exe (PID: 4476)
- icarus.exe (PID: 5904)
- AvastUI.exe (PID: 8336)
- icarus.exe (PID: 7308)
- aswOfferTool.exe (PID: 8480)
- AvastUI.exe (PID: 8460)
- AvastUI.exe (PID: 8468)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 4476)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8280)
- AvastUI.exe (PID: 8640)
The sample compiled with english language support
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 2388)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- avast_free_antivirus_online_setup.exe (PID: 3688)
- icarus.exe (PID: 1100)
- icarus.exe (PID: 536)
- icarus.exe (PID: 3108)
- AvastSvc.exe (PID: 4112)
- aswOfferTool.exe (PID: 4476)
Reads the software policy settings
- avast_free_antivirus_online_setup.exe (PID: 3688)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- icarus_ui.exe (PID: 1216)
- slui.exe (PID: 3852)
- AvEmUpdate.exe (PID: 4916)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- AvastUI.exe (PID: 7332)
Reads the machine GUID from the registry
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 2388)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- icarus.exe (PID: 1100)
- icarus_ui.exe (PID: 1216)
- icarus.exe (PID: 536)
- icarus.exe (PID: 3108)
- avast_free_antivirus_online_setup.exe (PID: 3688)
- wsc_proxy.exe (PID: 3672)
- afwServ.exe (PID: 5352)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- AvastUI.exe (PID: 7332)
- aswidsagent.exe (PID: 7280)
- icarus.exe (PID: 7204)
- icarus.exe (PID: 5904)
- icarus.exe (PID: 7308)
- overseer.exe (PID: 7648)
Reads the computer name
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 2388)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- icarus.exe (PID: 1100)
- icarus_ui.exe (PID: 1216)
- icarus.exe (PID: 536)
- icarus.exe (PID: 3108)
- SetupInf.exe (PID: 7008)
- SetupInf.exe (PID: 2312)
- avast_free_antivirus_online_setup.exe (PID: 3688)
- SetupInf.exe (PID: 6428)
- SetupInf.exe (PID: 3572)
- SetupInf.exe (PID: 1644)
- SetupInf.exe (PID: 1236)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- RegSvr.exe (PID: 6668)
- RegSvr.exe (PID: 7060)
- SetupInf.exe (PID: 3584)
- wsc_proxy.exe (PID: 3672)
- wsc_proxy.exe (PID: 5496)
- afwServ.exe (PID: 5352)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- aswidsagent.exe (PID: 7280)
- AvastUI.exe (PID: 7332)
- engsup.exe (PID: 7888)
- icarus.exe (PID: 7204)
- aswOfferTool.exe (PID: 4476)
- icarus.exe (PID: 5904)
- icarus.exe (PID: 7308)
- AvastUI.exe (PID: 8336)
- AvastUI.exe (PID: 8460)
- aswOfferTool.exe (PID: 8480)
- AvastUI.exe (PID: 8468)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 8280)
- AvastUI.exe (PID: 4476)
- overseer.exe (PID: 7648)
- AvastUI.exe (PID: 8640)
Manual execution by a user
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 1864)
- thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe (PID: 5252)
- Taskmgr.exe (PID: 7152)
- Taskmgr.exe (PID: 6772)
- AvastUI.exe (PID: 7332)
- firefox.exe (PID: 8616)
Creates files in the program directory
- icarus.exe (PID: 1100)
- icarus_ui.exe (PID: 1216)
- icarus.exe (PID: 536)
- icarus.exe (PID: 3108)
- engsup.exe (PID: 5652)
- avast_free_antivirus_online_setup.exe (PID: 3688)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- wsc_proxy.exe (PID: 3672)
- afwServ.exe (PID: 5352)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- AvastNM.exe (PID: 7196)
- aswidsagent.exe (PID: 7280)
- AvastUI.exe (PID: 7332)
- engsup.exe (PID: 7888)
- aswOfferTool.exe (PID: 4476)
Reads CPU info
