File name:

mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe

Full analysis: https://app.any.run/tasks/efca955a-48f9-4b2f-b49f-69b675b4da87
Verdict: Malicious activity
Analysis date: November 26, 2024, 04:29:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-html
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

A13096F4A1A89BC93D904743791CF85A

SHA1:

A4680C3EE22DB2654E9EEFA07A61ED8AA5BE1C6B

SHA256:

89D57BE9B185B0F05736F9DD637242DBF58CC4154CED106400359907CD117793

SSDEEP:

98304:ElmaUXfSNhsIl+OVBcQS21RIo7T/6Mr/ifUTce/Unba+O+CB3jD9hlp:u9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • mdi-viewer-mdi2pdf-converter-2.61-installer.tmp (PID: 6940)

    • Antivirus name has been found in the command line (generic signature)

      • AVGUI.exe (PID: 7080)
      • AVGUI.exe (PID: 5640)
      • AVGUI.exe (PID: 7868)
      • AVGUI.exe (PID: 5464)
      • AVGUI.exe (PID: 7020)
      • AVGUI.exe (PID: 7160)
      • AVGUI.exe (PID: 6532)
      • AVGUI.exe (PID: 6904)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • avg_antivirus_free_setup.exe (PID: 6780)
      • mdi-viewer-mdi2pdf-converter-2.61-installer.exe (PID: 6924)
      • avg_antivirus_free_online_setup.exe (PID: 6868)
      • mdi-viewer-mdi2pdf-converter-2.61-installer.tmp (PID: 6940)
      • mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe (PID: 6208)
      • icarus.exe (PID: 6996)
      • icarus.exe (PID: 2744)
      • installer.exe (PID: 6300)
      • installer.exe (PID: 6388)
      • icarus.exe (PID: 5640)
      • AvEmUpdate.exe (PID: 2136)
      • aswOfferTool.exe (PID: 7740)
      • engsup.exe (PID: 3140)
      • AVGSvc.exe (PID: 3920)

    • Process drops legitimate windows executable

      • mdi-viewer-mdi2pdf-converter-2.61-installer.tmp (PID: 6940)
      • icarus.exe (PID: 2744)
      • installer.exe (PID: 6388)

    • Executes application which crashes

      • MDI2PDF.exe (PID: 5004)

    • Starts itself from another location

      • icarus.exe (PID: 6996)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 2744)

    • Executes as Windows Service

      • servicehost.exe (PID: 6236)
      • AVGSvc.exe (PID: 3920)
      • wsc_proxy.exe (PID: 6444)
      • avgToolsSvc.exe (PID: 6772)
      • afwServ.exe (PID: 5916)
      • aswidsagent.exe (PID: 7576)

    • Starts CMD.EXE for commands execution

      • servicehost.exe (PID: 6236)
      • updater.exe (PID: 7080)

    • Drops a system driver (possible attempt to evade defenses)

      • engsup.exe (PID: 3140)
      • icarus.exe (PID: 2744)

    • Application launched itself

      • AVGUI.exe (PID: 7080)

    • Hides command output

      • cmd.exe (PID: 6948)

  • INFO

    • Checks supported languages

      • mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe (PID: 6208)

    • Reads the computer name

      • mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe (PID: 6208)

    • Manual execution by a user

      • MDI2PDF.exe (PID: 2736)
      • AVGUI.exe (PID: 7080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (17.3)
.dll | Win32 Dynamic Link Library (generic) (4.1)
.exe | Win32 Executable (generic) (2.8)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:11:13 14:11:30+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 2168320
InitializedDataSize: 2359296
UninitializedDataSize: -
EntryPoint: 0x1c6b12
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.0.13.45775
ProductVersionNumber: 3.0.13.45775
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Softonic
FileDescription: Softonic
FileVersion: 3.0.13.111311
LegalCopyright: (c) Softonic
ProductName: Softonic
ProductVersion: 3.0.13.111311
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
195
Monitored processes
63
Malicious processes
10
Suspicious processes
3

