File name:

mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe

Full analysis: https://app.any.run/tasks/efca955a-48f9-4b2f-b49f-69b675b4da87
Verdict: Malicious activity
Analysis date: November 26, 2024, 04:29:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-html
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

A13096F4A1A89BC93D904743791CF85A

SHA1:

A4680C3EE22DB2654E9EEFA07A61ED8AA5BE1C6B

SHA256:

89D57BE9B185B0F05736F9DD637242DBF58CC4154CED106400359907CD117793

SSDEEP:

98304:ElmaUXfSNhsIl+OVBcQS21RIo7T/6Mr/ifUTce/Unba+O+CB3jD9hlp:u9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • mdi-viewer-mdi2pdf-converter-2.61-installer.tmp (PID: 6940)

    • Antivirus name has been found in the command line (generic signature)

      • AVGUI.exe (PID: 7080)
      • AVGUI.exe (PID: 5640)
      • AVGUI.exe (PID: 7868)
      • AVGUI.exe (PID: 5464)
      • AVGUI.exe (PID: 6904)
      • AVGUI.exe (PID: 7160)
      • AVGUI.exe (PID: 6532)
      • AVGUI.exe (PID: 7020)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe (PID: 6208)
      • avg_antivirus_free_online_setup.exe (PID: 6868)
      • avg_antivirus_free_setup.exe (PID: 6780)
      • mdi-viewer-mdi2pdf-converter-2.61-installer.exe (PID: 6924)
      • mdi-viewer-mdi2pdf-converter-2.61-installer.tmp (PID: 6940)
      • icarus.exe (PID: 6996)
      • icarus.exe (PID: 2744)
      • installer.exe (PID: 6300)
      • installer.exe (PID: 6388)
      • icarus.exe (PID: 5640)
      • AvEmUpdate.exe (PID: 2136)
      • engsup.exe (PID: 3140)
      • AVGSvc.exe (PID: 3920)
      • aswOfferTool.exe (PID: 7740)

    • Process drops legitimate windows executable

      • mdi-viewer-mdi2pdf-converter-2.61-installer.tmp (PID: 6940)
      • icarus.exe (PID: 2744)
      • installer.exe (PID: 6388)

    • Executes application which crashes

      • MDI2PDF.exe (PID: 5004)

    • Starts itself from another location

      • icarus.exe (PID: 6996)

    • Starts CMD.EXE for commands execution

      • servicehost.exe (PID: 6236)
      • updater.exe (PID: 7080)

    • Executes as Windows Service

      • servicehost.exe (PID: 6236)
      • wsc_proxy.exe (PID: 6444)
      • afwServ.exe (PID: 5916)
      • AVGSvc.exe (PID: 3920)
      • avgToolsSvc.exe (PID: 6772)
      • aswidsagent.exe (PID: 7576)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 2744)

    • Hides command output

      • cmd.exe (PID: 6948)

    • Drops a system driver (possible attempt to evade defenses)

      • engsup.exe (PID: 3140)
      • icarus.exe (PID: 2744)

    • Application launched itself

      • AVGUI.exe (PID: 7080)

  • INFO

    • Checks supported languages

      • mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe (PID: 6208)

    • Reads the computer name

      • mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe (PID: 6208)

    • Manual execution by a user

      • MDI2PDF.exe (PID: 2736)
      • AVGUI.exe (PID: 7080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (17.3)
.dll | Win32 Dynamic Link Library (generic) (4.1)
.exe | Win32 Executable (generic) (2.8)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:11:13 14:11:30+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 2168320
InitializedDataSize: 2359296
UninitializedDataSize: -
EntryPoint: 0x1c6b12
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.0.13.45775
ProductVersionNumber: 3.0.13.45775
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Softonic
FileDescription: Softonic
FileVersion: 3.0.13.111311
LegalCopyright: (c) Softonic
ProductName: Softonic
ProductVersion: 3.0.13.111311
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
195
Monitored processes
63
Malicious processes
10
Suspicious processes
3