- icarus.exe (PID: 1100)
- icarus_ui.exe (PID: 1216)
- icarus.exe (PID: 3108)
- icarus.exe (PID: 536)
- engsup.exe (PID: 5652)
- SetupInf.exe (PID: 7008)
- SetupInf.exe (PID: 2312)
- SetupInf.exe (PID: 6428)
- SetupInf.exe (PID: 3572)
- SetupInf.exe (PID: 1644)
- SetupInf.exe (PID: 1236)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- RegSvr.exe (PID: 6668)
- RegSvr.exe (PID: 7060)
- SetupInf.exe (PID: 3584)
- wsc_proxy.exe (PID: 3672)
- wsc_proxy.exe (PID: 5496)
- afwServ.exe (PID: 5352)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- aswEngSrv.exe (PID: 5684)
- AvastNM.exe (PID: 7196)
- aswidsagent.exe (PID: 7280)
- AvastUI.exe (PID: 7332)
- engsup.exe (PID: 7888)
- icarus.exe (PID: 7204)
- icarus.exe (PID: 5904)
- icarus.exe (PID: 7308)
- AvastUI.exe (PID: 8336)
- AvastUI.exe (PID: 8460)
- AvastUI.exe (PID: 8468)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 4476)
- AvastUI.exe (PID: 8280)
- AvastUI.exe (PID: 8640)
Reads Environment values
- icarus.exe (PID: 536)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- afwServ.exe (PID: 5352)
- AvastSvc.exe (PID: 4112)
- aswToolsSvc.exe (PID: 6704)
- aswidsagent.exe (PID: 7280)
- AvastUI.exe (PID: 7332)
Checks proxy server information
- icarus_ui.exe (PID: 1216)
- slui.exe (PID: 3852)
- avast_free_antivirus_online_setup.exe (PID: 3688)
- AvEmUpdate.exe (PID: 6164)
- AvEmUpdate.exe (PID: 4916)
- AvastUI.exe (PID: 7332)
- AvastUI.exe (PID: 8336)
- AvastUI.exe (PID: 8460)
- AvastUI.exe (PID: 8468)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 8280)
- AvastUI.exe (PID: 4476)
- AvastUI.exe (PID: 8640)
Creates files or folders in the user directory
- icarus_ui.exe (PID: 1216)
- AvastUI.exe (PID: 7332)
- AvastUI.exe (PID: 8468)
The sample compiled with czech language support
- icarus.exe (PID: 536)
Reads security settings of Internet Explorer
- Taskmgr.exe (PID: 7152)
Create files in a temporary directory
- avast_free_antivirus_online_setup.exe (PID: 3688)
- engsup.exe (PID: 7888)
- AvastUI.exe (PID: 7332)
Process checks computer location settings
- aswToolsSvc.exe (PID: 6704)
- AvastSvc.exe (PID: 4112)
- AvastUI.exe (PID: 7332)
- AvastUI.exe (PID: 8660)
- AvastUI.exe (PID: 8520)
- AvastUI.exe (PID: 8280)
- AvastUI.exe (PID: 4476)
- AvastUI.exe (PID: 8640)
Launching a file from a Registry key
- icarus.exe (PID: 536)
Reads the time zone
- aswidsagent.exe (PID: 7280)
Drops encrypted JS script (Microsoft Script Encoder)
- aswidsagent.exe (PID: 7280)
Process checks whether UAC notifications are on
- AvastSvc.exe (PID: 4112)
Reads product name
- aswidsagent.exe (PID: 7280)
- AvastSvc.exe (PID: 4112)
- AvastUI.exe (PID: 7332)
Aspack has been detected
- aswEngSrv.exe (PID: 5684)
PECompact has been detected (YARA)
- aswEngSrv.exe (PID: 5684)
UPX packer has been detected
- aswEngSrv.exe (PID: 5684)
Detects InnoSetup installer (YARA)
- aswEngSrv.exe (PID: 5684)
Themida protector has been detected
- aswEngSrv.exe (PID: 5684)
Detects AutoHotkey samples (YARA)
- aswEngSrv.exe (PID: 5684)
Reads Microsoft Office registry keys
- AvastUI.exe (PID: 7332)
- firefox.exe (PID: 7384)
Application launched itself
- firefox.exe (PID: 7384)
- firefox.exe (PID: 8616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
xor-url
(PID) Process(5684) aswEngSrv.exe
Decrypted-URLs (2)http://dl.dropbox.com/
http://jabox.ru/
Decrypted-URLs (90)http://aa.18dd.net/ww/new
http://api.xxxxxxxxxxxx
http://apis.googlestorge.ru/apis/
http://app2.tsmon.co.kr/filenmsbr/nmsbr
http://buy.haote.com/?
