File name:

hashcalc-2.02-installer_AmfgD-1.exe

Full analysis: https://app.any.run/tasks/66d3cb77-1b84-4c40-9323-13e5a2c4aa30
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 07, 2025, 03:09:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
arch-exec
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

4EBA46960840F769A06D244FA8B626DF

SHA1:

F7CC1ACF5EE48E78BF0E52EFF7F1D5728A7E40E7

SHA256:

895B9C1797E3936F23C1D0EE8B8A49470DC56022463C2259E1C982C6A39344A5

SSDEEP:

98304:PLVIF8P3n1BLHxtD59KEKjSvDnjgCpnl9J0o+w33xN4WWMkV2EUv7XFhFj2kxXk0:JQg20

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 7264)
      • AVGBrowser.exe (PID: 8704)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 1332)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 6412)
      • avg_antivirus_free_setup.exe (PID: 620)
      • avg_secure_browser_setup.exe (PID: 3196)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • icarus.exe (PID: 2272)
      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)
      • icarus.exe (PID: 4816)
      • AVGBrowserInstaller.exe (PID: 8216)
      • setup.exe (PID: 7264)

    • Reads the Windows owner or organization settings

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)

    • Reads security settings of Internet Explorer

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 5168)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The process verifies whether the antivirus software is installed

      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowserUpdate.exe (PID: 3048)
      • icarus.exe (PID: 4816)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 4132)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3624)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 7092)
      • AVGBrowserUpdate.exe (PID: 5116)
      • AVGBrowserUpdate.exe (PID: 1828)
      • AVGBrowserUpdate.exe (PID: 4456)
      • AVGBrowserUpdate.exe (PID: 7016)
      • AVGBrowserUpdate.exe (PID: 5896)
      • AVGBrowserInstaller.exe (PID: 8216)
      • setup.exe (PID: 7264)
      • setup.exe (PID: 6732)
      • AVGBrowserCrashHandler64.exe (PID: 7408)
      • AVGBrowserCrashHandler.exe (PID: 8148)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 8760)
      • AVGBrowser.exe (PID: 8360)
      • AVGBrowser.exe (PID: 8364)
      • elevation_service.exe (PID: 8352)
      • AVGBrowser.exe (PID: 8456)
      • AVGBrowser.exe (PID: 8504)
      • AVGBrowser.exe (PID: 8328)
      • AVGBrowser.exe (PID: 8484)
      • AVGBrowser.exe (PID: 1752)
      • AVGBrowser.exe (PID: 7376)
      • AVGBrowser.exe (PID: 7664)
      • AVGBrowser.exe (PID: 6552)
      • AVGBrowser.exe (PID: 7652)
      • AVGBrowser.exe (PID: 7700)
      • elevation_service.exe (PID: 7552)
      • AVGBrowser.exe (PID: 7816)
      • AVGBrowser.exe (PID: 8572)
      • AVGBrowser.exe (PID: 6296)
      • AVGBrowser.exe (PID: 9144)
      • AVGBrowser.exe (PID: 7468)
      • AVGBrowser.exe (PID: 6636)
      • AVGBrowser.exe (PID: 7420)
      • AVGBrowser.exe (PID: 8124)
      • AVGBrowser.exe (PID: 4040)
      • AVGBrowser.exe (PID: 592)
      • AVGBrowser.exe (PID: 5372)
      • AVGBrowser.exe (PID: 8404)
      • AVGBrowser.exe (PID: 8760)
      • AVGBrowser.exe (PID: 2804)

    • Searches for installed software

      • avg_secure_browser_setup.exe (PID: 3196)
      • setup.exe (PID: 7264)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 6552)

    • Starts itself from another location

      • icarus.exe (PID: 2272)
      • AVGBrowserUpdate.exe (PID: 5896)

    • Reads the BIOS version

      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowser.exe (PID: 6552)
      • AVGBrowser.exe (PID: 8704)

    • Executes application which crashes

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)

    • Disables SEHOP

      • AVGBrowserUpdate.exe (PID: 5896)

    • Creates/Modifies COM task schedule object

      • AVGBrowserUpdate.exe (PID: 5116)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3624)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 4132)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 7092)
      • AVGBrowserUpdate.exe (PID: 5896)