Behavior graph

Click at the process to see the details
start mdi-viewer-mdi2pdf-converter-2.61-installer_yz-s1q1.exe sabsi.exe avg_antivirus_free_setup.exe avg_antivirus_free_online_setup.exe mdi-viewer-mdi2pdf-converter-2.61-installer.exe mdi-viewer-mdi2pdf-converter-2.61-installer.tmp icarus.exe regsvr32.exe no specs regsvr32.exe no specs mdi2pdf.exe werfault.exe no specs icarus.exe icarus.exe installer.exe installer.exe servicehost.exe uihost.exe no specs updater.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs mdi2pdf.exe no specs engsup.exe setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs afwserv.exe no specs avgsvc.exe avgtoolssvc.exe no specs overseer.exe no specs avgui.exe no specs aswengsrv.exe no specs aswidsagent.exe no specs wpr.exe no specs conhost.exe no specs unsecapp.exe no specs engsup.exe no specs icarus.exe no specs aswoffertool.exe icarus.exe no specs icarus.exe no specs aswoffertool.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs mdi-viewer-mdi2pdf-converter-2.61-installer_yz-s1q1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files\Common Files\AVG\Overseer\overseer.exe" /skip_uptime /skip_remediationsC:\Program Files\Common Files\AVG\Overseer\overseer.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Overseer
Exit code:
0
Version:
1.0.494.0
772"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:avgNdisFlt /catalog:avgNdisFlt.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
1076"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRvrt.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
1744"C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\icarus.exe" /checkforupdates:avg-av-vps /silentC:\Program Files\Common Files\AVG\Icarus\avg-av-vps\icarus.exeAVGSvc.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
AVG Installer
Exit code:
0
Version:
24.11.8270.0
1760"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" "C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll"C:\Program Files\AVG\Antivirus\x86\RegSvr.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
2136"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installerC:\Program Files\AVG\Antivirus\AvEmUpdate.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Emergency Update
Exit code:
0
Version:
24.11.9615.0
2676"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\aswAMSI.dll"C:\Program Files\AVG\Antivirus\RegSvr.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
2736"C:\Program Files (x86)\MDIConvertor\MDI2PDF.exe" C:\Program Files (x86)\MDIConvertor\MDI2PDF.exeexplorer.exe
User:
admin
Company:
BugySoft LTD
Integrity Level:
MEDIUM
Description:
MDI (MS Office Document Image) Converter
Version:
2.06.0645
Modules
Images
c:\program files (x86)\mdiconvertor\mdi2pdf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
2744C:\WINDOWS\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\avg-av\icarus.exe /silent /ws /psh:hIA7qv6y4LnyhZ8uUg5ES7NJSv5xFxjsl6RHqJGR35jKfB2LkrE9eOjWN5xgM0llMoJ1FJKzMOwSiw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\WINDOWS\Temp\asw.be861d718398f1a5 /track-guid:9466e02a-e3f9-4441-b7ef-1ee95e446a94 /er_master:master_ep_1f23ea87-b3b2-4c34-b43e-0fbb2563dc4e /er_ui:ui_ep_d728bbb8-4f4b-4c5c-b432-b1d411535951 /er_slave:avg-av_slave_ep_709580fc-4389-4cf7-a81d-383fda7d1118 /slave:avg-avC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\avg-av\icarus.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Installer
Exit code:
0
Version:
24.11.8270.0
Modules
Images
c:\windows\temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\avg-av\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
3060C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5004 -s 1252C:\Windows\SysWOW64\WerFault.exeMDI2PDF.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
31 651
Read events
31 298
Write events
336
Delete events
17

Modification events

(PID) Process:(6208) mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E8070B0002001A0004001D003B002001010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(6208) mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000428E62DABB3FDB01
(PID) Process:(6768) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:UUID
Value:
{7C38D908-2681-4998-93B1-E212CCB7F0D7}
(PID) Process:(6768) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:InstallerFlags
Value:
1
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+kmK8vtitUm5G5TNaPF5jQQAAAACAAAAAAAQZgAAAAEAACAAAADczVrXIMFMk0J5mbo1NksMitQ7eKKq/QgBCY9XJRzAlQAAAAAOgAAAAAIAACAAAAAIxR6NKmC7jtoXqSvVcoHunbxsAY/seVV2qmMKNjtzbVAAAAALoVyOSTfAbLVTuuEStDa1OSJMmS4moQ+C/oDtCYSIC9mb85jnq+999BX0BO1KAwcwKtRyqcrQ7BEPQCRiWiq33xAME9JzH+ZZ8BvavCv6mUAAAABtTEsvxC4ZYizdBB1uveczRStEvm+Mhn2AbxUeyPIHpNbWrFtOfS4UjTIfYGIBhpsJ+q1hZIQKlAelwoDmoTm9
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+kmK8vtitUm5G5TNaPF5jQQAAAACAAAAAAAQZgAAAAEAACAAAADczVrXIMFMk0J5mbo1NksMitQ7eKKq/QgBCY9XJRzAlQAAAAAOgAAAAAIAACAAAAAIxR6NKmC7jtoXqSvVcoHunbxsAY/seVV2qmMKNjtzbVAAAAALoVyOSTfAbLVTuuEStDa1OSJMmS4moQ+C/oDtCYSIC9mb85jnq+999BX0BO1KAwcwKtRyqcrQ7BEPQCRiWiq33xAME9JzH+ZZ8BvavCv6mUAAAABtTEsvxC4ZYizdBB1uveczRStEvm+Mhn2AbxUeyPIHpNbWrFtOfS4UjTIfYGIBhpsJ+q1hZIQKlAelwoDmoTm9
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
16be501d-59e5-458a-9b9a-cacdb67a9738
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
16be501d-59e5-458a-9b9a-cacdb67a9738
Executable files
782
Suspicious files
2 321
Text files
1 107
Unknown types
36