http://cmp.torrentsma
http://ct.chameleontom.org/
http://data.down
http://develsee.info/taveara?q=
http://elongoogle.info/taveara?q=A
http://errors.fullmanlock.com/utility.gif?report=fdata&f&
http://errors.localkeymappeer.com/utility.gif?report=fda9l@
http://errors.localkeymappeer.com/utility.gifou_B
http://errors.neomapobjectrack.com/utility.gif?report=fd
http://errors.nodedomax.com/utility.gif?report=fd
http://errors.staticclientstorage.com/utility.gif?report=fdata&f=]H
http://errors.staticclientstorage.com/utility.gif?report=fdata&y
http://errors.staticinputserv.com/utility.gif?re
http://file.ietab.co.kr/dst/InsideTool_I
http://file.ietab.co.kr/dst/InsideTool_IT
http://get.dribbla.xyzK
http://kcyber.info/pub/dsct.exe
http://kkpic.net/ggg/adc/U~
http://livestatscounter.com/Generic/am.php?pr=
http://logs.clientstaticserv.com/monetization.gif?event=3&ibi
http://logs.datagenserv.com/monetization.gif?event=5&ibic=
http://logs.democlientnet.com/monetization.gif?event=
http://logs.demogensrv.com/monetization.gif?event=5&i
http://logs.geninfocloud.com/monetization.gif?event=5&ibic=
http://logs.genstatsnet.com/monetization.gif?event=5&
http://logs.infodatacloud.com/monetization.gif?event=
http://logs.infogenservice.com/monetization.gif?event=
http://logs.infostatsserv.com/monetization.gif?event=4'
http://logs.loadclientinputsrv.com/monetization.gif?evenA
http://logs.localkeymappeer.com/monetization.gif?event=5
http://logs.neomapobjectrack.com/monetization.gif?eve
http://logs.neomapobjectrack.com/monetization.gif?event=
http://logs.neomapobjectrack.com/monetization.gif?event=Y
http://logs.newclientonlinestorage.com/monetization.gif?event=5&ibic=
http://logs.newdatastatsserv.com/monetization.gif?ev
http://logs.newdatastatsserv.com/monetization.gif?event=
http://logs.newdatastatsserv.com/monetization.gif?event=5&ibic=
http://logs.newinfoclientstack.com/monetization.g
http://logs.newstaticinputserv.com/monetization.gif?event=5&ibic=
http://logs.newstatsd
http://logs.ourstaticdatastorage.com/monetization.gif?ev
http://logs.ourstatsstaticstack.com/monetization.gif?evea8r
http://logs.staticclientstorage.com/monetization.gif?eveZ
http://logs.staticclientstorage.com/monetization.gif?p
http://logs.staticinputserv.com/monetization.gif?event=
http://logs.staticinputserv.com/monetization.gif?event=5.
http://logs.staticinputserv.com/monetization.gif?event=5=
http://malta.pushmonkey.life/lv7.php?p=&
http://malta.pushmonkey.life/lv7.php?p=&pid=
http://mfd.malavida.org/
http://outware.info/taveara?q=
http://pe-ento.com/launch_v3.php?p=
http://pe-ento.com/start_v2.php?p=Y
http://pe-mainin.com/launch.php?p=sevenzip&pid=
http://pf.dlwvit.com/s/
http://pf.dlwvit.com/s/2/
http://powerdry.info/taveara?q=
http://qvc.com/qic/
http://sd.dlwvit.com/s/
http://sd.dlwvit.com/s/1
http://sniff.su
http://softvers.in/adobe.php?ver=93
http://speeddownload.co.uk/?sid=
http://strong.girlsmist.online/lvx7.php?p=sevenzip&tid=:S
http://strong.girlsmist.online/lvx7.php?p=sevenzip&tid=R
http://tap.frip783.xyz/stats.php?bu=
http://up.ic-upp.xyz/stats.php?[
http://up.ic-upp.xyz/stats.php?bu=
http://update.vaccineclean.co.kr/inst
http://www.bitcoinplus.com/generate?for=
http://www.espejosescorts.com/
http://x.azjmp.com/c.php?o=10580&
https://api-torrent.ru/api/offer2/get?s
https://api-torrent.ru/api/offer2/get?st
https://api-torrent.ru/api/offer?torrent_id=
https://api-torrentzz.ru/api/offer2/get?st
https://gosoftdl.mail.ru/switcher_pd_3_9.exe
https://loderka.ru/api/offer?v=
https://loderka.ru/api/offer?v=Z
https://loderka.ru/api/soft/launch?torrent_id=
https://loderka.ru/api/soft/open?torrent_id=
https://moytorrent.ru/api/soft/launch?torrent_id=
https://my-games-online.ru/site/?gid=
https://torrent-apis.ru/api/offer?id=
https://www.runonpc.com
Decrypted-URLs (1)https://i.imgur
Decrypted-URLs (4)http://u.to/
http://www.pussy.com
http://www.ultra.com
http://www.wee.com
Decrypted-URLs (52)http://4dlmng.com/sf
http://4dlmng.com/sfTWJ
http://aspps.ru/libs.tmp
http://automation.whatismyip.com/~
http://cl.ly/;m
http://d.8wei.net/list/t1
http://develsee.info/taveara?q=
http://dl.dropbox.com/u/
http://dl.dropbox.com/u/5
http://edaysch.ru/includes/js/3v
http://elongoogle.info/taveara?q=A
http://filepop.co.kr/App/auto/
http://goo.gl/GZle0
http://jonathanqtjapalinguasss.com/
http://kkpic.net/ggg/adc/U~
http://lajdbgdefg.net/llll.html?search=%]]%]]%
http://livestatscounter.com/Generic/am.php?pr=
http://loltrain.com
http://m.55et.com/?b22
http://malta.pushmonkey.life/lv7.php?p=&
http://malta.pushmonkey.life/lv7.php?p=&pid=
http://meatspin.com
http://netdhc.com/
http://outware.info/taveara?q=
http://pastebin.com/raw.php?
http://powerdry.info/taveara?q=
http://px.koreasys1.com/receive/r_autoidcnt
http://secure.oinstaller
http://strong.girlsmist.online/lvx7.php?p=sevenzip&tid=:S
http://strong.girlsmist.online/lvx7.php?p=sevenzip&tid=R
http://update.i9
http://vip.114central.co
http://www.4shared.com/download/
http://www.bitcoinplus.com/generate?for=
http://www.engine-search.biz
http://www.haohack.com/DZ.txt
http://www.momocell.com/log/install.php?mac=
http://www.playground.ru/download/?file=
https://api-torrent.ru/api/offer2/get?s
https://api-torrent.ru/api/offer2/get?st
https://api-torrent.ru/api/offer?torrent_id=
https://api-torrentzz.ru/api/offer2/get?st
https://gosoftdl.mail.ru/switcher_pd_3_9.exe
https://loderka.ru/api/offer?v=
https://loderka.ru/api/offer?v=Z
https://loderka.ru/api/soft/launch?torrent_id=
https://loderka.ru/api/soft/open?torrent_id=
https://moytorrent.ru/api/soft/launch?torrent_id=
https://my-games-online.ru/site/?gid=
https://torrent-apis.ru/api/offer?id=
https://www.runonpc.com
https://www2.bancobrasilSc
Decrypted-URLs (3)http://3g.qq.come
http://evt17.com
http://zzwx.ru/
TRiD
| .exe | | | Win64 Executable (generic) (76.4) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (12.4) |
| .exe | | | Generic Win/DOS Executable (5.5) |
| .exe | | | DOS Executable Generic (5.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2024:09:20 07:47:50+00:00 |
| ImageFileCharacteristics: | Executable, Large address aware, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 14.16 |
| CodeSize: | 142336 |
| InitializedDataSize: | 97792 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x1020 |
| OSVersion: | 5.1 |
| ImageVersion: | - |
| SubsystemVersion: | 5.1 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 2.1.133.0 |
| ProductVersionNumber: | 2.1.133.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Windows NT 32-bit |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Gen Digital Inc. |
| Edition: | 1 |
| FileDescription: | Avast Installer |
| FileVersion: | 2.1.133.0 |
| InternalName: | microstub |
| LegalCopyright: | Copyright © 2024 Gen Digital Inc. All rights reserved. |
| OriginalFileName: | microstub.exe |
| ProductName: | Avast |
| ProductVersion: | 2.1.133.0 |
Total processes
215
Monitored processes
63
Malicious processes
42
Suspicious processes
4
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 536 | C:\WINDOWS\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\avast-av\icarus.exe /cookie:mmm_ava_999_999_a9h_m:dlid_FAV-ONLINE-HP /edat_dir:C:\WINDOWS\Temp\asw.b74b3bcc35bb6a99 /geo:DK /track-guid:d5108d83-4ece-45ff-bf0b-d823c323211d /sssid:3688 /er_master:master_ep_3bba389a-41ef-4a5c-bc13-d15bda5e4c28 /er_ui:ui_ep_28357171-fa03-4f57-9523-fbc074d39963 /er_slave:avast-av_slave_ep_904cbb2c-2eab-4d4e-b761-cbcad62bdab6 /slave:avast-av | C:\Windows\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\avast-av\icarus.exe | icarus.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Installer Exit code: 0 Version: 25.8.9673.0 Modules
| |||||||||||||||
| 1052 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 3384 -prefsLen 37040 -prefMapHandle 3388 -prefMapSize 272997 -ipcHandle 3472 -initialChannelId {60839b59-a302-498f-bc35-03d9b8f35264} -parentPid 7384 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7384" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 136.0 Modules
| |||||||||||||||
| 1100 | C:\WINDOWS\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\icarus.exe /icarus-info-path:C:\WINDOWS\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\icarus-info.xml /install /cookie:mmm_ava_999_999_a9h_m:dlid_FAV-ONLINE-HP /edat_dir:C:\WINDOWS\Temp\asw.b74b3bcc35bb6a99 /geo:DK /track-guid:d5108d83-4ece-45ff-bf0b-d823c323211d /sssid:3688 | C:\Windows\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\icarus.exe | avast_free_antivirus_online_setup.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Installer Exit code: 0 Version: 25.8.9673.0 Modules