    • Executes as Windows Service

      • AVGBrowserUpdate.exe (PID: 7016)
      • elevation_service.exe (PID: 8352)
      • elevation_service.exe (PID: 7552)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 4816)

    • Process requests binary or script from the Internet

      • AVGBrowserUpdate.exe (PID: 7016)

    • Potential Corporate Privacy Violation

      • AVGBrowserUpdate.exe (PID: 7016)

    • There is functionality for taking screenshot (YARA)

      • avg_secure_browser_setup.exe (PID: 3196)
      • avg_antivirus_free_setup.exe (PID: 620)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 4816)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 4816)

    • Application launched itself

      • setup.exe (PID: 7264)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 6552)

    • Creates a software uninstall entry

      • setup.exe (PID: 7264)
      • avg_secure_browser_setup.exe (PID: 3196)
      • elevation_service.exe (PID: 8352)
      • elevation_service.exe (PID: 7552)

  • INFO

    • Checks supported languages

      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 1332)
      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 6412)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 5168)
      • avg_antivirus_free_setup.exe (PID: 620)
      • avg_secure_browser_setup.exe (PID: 3196)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • icarus.exe (PID: 2272)
      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • icarus.exe (PID: 5240)
      • icarus.exe (PID: 4816)
      • AVGBrowserUpdate.exe (PID: 5896)
      • AVGBrowserUpdate.exe (PID: 5116)
      • AVGBrowserUpdate.exe (PID: 3048)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 4132)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3624)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 7092)
      • AVGBrowserUpdate.exe (PID: 4456)
      • AVGBrowserUpdate.exe (PID: 1828)
      • AVGBrowserInstaller.exe (PID: 8216)
      • setup.exe (PID: 7264)
      • setup.exe (PID: 6732)
      • identity_helper.exe (PID: 8848)
      • identity_helper.exe (PID: 7992)
      • AVGBrowserCrashHandler64.exe (PID: 7408)
      • AVGBrowserCrashHandler.exe (PID: 8148)
      • AVGBrowser.exe (PID: 8760)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 8360)
      • elevation_service.exe (PID: 8352)
      • AVGBrowserUpdate.exe (PID: 7016)
      • AVGBrowser.exe (PID: 8484)
      • AVGBrowser.exe (PID: 8328)
      • AVGBrowser.exe (PID: 8504)
      • AVGBrowser.exe (PID: 6552)
      • AVGBrowser.exe (PID: 7664)
      • AVGBrowser.exe (PID: 1752)
      • AVGBrowser.exe (PID: 7376)
      • AVGBrowser.exe (PID: 7652)
      • AVGBrowser.exe (PID: 7816)
      • AVGBrowser.exe (PID: 7700)
      • elevation_service.exe (PID: 7552)
      • AVGBrowser.exe (PID: 8572)
      • AVGBrowser.exe (PID: 7468)
      • AVGBrowser.exe (PID: 6296)
      • AVGBrowser.exe (PID: 9144)
      • AVGBrowser.exe (PID: 6636)
      • AVGBrowser.exe (PID: 8124)
      • AVGBrowser.exe (PID: 7420)
      • AVGBrowser.exe (PID: 4040)
      • AVGBrowser.exe (PID: 2804)
      • AVGBrowser.exe (PID: 592)
      • AVGBrowser.exe (PID: 8364)
      • AVGBrowser.exe (PID: 5372)
      • AVGBrowser.exe (PID: 8456)

    • Create files in a temporary directory

      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 1332)
      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 6412)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_secure_browser_setup.exe (PID: 3196)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • AVGBrowserUpdate.exe (PID: 7016)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 6552)

    • Process checks computer location settings

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 5168)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowserUpdate.exe (PID: 5896)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 8504)
      • AVGBrowser.exe (PID: 8328)
      • AVGBrowser.exe (PID: 1752)
      • AVGBrowser.exe (PID: 6552)
      • AVGBrowser.exe (PID: 8572)

    • Reads the computer name

      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 6412)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 5168)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_antivirus_free_setup.exe (PID: 620)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • avg_secure_browser_setup.exe (PID: 3196)
      • icarus.exe (PID: 2272)
      • icarus.exe (PID: 5240)
      • icarus.exe (PID: 4816)
      • AVGBrowserUpdate.exe (PID: 5896)
      • AVGBrowserUpdate.exe (PID: 3048)
      • AVGBrowserUpdate.exe (PID: 5116)
      • AVGBrowserUpdate.exe (PID: 4456)
      • AVGBrowserUpdate.exe (PID: 1828)
      • AVGBrowserUpdate.exe (PID: 7016)
      • AVGBrowserInstaller.exe (PID: 8216)
      • setup.exe (PID: 7264)
      • identity_helper.exe (PID: 8848)
      • identity_helper.exe (PID: 7992)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 8364)
      • elevation_service.exe (PID: 8352)
      • AVGBrowser.exe (PID: 8360)
      • AVGBrowser.exe (PID: 6552)
      • AVGBrowser.exe (PID: 7652)
      • elevation_service.exe (PID: 7552)
      • AVGBrowser.exe (PID: 7700)

    • Checks proxy server information

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowserUpdate.exe (PID: 4456)
      • WerFault.exe (PID: 6812)
      • WerFault.exe (PID: 4088)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 6552)

    • Detects InnoSetup installer (YARA)

      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 1332)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 5168)
      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 6412)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)

    • Reads the software policy settings

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_antivirus_free_setup.exe (PID: 620)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowserUpdate.exe (PID: 4456)
      • AVGBrowserUpdate.exe (PID: 7016)
      • WerFault.exe (PID: 6812)
      • WerFault.exe (PID: 4088)

    • Reads the machine GUID from the registry

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_antivirus_free_setup.exe (PID: 620)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • icarus.exe (PID: 2272)
      • avg_secure_browser_setup.exe (PID: 3196)
      • icarus.exe (PID: 5240)
      • icarus.exe (PID: 4816)
      • AVGBrowserUpdate.exe (PID: 5896)
      • AVGBrowserUpdate.exe (PID: 7016)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 6552)

    • Compiled with Borland Delphi (YARA)

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 5168)
      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 1332)
      • hashcalc-2.02-installer_AmfgD-1.exe (PID: 6412)
      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)

    • The sample compiled with english language support

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • avg_antivirus_free_setup.exe (PID: 620)
      • avg_secure_browser_setup.exe (PID: 3196)
      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • icarus.exe (PID: 2272)
      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)
      • icarus.exe (PID: 4816)
      • AVGBrowserInstaller.exe (PID: 8216)
      • setup.exe (PID: 7264)

    • The sample compiled with arabic language support

      • hashcalc-2.02-installer_AmfgD-1.tmp (PID: 2996)
      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)
      • avg_secure_browser_setup.exe (PID: 3196)

    • Creates files in the program directory

      • avg_antivirus_free_online_setup.exe (PID: 4572)
      • icarus.exe (PID: 2272)
      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)
      • icarus.exe (PID: 4816)
      • AVGBrowserInstaller.exe (PID: 8216)
      • setup.exe (PID: 7264)
      • avg_secure_browser_setup.exe (PID: 3196)
      • AVGBrowserUpdate.exe (PID: 7016)

    • Reads Environment values

      • avg_secure_browser_setup.exe (PID: 3196)
      • icarus.exe (PID: 4816)
      • identity_helper.exe (PID: 8848)
      • identity_helper.exe (PID: 7992)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 6552)

    • Reads CPU info

      • icarus.exe (PID: 2272)
      • icarus.exe (PID: 4816)
      • icarus.exe (PID: 5240)
      • AVGBrowser.exe (PID: 6552)

    • Application launched itself

      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 1052)
      • msedge.exe (PID: 7300)
      • msedge.exe (PID: 3636)

    • Creates files or folders in the user directory

      • avg_secure_browser_setup.exe (PID: 3196)
      • WerFault.exe (PID: 6812)
      • WerFault.exe (PID: 4088)
      • AVGBrowser.exe (PID: 8704)
      • AVGBrowser.exe (PID: 8360)
      • AVGBrowser.exe (PID: 6552)
      • AVGBrowser.exe (PID: 7376)
      • AVGBrowser.exe (PID: 7700)

    • The sample compiled with czech language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)
      • icarus.exe (PID: 4816)

    • The sample compiled with bulgarian language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with Indonesian language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with french language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with japanese language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with Italian language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with portuguese language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with korean language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with swedish language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with polish language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with slovak language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with turkish language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with chinese language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with german language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • The sample compiled with russian language support

      • AVGBrowserUpdateSetup.exe (PID: 3396)
      • AVGBrowserUpdate.exe (PID: 5896)

    • Manual execution by a user

      • msedge.exe (PID: 7300)

    • Launching a file from a Registry key

      • setup.exe (PID: 7264)
      • AVGBrowser.exe (PID: 8704)

    • Process checks whether UAC notifications are on

      • avg_secure_browser_setup.exe (PID: 3196)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:03 14:45:36+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 704512
InitializedDataSize: 162304
UninitializedDataSize: -
EntryPoint: 0xacfe0
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.41.2.9280
ProductVersionNumber: 2.41.2.9280
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic International SA
FileVersion: 2.41.2.9280
LegalCopyright: ©2023 Softonic International SA
OriginalFileName:
ProductName: Softonic International SA
ProductVersion: 3.1.5.8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
260
Monitored processes
117
Malicious processes
49
Suspicious processes
2

Behavior graph

Click at the process to see the details
start hashcalc-2.02-installer_amfgd-1.exe hashcalc-2.02-installer_amfgd-1.tmp no specs hashcalc-2.02-installer_amfgd-1.exe hashcalc-2.02-installer_amfgd-1.tmp avg_antivirus_free_setup.exe avg_secure_browser_setup.exe avg_antivirus_free_online_setup.exe icarus.exe msedge.exe no specs msedge.exe no specs avgbrowserupdatesetup.exe icarus.exe no specs icarus.exe avgbrowserupdate.exe werfault.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs avgbrowserinstaller.exe msedge.exe no specs setup.exe setup.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs avgbrowsercrashhandler.exe no specs avgbrowsercrashhandler64.exe no specs slui.exe no specs avgbrowser.exe avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
592"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2096,i,14624954413699349275,17918311707972023957,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
137.0.30835.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\137.0.30835.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
620"C:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\component0_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTuf4VZpgQwVLBfdqNVwm1g82HMgDJNsvRNpQXSX5OoiLAQMBKwlrdAvPBmw6WmXPgFadddGjAaeC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\component0_extract\avg_antivirus_free_setup.exe
hashcalc-2.02-installer_AmfgD-1.tmp
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
2.1.99.0
Modules
Images
c:\users\admin\appdata\local\temp\is-iear1.tmp\component0_extract\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1052"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://gsf-fl.softonic.com/f26/2b8/a580fe26c317105e30bc03857cdd6f7ecf/hashcalc.zip?Expires=1751478374&Signature=c59f86d41c21e2e3aff68dde772b8caa62f7448e&url=https://hashcalc.en.softonic.com/&Filename=hashcalc.zipC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1332"C:\Users\admin\AppData\Local\Temp\hashcalc-2.02-installer_AmfgD-1.exe" C:\Users\admin\AppData\Local\Temp\hashcalc-2.02-installer_AmfgD-1.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Softonic International SA
Exit code:
3221226525
Version:
2.41.2.9280
Modules
Images
c:\users\admin\appdata\local\temp\hashcalc-2.02-installer_amfgd-1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
1752"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2052,i,12387525060132977574,12688226563784087729,262144 --variations-seed-version --mojo-platform-channel-handle=3932 /prefetch:1C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
137.0.30835.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\137.0.30835.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1828"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10" /installsource otherinstallcmd /sessionid "{9F0C4A67-2C16-40FB-AC33-17898E6A29B0}" /silentC:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser
Exit code:
0
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1932"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2096,i,14624954413699349275,17918311707972023957,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
137.0.30835.121
2132"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2096,i,14624954413699349275,17918311707972023957,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
137.0.30835.121
2232"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2096,i,14624954413699349275,17918311707972023957,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
137.0.30835.121
2272C:\WINDOWS\Temp\asw-ed27e095-39bc-421a-8d35-cc8fd72fbd78\common\icarus.exe /icarus-info-path:C:\WINDOWS\Temp\asw-ed27e095-39bc-421a-8d35-cc8fd72fbd78\icarus-info.xml /install /silent /ws /psh:92pTuf4VZpgQwVLBfdqNVwm1g82HMgDJNsvRNpQXSX5OoiLAQMBKwlrdAvPBmw6WmXPgFadddGjAae /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\WINDOWS\Temp\asw.253fd9efa9439386 /track-guid:1b2066f9-bfde-4976-adfe-393580a4f78eC:\Windows\Temp\asw-ed27e095-39bc-421a-8d35-cc8fd72fbd78\common\icarus.exe
avg_antivirus_free_online_setup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
25.6.9397.0
Modules
Images
c:\windows\temp\asw-ed27e095-39bc-421a-8d35-cc8fd72fbd78\common\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
Total events
28 517
Read events
27 198
Write events
1 250
Delete events
69

Modification events

(PID) Process:(2996) hashcalc-2.02-installer_AmfgD-1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E9070700010007000300090028003401010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(4572) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(4572) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(4572) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAqDZiA6DqQEOHKIlIdnCwBQQAAAACAAAAAAAQZgAAAAEAACAAAABB1sIIrL/Hi9ZcQl8pEjL9o+cSZnl4W5fzCR3m8Ki7+gAAAAAOgAAAAAIAACAAAABSPmTbWTYGCtzinahA1XRVyIuwmRG7sPm/Fas8IV16ClAAAABktvd0iOMPsRm2qvtyt5CDkf0Z8uq1qWtTSw5efyyn7MjZz4XApx0mr/qrP+RzRXQYbY2xJ4FbtZT3SYDe9bZwLf7amuJ4YxDWvT8lLtojQ0AAAAD35nZzAv4tS92ph2Wi2eXFtTia8+r22OTQzB7n73wTdj7GqcNR4o9VrRvEGfrT0V51soiPzA1TtA0F6yHU2OuU
(PID) Process:(4572) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAqDZiA6DqQEOHKIlIdnCwBQQAAAACAAAAAAAQZgAAAAEAACAAAABB1sIIrL/Hi9ZcQl8pEjL9o+cSZnl4W5fzCR3m8Ki7+gAAAAAOgAAAAAIAACAAAABSPmTbWTYGCtzinahA1XRVyIuwmRG7sPm/Fas8IV16ClAAAABktvd0iOMPsRm2qvtyt5CDkf0Z8uq1qWtTSw5efyyn7MjZz4XApx0mr/qrP+RzRXQYbY2xJ4FbtZT3SYDe9bZwLf7amuJ4YxDWvT8lLtojQ0AAAAD35nZzAv4tS92ph2Wi2eXFtTia8+r22OTQzB7n73wTdj7GqcNR4o9VrRvEGfrT0V51soiPzA1TtA0F6yHU2OuU
(PID) Process:(4572) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
f9081565-cc6c-4caa-acb3-d024f7411e9a
(PID) Process:(4572) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
f9081565-cc6c-4caa-acb3-d024f7411e9a
(PID) Process:(3196) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(3196) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(3196) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
Executable files
524
Suspicious files
1 804
Text files
511
Unknown types
1

Dropped files

PID
Process
Filename
Type
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\is-GSL88.tmp
MD5:
SHA256:
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\component0.zipcompressed
MD5:56B0D3E1B154AE65682C167D25EC94A6
SHA256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\component1.zipcompressed
MD5:6406ABC4EE622F73E9E6CB618190AF02
SHA256:FD83D239B00A44698959145449EBFCB8C52687327DEAC04455E77A710A3DFE1B
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\component1_extract\avg_secure_browser_setup.exeexecutable
MD5:591059D6711881A4B12AD5F74D5781BF
SHA256:99E8DE20A35A362C2A61C0B9E48FE8EB8FC1DF452134E7B6390211AB19121A65
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\component0_extract\avg_antivirus_free_setup.exeexecutable
MD5:26816AF65F2A3F1C61FB44C682510C97
SHA256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\is-JR1GN.tmphtml
MD5:58DE575562FE28E09ECBB2B55BE462AF
SHA256:47C48BA991EC5AA0EE8E8887122C033D5A07982C13F4969B7E02CFB0B00B305C
4572avg_antivirus_free_online_setup.exeC:\ProgramData\AVG\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
3196avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nst8A7F.tmp\nsJSON.dllexecutable
MD5:DDB56A646AEA54615B29CE7DF8CD31B8
SHA256:07E602C54086A8FA111F83A38C2F3EE239F49328990212C2B3A295FADE2B5069
2996hashcalc-2.02-installer_AmfgD-1.tmpC:\Users\admin\AppData\Local\Temp\is-IEAR1.tmp\101.pngimage
MD5:5B9011739AB76C4E29AF2EF92811CACC
SHA256:B1F1675D8D478DB8EE1B537F3531B3D9D7E00CCF9EB0FC70D1E494B46059C3B9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
303
DNS requests
303
Threats
18

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
620
avg_antivirus_free_setup.exe
POST
200
142.250.186.110:80
http://www.google-analytics.com/collect
unknown
whitelisted
1268
svchost.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3196
avg_secure_browser_setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
620
avg_antivirus_free_setup.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
620
avg_antivirus_free_setup.exe
POST
200
142.250.186.110:80
http://www.google-analytics.com/collect
unknown
whitelisted
620
avg_antivirus_free_setup.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
7016
AVGBrowserUpdate.exe
GET
2.16.168.109:80
http://browser-update.avg.com/browser-avg/win/x64/137.0.30835.121/AVGBrowserInstaller.exe
unknown
whitelisted
3196
avg_secure_browser_setup.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
3196
avg_secure_browser_setup.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1984
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2996
hashcalc-2.02-installer_AmfgD-1.tmp
18.66.121.16:443
d20rp3wwf0n82p.cloudfront.net
AMAZON-02
US
whitelisted
2996
hashcalc-2.02-installer_AmfgD-1.tmp
151.101.1.91:443
images.sftcdn.net
FASTLY
US
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
2.20.245.137:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.181.238
whitelisted
d20rp3wwf0n82p.cloudfront.net
  • 18.66.121.16
  • 18.66.121.8
  • 18.66.121.137
  • 18.66.121.20
whitelisted
images.sftcdn.net
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
whitelisted
crl.microsoft.com
  • 2.20.245.137
  • 2.20.245.139
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.64
  • 40.126.31.1
  • 40.126.31.3
  • 20.190.159.4
  • 20.190.159.128
  • 20.190.159.73
  • 20.190.159.130
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
gsf-fl.softonic.com
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
whitelisted
hashcalc.en.softonic.com
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
whitelisted

Threats

PID
Process
Class
Message
7016
AVGBrowserUpdate.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
7660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8360
AVGBrowser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
8360
AVGBrowser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
8360
AVGBrowser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Process
Message
avg_secure_browser_setup.exe
2025-07-07T03:09:42 [libnsis] {00000c7c:0000108c} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe
2025-07-07T03:09:42 [libnsis] {00000c7c:0000108c} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe
2025-07-07T03:09:42 [libnsis] {00000c7c:0000108c} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
avg_secure_browser_setup.exe
2025-07-07T03:09:42 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nst8A7F.tmp\CR.History.tmp
avg_secure_browser_setup.exe
2025-07-07T03:09:42 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 20246 AND vtime <= 20277 GROUP BY vtime
avg_secure_browser_setup.exe
2025-07-07T03:09:43 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nst8A7F.tmp\CR.History.tmp
avg_secure_browser_setup.exe
2025-07-07T03:09:43 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 20246 AND vtime <= 20277 GROUP BY vtime
avg_secure_browser_setup.exe
2025-07-07T03:09:43 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nst8A7F.tmp\FF.places.tmp
avg_secure_browser_setup.exe
2025-07-07T03:09:43 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 20246 AND vtime <= 20277 GROUP BY vtime
avg_secure_browser_setup.exe
2025-07-07T03:09:43 [libnsis] {00000c7c:0000108c} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nst8A7F.tmp\FF.places.tmp
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
hashcalc-2.02-installer_AmfgD-1.exe