Behavior graph

Click at the process to see the details
start mdi-viewer-mdi2pdf-converter-2.61-installer_yz-s1q1.exe sabsi.exe avg_antivirus_free_setup.exe avg_antivirus_free_online_setup.exe mdi-viewer-mdi2pdf-converter-2.61-installer.exe mdi-viewer-mdi2pdf-converter-2.61-installer.tmp icarus.exe regsvr32.exe no specs regsvr32.exe no specs mdi2pdf.exe werfault.exe no specs icarus.exe icarus.exe installer.exe installer.exe servicehost.exe uihost.exe no specs updater.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs mdi2pdf.exe no specs engsup.exe setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs afwserv.exe no specs avgsvc.exe avgtoolssvc.exe no specs overseer.exe no specs avgui.exe no specs aswengsrv.exe no specs aswidsagent.exe no specs wpr.exe no specs conhost.exe no specs unsecapp.exe no specs engsup.exe no specs icarus.exe no specs aswoffertool.exe icarus.exe no specs icarus.exe no specs aswoffertool.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs mdi-viewer-mdi2pdf-converter-2.61-installer_yz-s1q1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files\Common Files\AVG\Overseer\overseer.exe" /skip_uptime /skip_remediationsC:\Program Files\Common Files\AVG\Overseer\overseer.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Overseer
Exit code:
0
Version:
1.0.494.0
772"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:avgNdisFlt /catalog:avgNdisFlt.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
1076"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRvrt.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
1744"C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\icarus.exe" /checkforupdates:avg-av-vps /silentC:\Program Files\Common Files\AVG\Icarus\avg-av-vps\icarus.exeAVGSvc.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
AVG Installer
Exit code:
0
Version:
24.11.8270.0
1760"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" "C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll"C:\Program Files\AVG\Antivirus\x86\RegSvr.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
2136"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installerC:\Program Files\AVG\Antivirus\AvEmUpdate.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Emergency Update
Exit code:
0
Version:
24.11.9615.0
2676"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\aswAMSI.dll"C:\Program Files\AVG\Antivirus\RegSvr.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
24.11.9615.0
2736"C:\Program Files (x86)\MDIConvertor\MDI2PDF.exe" C:\Program Files (x86)\MDIConvertor\MDI2PDF.exeexplorer.exe
User:
admin
Company:
BugySoft LTD
Integrity Level:
MEDIUM
Description:
MDI (MS Office Document Image) Converter
Version:
2.06.0645
Modules
Images
c:\program files (x86)\mdiconvertor\mdi2pdf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
2744C:\WINDOWS\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\avg-av\icarus.exe /silent /ws /psh:hIA7qv6y4LnyhZ8uUg5ES7NJSv5xFxjsl6RHqJGR35jKfB2LkrE9eOjWN5xgM0llMoJ1FJKzMOwSiw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\WINDOWS\Temp\asw.be861d718398f1a5 /track-guid:9466e02a-e3f9-4441-b7ef-1ee95e446a94 /er_master:master_ep_1f23ea87-b3b2-4c34-b43e-0fbb2563dc4e /er_ui:ui_ep_d728bbb8-4f4b-4c5c-b432-b1d411535951 /er_slave:avg-av_slave_ep_709580fc-4389-4cf7-a81d-383fda7d1118 /slave:avg-avC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\avg-av\icarus.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Installer
Exit code:
0
Version:
24.11.8270.0
Modules
Images
c:\windows\temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\avg-av\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
3060C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5004 -s 1252C:\Windows\SysWOW64\WerFault.exeMDI2PDF.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
31 651
Read events
31 298
Write events
336
Delete events
17

Modification events

(PID) Process:(6208) mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E8070B0002001A0004001D003B002001010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(6208) mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000428E62DABB3FDB01
(PID) Process:(6768) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:UUID
Value:
{7C38D908-2681-4998-93B1-E212CCB7F0D7}
(PID) Process:(6768) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:InstallerFlags
Value:
1
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+kmK8vtitUm5G5TNaPF5jQQAAAACAAAAAAAQZgAAAAEAACAAAADczVrXIMFMk0J5mbo1NksMitQ7eKKq/QgBCY9XJRzAlQAAAAAOgAAAAAIAACAAAAAIxR6NKmC7jtoXqSvVcoHunbxsAY/seVV2qmMKNjtzbVAAAAALoVyOSTfAbLVTuuEStDa1OSJMmS4moQ+C/oDtCYSIC9mb85jnq+999BX0BO1KAwcwKtRyqcrQ7BEPQCRiWiq33xAME9JzH+ZZ8BvavCv6mUAAAABtTEsvxC4ZYizdBB1uveczRStEvm+Mhn2AbxUeyPIHpNbWrFtOfS4UjTIfYGIBhpsJ+q1hZIQKlAelwoDmoTm9
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+kmK8vtitUm5G5TNaPF5jQQAAAACAAAAAAAQZgAAAAEAACAAAADczVrXIMFMk0J5mbo1NksMitQ7eKKq/QgBCY9XJRzAlQAAAAAOgAAAAAIAACAAAAAIxR6NKmC7jtoXqSvVcoHunbxsAY/seVV2qmMKNjtzbVAAAAALoVyOSTfAbLVTuuEStDa1OSJMmS4moQ+C/oDtCYSIC9mb85jnq+999BX0BO1KAwcwKtRyqcrQ7BEPQCRiWiq33xAME9JzH+ZZ8BvavCv6mUAAAABtTEsvxC4ZYizdBB1uveczRStEvm+Mhn2AbxUeyPIHpNbWrFtOfS4UjTIfYGIBhpsJ+q1hZIQKlAelwoDmoTm9
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
16be501d-59e5-458a-9b9a-cacdb67a9738
(PID) Process:(6868) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
16be501d-59e5-458a-9b9a-cacdb67a9738
Executable files
782
Suspicious files
2 321
Text files
1 107
Unknown types
36

Dropped files

PID
Process
Filename
Type
6868avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3binary
MD5:51CACEA0FBAE8346C20FB94EFEEF8809
SHA256:5749457FC3E5EE160FE41B6BC0743A890B38FD3F09965828BD19FE269E5BD434
6768saBSI.exeC:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00000057003F001D0006.txttext
MD5:E2F90435052F690DDBE38DA80F0D8B7B
SHA256:719C2F296D439A4F723D20417CFBE59FB1F1D1F52D0939F0B359DADB12A7B2B7
6868avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286binary
MD5:155F3AAC4CB26916C978505871A22A50
SHA256:87E4FB81C1C4F0C6187B359F8CA290207BC084185C172441539936CBCF5ECCD9
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\icarus_mod.dllexecutable
MD5:4F006AA4BC4D037B5A4C939F2CB85FFB
SHA256:7296F7BC71088F1E3F01F95A7004C73F403360F614ABE44F62ED50532FAACFD8
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\product-info.xmlxml
MD5:F703EEDD39374802BFF0E485505F4130
SHA256:9E1A26F315C40217096F24BE67B2CA9C2FDE60894D99535536E769897BB86D74
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\icarus.exeexecutable
MD5:043105E55F5AEA4FC68F51F69B04D6C2
SHA256:20A4B502D996BBEE3A4CBF4D344190CC42F216119C3711A9120267171E759AEE
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\6ba2c9a6-cd30-4cee-8781-73ed6e675f7acompressed
MD5:E83813C50924708BDAAC28940216A632
SHA256:73194BDB49262957952EA15D6FDD3C33B65225818FC2AA23915C4989B7DAFB81
6924mdi-viewer-mdi2pdf-converter-2.61-installer.exeC:\Users\admin\AppData\Local\Temp\is-3UPGJ.tmp\mdi-viewer-mdi2pdf-converter-2.61-installer.tmpexecutable
MD5:9E30AB5E3F6B43F69F928E6B4FCFD604
SHA256:AFFBE7F0320F9602D8C51468ECB7BC7960DF4F62AB1A36C05AC2FE2816D175BA
6868avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-7c5db805-110c-468b-97b2-60d2eabd9ed5\common\49c1a334-880b-4329-96dd-cf20e6dcdd04compressed
MD5:EDA65FABA0BC9A453B95E2F5669776CE
SHA256:41E41987668E0C140FFFDA68FF3F47572D0D6A0C38FED1097740CBC5F141E709
6940mdi-viewer-mdi2pdf-converter-2.61-installer.tmpC:\Users\admin\AppData\Local\Temp\is-HHHS0.tmp\_isetup\_RegDLL.tmpexecutable
MD5:C594B792B9C556EA62A30DE541D2FB03
SHA256:5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
463
DNS requests
299
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
440
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4824
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6780
avg_antivirus_free_setup.exe
POST
200
142.250.181.238:80
http://www.google-analytics.com/collect
unknown
whitelisted
7064
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7064
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
23.50.131.92:80
http://emupdate.bav.avcdn.net/files/bav/emupdate/patches.ini
unknown
whitelisted
HEAD
200
23.50.131.76:80
http://emupdate.avcdn.net/files/emupdate/pong.txt
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
440
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
440
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.160:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
  • 172.217.16.206
whitelisted
www.bing.com
  • 104.126.37.160
  • 104.126.37.123
  • 104.126.37.170
  • 104.126.37.153
  • 104.126.37.176
  • 104.126.37.171
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.161
  • 2.23.209.189
  • 2.23.209.179
  • 2.23.209.140
  • 2.23.209.182
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.176
whitelisted
login.live.com
  • 20.190.160.22
  • 40.126.32.136
  • 40.126.32.76
  • 20.190.160.14
  • 40.126.32.74
  • 40.126.32.72
  • 40.126.32.68
  • 40.126.32.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
d1zrq0r3vp617z.cloudfront.net
  • 18.172.111.114
  • 18.172.111.35
  • 18.172.111.207
  • 18.172.111.223
whitelisted
images.sftcdn.net
  • 151.101.129.91
  • 151.101.65.91
  • 151.101.1.91
  • 151.101.193.91
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Process
Message
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
LoadingPage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
WelcomePage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
ProductPage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
ProductPage
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
DownloadPageDLM
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe
FinishPageDLM
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\ISV57D7.tmp\saBSI\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mdi-viewer-mdi2pdf-converter-2.61-installer_YZ-s1q1.exe