| |||||||||||||||
| 1216 | C:\WINDOWS\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\icarus_ui.exe /cookie:mmm_ava_999_999_a9h_m:dlid_FAV-ONLINE-HP /edat_dir:C:\WINDOWS\Temp\asw.b74b3bcc35bb6a99 /geo:DK /track-guid:d5108d83-4ece-45ff-bf0b-d823c323211d /sssid:3688 /er_master:master_ep_3bba389a-41ef-4a5c-bc13-d15bda5e4c28 /er_ui:ui_ep_28357171-fa03-4f57-9523-fbc074d39963 | C:\Windows\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\icarus_ui.exe | icarus.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast UI Exit code: 0 Version: 25.8.9673.0 Modules
| |||||||||||||||
| 1236 | "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswRvrt.cat | C:\Program Files\Avast Software\Avast\SetupInf.exe | — | icarus.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 25.8.10387.0 Modules
| |||||||||||||||
| 1592 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -sandboxingKind 0 -prefsHandle 4716 -prefsLen 44916 -prefMapHandle 4640 -prefMapSize 272997 -ipcHandle 3896 -initialChannelId {fdc5b5ad-d226-4231-96bd-eaeff990bcbe} -parentPid 7384 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7384" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 136.0 Modules
| |||||||||||||||
| 1644 | "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswVmm.cat | C:\Program Files\Avast Software\Avast\SetupInf.exe | — | icarus.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 25.8.10387.0 Modules
| |||||||||||||||
| 1864 | "C:\Users\admin\Desktop\thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe" | C:\Users\admin\Desktop\thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | explorer.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Installer Exit code: 0 Version: 2.1.133.0 Modules
| |||||||||||||||
| 2200 | C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache | C:\Windows\System32\svchost.exe | services.exe | ||||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2312 | "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /netservice:aswNdisFlt /catalog:aswNdisFlt.cat | C:\Program Files\Avast Software\Avast\SetupInf.exe | — | icarus.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 25.8.10387.0 Modules
| |||||||||||||||
Total events
105 984
Read events
104 262
Write events
1 554
Delete events
168
Modification events
| (PID) Process: | (3688) avast_free_antivirus_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 |
| Operation: | write | Name: | 5FD38555-4B16-40AE-9A09-E2C969CB74AF |
Value: F6D4F52220BB5A3D7246A004278BB23F | |||
| (PID) Process: | (3688) avast_free_antivirus_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F |
| Operation: | write | Name: | 7CCD586D-2ABC-42FF-A23B-3731F4F183D9 |
Value: F6D4F52220BB5A3D7246A004278BB23F | |||
| (PID) Process: | (3688) avast_free_antivirus_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 |
| Operation: | write | Name: | 8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3 |
Value: AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAHNcRhu98QESU8eFcY0LmBwQAAAACAAAAAAAQZgAAAAEAACAAAAAkuLiECbmBO3cIz1LBWVnpgzEsNfOXjNiPxcMu7qYnSAAAAAAOgAAAAAIAACAAAAA9cf8hvtVIfvOSnUvXPKPn1WqJjLMatgozRGaYKQLFjFAAAADyMlzuxmWZb8SJm0tmTfE2MBU2IAeLz6+wvDVUKjLp3XIvADtjVNJl8Re5CEqM67D77Rzqs+vmaUgnVEBsMANdZw3IB1ZYQNPeHQvroSQi+EAAAAB14PmxU1pbBYWHDRdEGHpvyoN6Lyro+tJMio440hdcN+N7UdN8A7h42UKT6GLLAq8skgjQxJJPrX6zq49+2Kdb | |||
| (PID) Process: | (3688) avast_free_antivirus_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F |
| Operation: | write | Name: | 5E1D6A55-0134-486E-A166-38C2E4919BB1 |
Value: AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAHNcRhu98QESU8eFcY0LmBwQAAAACAAAAAAAQZgAAAAEAACAAAAAkuLiECbmBO3cIz1LBWVnpgzEsNfOXjNiPxcMu7qYnSAAAAAAOgAAAAAIAACAAAAA9cf8hvtVIfvOSnUvXPKPn1WqJjLMatgozRGaYKQLFjFAAAADyMlzuxmWZb8SJm0tmTfE2MBU2IAeLz6+wvDVUKjLp3XIvADtjVNJl8Re5CEqM67D77Rzqs+vmaUgnVEBsMANdZw3IB1ZYQNPeHQvroSQi+EAAAAB14PmxU1pbBYWHDRdEGHpvyoN6Lyro+tJMio440hdcN+N7UdN8A7h42UKT6GLLAq8skgjQxJJPrX6zq49+2Kdb | |||
| (PID) Process: | (3688) avast_free_antivirus_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 |
| Operation: | write | Name: | 144807F0-DE37-4C62-9C05-EB4CC64A7A2F |
Value: d6e2e937-cc61-4961-bc61-b68b4c91a18d | |||
| (PID) Process: | (3688) avast_free_antivirus_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F |
| Operation: | write | Name: | 56C7A9DA-4B11-406A-8B1A-EFF157C294D6 |
Value: d6e2e937-cc61-4961-bc61-b68b4c91a18d | |||
| (PID) Process: | (1100) icarus.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 |
| Operation: | write | Name: | 144807F0-DE37-4C62-9C05-EB4CC64A7A2F |
Value: d6e2e937-cc61-4961-bc61-b68b4c91a18d | |||
| (PID) Process: | (1100) icarus.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 |
| Operation: | write | Name: | 5FD38555-4B16-40AE-9A09-E2C969CB74AF |
Value: F6D4F52220BB5A3D7246A004278BB23F | |||
| (PID) Process: | (1216) icarus_ui.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (1216) icarus_ui.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
Executable files
747
Suspicious files
2 412
Text files
333
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1864 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | C:\Windows\Temp\asw.b74b3bcc35bb6a99\eref.edat | text | |
MD5:F5B36258F7C5EC72818919DD5A3556DD | SHA256:A08CF68CA0EC90E4C4D0BD5A23675E8DAADCD907139692FD2751721527DC7E57 | |||
| 1864 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | C:\Windows\Temp\asw.b74b3bcc35bb6a99\avast_free_antivirus_online_setup.exe | executable | |
MD5:F263FBFE5B1D5627BAB8B0A514578B0C | SHA256:D9F6E7FDE0C3CE25D2F651CBD2D4875C9EC2CF64A405FFCCC1C84AAD0A615B99 | |||
| 1864 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | C:\Windows\Temp\asw.b74b3bcc35bb6a99\ecoo.edat | text | |
MD5:4F31517C4F546872A958C608CFCEB808 | SHA256:BA64683994B837A0FD68C252C81B377928A136FC4A7A2389648DB2526E1261EC | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\Windows\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\241a813d-3065-4b98-abc7-b232c5b1db91 | compressed | |
MD5:D410C5C064FD31F4D4D356C976844D6A | SHA256:5AED4E33D84BEB1065BAEC9EAB991176F41D920963D527F8D0F7CAF94950ABE7 | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\Users\admin\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286 | binary | |
MD5:763EB37D724E3F1589250E33439BB7F4 | SHA256:4223BCD419C22EB4C9B87BD2C140529BFA0A1CB226014CFB2537C28ECBD64C09 | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\ProgramData\Avast Software\Icarus\Logs\sfx.log | text | |
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA | SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5 | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\Users\admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0 | binary | |
MD5:B3F3F49B3707AF208055EC9591E5B8EA | SHA256:573FDEA1CD5ED3097278B61398AF0740FA100B8E6B6B9167F512AF277B611A54 | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\Windows\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\icarus_mod.dll | executable | |
MD5:4E19E6A62770EA9F253A436BE06BA8FC | SHA256:DB401D2453C1C1020CD3ED81B27200331784AA635F75370454A43ACEE0884811 | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\Windows\Temp\asw-92f409aa-5731-4326-a6e7-c4a84700b932\common\product-info.xml | xml | |
MD5:F776F29E7CF91EC899E227FA800BC150 | SHA256:D181B5A2FE0D5EEE5CA9211AB72389E1EDB97D6065960D23E472E922576D86F0 | |||
| 3688 | avast_free_antivirus_online_setup.exe | C:\Users\admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3 | binary | |
MD5:51CACEA0FBAE8346C20FB94EFEEF8809 | SHA256:5749457FC3E5EE160FE41B6BC0743A890B38FD3F09965828BD19FE269E5BD434 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
57
TCP/UDP connections
410
DNS requests
312
Threats
19
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6760 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
6796 | SIHClient.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
6796 | SIHClient.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
2388 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | POST | 204 | 34.117.223.223:80 | http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi | unknown | — | — | whitelisted |
2388 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | POST | 200 | 142.250.184.238:80 | http://www.google-analytics.com/collect | unknown | — | — | whitelisted |
1864 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | POST | 204 | 34.117.223.223:80 | http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi | unknown | — | — | whitelisted |
1864 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | POST | 200 | 142.250.184.238:80 | http://www.google-analytics.com/collect | unknown | — | — | whitelisted |
1864 | thiết_lập_Avast_Free_Antivirus_trực_tuyến.exe | POST | 200 | 142.250.184.238:80 | http://www.google-analytics.com/collect | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1268 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2596 | RUXIMICS.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
6760 | svchost.exe | 20.190.160.2:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6760 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
5944 | MoUsoCoreWorker.exe | 23.216.77.28:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
5944 | MoUsoCoreWorker.exe | 23.35.229.160:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
1268 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
v7event.stats.avast.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
— | — | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
— | — | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
— | — | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
— | — | Misc activity | ET INFO Microsoft Connection Test |
— | — | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
— | — | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
— | — | Misc activity | ET INFO Microsoft Connection Test |
— | — | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
— | — | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
Process | Message |
|---|---|
AvastSvc.exe | [2025-08-21 10:46:53.160] [error ] [printer_mon] [ 4112: 1948] [BC343D: 178] Failed to start monitoring. ErrorCode:5
|
AvastSvc.exe | [2025-08-21 10:46:53.160] [error ] [serv ] [ 4112: 1948] [1E02A3:3139] Failed to start printer monitor
Exception: Failed to start monitoring.
Code: 0x00000000 (0)
|
AvastSvc.exe | [2025-08-21 10:46:56.169] [error ] [app_report ] [ 4112: 1948] [587E32: 75] Data sharing preference report flush failed after a few retry attempts. The event will be sent later in the standard way.
|
AvastSvc.exe | [2025-08-21 10:46:58.716] [error ] [dnsdoh ] [ 4112: 7248] [3C730B: 73] failed to restore usage statistics
Exception: corrupted file
|
AvastSvc.exe | [2025-08-21 10:46:59.872] [info ] [nsf_urlinfo] [ 4112: 7248] [7ACE34: 46] Starting UrlInfo
|
AvastSvc.exe | [2025-08-21 10:46:59.872] [info ] [nsf_urlinfo] [ 4112: 7248] [6E74C4: 39] Initialize UrlInfoMgr
|
AvastSvc.exe | [2025-08-21 10:46:59.903] [info ] [nsf_urlinfo] [ 4112: 7248] [6E74C4: 72] UrlInfoMgr initialized
|
AvastSvc.exe | [2025-08-21 10:47:02.044] [error ] [av_pp_prov ] [ 4112: 7108] [81BB2E: 295] (p_dbc)
Exception: Registry key or value does not exist: Cannot open registry key (on path: <Unknown or opened key>\Opera.Protocol\shell\open\command)
Code: 0x00000002 (2)
|
AvastSvc.exe | [2025-08-21 10:47:02.044] [error ] [av_pp_prov ] [ 4112: 1028] [81BB2E: 295] (p_dbc)
Exception: Registry key or value does not exist: Cannot open registry key (on path: <Unknown or opened key>\Opera.Protocol\shell\open\command)
Code: 0x00000002 (2)
|
AvastSvc.exe | [2025-08-21 10:47:05.857] [error ] [av_pp_prov ] [ 4112: 5368] [81BB2E: 295] (p_dbc)
Exception: Registry key or value does not exist: Cannot open registry key (on path: <Unknown or opened key>\Opera.Protocol\shell\open\command)
Code: 0x00000002 (2)
|