Dropped files

PID
Process
Filename
Type
6868avg_antivirus_free_online_setup.exeC:\ProgramData\AVG\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
6208mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeC:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\avg\avg_antivirus_free_setup.exeexecutable
MD5:26816AF65F2A3F1C61FB44C682510C97
SHA256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
6208mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeC:\Users\admin\Downloads\mdi-viewer-mdi2pdf-converter-2.61-installer.exeexecutable
MD5:9C2EA35F16F10BA94FCC45BD224AD633
SHA256:DE5069924EF7974FEE9B809CAA137F70A120A109D7FF9A612643F657AB7D313F
6208mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeC:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\saBSI.exeexecutable
MD5:143255618462A577DE27286A272584E1
SHA256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
6208mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeC:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI.zipcompressed
MD5:F68008B70822BD28C82D13A289DEB418
SHA256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
6868avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3binary
MD5:51CACEA0FBAE8346C20FB94EFEEF8809
SHA256:5749457FC3E5EE160FE41B6BC0743A890B38FD3F09965828BD19FE269E5BD434
6768saBSI.exeC:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00000057003F001D0006.txttext
MD5:E2F90435052F690DDBE38DA80F0D8B7B
SHA256:719C2F296D439A4F723D20417CFBE59FB1F1D1F52D0939F0B359DADB12A7B2B7
6208mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeC:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\avg.zipcompressed
MD5:56B0D3E1B154AE65682C167D25EC94A6
SHA256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\product-info.xmlxml
MD5:F703EEDD39374802BFF0E485505F4130
SHA256:9E1A26F315C40217096F24BE67B2CA9C2FDE60894D99535536E769897BB86D74
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\icarus_mod.dllexecutable
MD5:4F006AA4BC4D037B5A4C939F2CB85FFB
SHA256:7296F7BC71088F1E3F01F95A7004C73F403360F614ABE44F62ED50532FAACFD8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
463
DNS requests
299
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
440
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
440
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6780
avg_antivirus_free_setup.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6780
avg_antivirus_free_setup.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
6780
avg_antivirus_free_setup.exe
POST
200
142.250.181.238:80
http://www.google-analytics.com/collect
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6780
avg_antivirus_free_setup.exe
POST
200
142.250.181.238:80
http://www.google-analytics.com/collect
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
440
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
440
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.160:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
  • 172.217.16.206
whitelisted
www.bing.com
  • 104.126.37.160
  • 104.126.37.123
  • 104.126.37.170
  • 104.126.37.153
  • 104.126.37.176
  • 104.126.37.171
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.161
  • 2.23.209.189
  • 2.23.209.179
  • 2.23.209.140
  • 2.23.209.182
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.176
whitelisted
login.live.com
  • 20.190.160.22
  • 40.126.32.136
  • 40.126.32.76
  • 20.190.160.14
  • 40.126.32.74
  • 40.126.32.72
  • 40.126.32.68
  • 40.126.32.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
d1zrq0r3vp617z.cloudfront.net
  • 18.172.111.114
  • 18.172.111.35
  • 18.172.111.207
  • 18.172.111.223
whitelisted
images.sftcdn.net
  • 151.101.129.91
  • 151.101.65.91
  • 151.101.1.91
  • 151.101.193.91
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Process
Message
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
LoadingPage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
WelcomePage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
ProductPage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
ProductPage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
DownloadPageDLM
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
FinishPageDLM
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe