File name:

data_2.dat

Full analysis: https://app.any.run/tasks/422ed37e-2186-4519-94b4-9ace002fd87c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 15, 2025, 06:42:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-scr
evasion
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

2C1B255E3A33284E865CCBDED10A68E3

SHA1:

79E32AD7730C1FDA197C57791E599D2A59DB72DF

SHA256:

99EBC64B3E66F1010D39767DD8203489F40DE51CF3E5883333F227D432878327

SSDEEP:

3072:4hrEcYTuZF3sDmYFDL56DLiSNMWm5RC3Oy1jjHfJWcCAnzuVmoP7wxi6yd+gf8+q:AYTuZFuB66SBRHJWcPz8/JrL9mUe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Antivirus name has been found in the command line (generic signature)

      • AVGUI.exe (PID: 8088)
      • AVGUI.exe (PID: 7832)
      • AVGUI.exe (PID: 3388)
      • AVGUI.exe (PID: 7504)
      • AVGUI.exe (PID: 4892)
      • AVGUI.exe (PID: 2664)
      • AVGUI.exe (PID: 8604)
      • AVGUI.exe (PID: 8856)
      • AVGUI.exe (PID: 9120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • data_2.dat.exe (PID: 6292)
      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus.exe (PID: 5348)
      • icarus.exe (PID: 7060)
      • icarus.exe (PID: 5284)
      • engsup.exe (PID: 1496)
      • AVGSvc.exe (PID: 6512)
      • aswOfferTool.exe (PID: 7736)

    • Starts itself from another location

      • icarus.exe (PID: 5348)

    • Reads security settings of Internet Explorer

      • icarus_ui.exe (PID: 1488)

    • There is functionality for taking screenshot (YARA)

      • data_2.dat.exe (PID: 6292)
      • data_2.dat.exe (PID: 1332)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 7060)
      • icarus.exe (PID: 5284)
      • engsup.exe (PID: 1496)
      • SetupInf.exe (PID: 2044)
      • SetupInf.exe (PID: 4808)
      • SetupInf.exe (PID: 6876)
      • SetupInf.exe (PID: 4552)
      • SetupInf.exe (PID: 3588)
      • AvEmUpdate.exe (PID: 3972)
      • SetupInf.exe (PID: 1212)
      • AvEmUpdate.exe (PID: 516)
      • RegSvr.exe (PID: 6868)
      • RegSvr.exe (PID: 4916)
      • SetupInf.exe (PID: 4932)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 7060)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 7060)

    • Drops a system driver (possible attempt to evade defenses)

      • icarus.exe (PID: 7060)
      • engsup.exe (PID: 1496)

    • Creates files in the driver directory

      • engsup.exe (PID: 1496)
      • icarus.exe (PID: 7060)

    • Creates or modifies Windows services

      • icarus.exe (PID: 7060)

    • Creates/Modifies COM task schedule object

      • icarus.exe (PID: 7060)
      • RegSvr.exe (PID: 6868)
      • RegSvr.exe (PID: 4916)

    • Creates a software uninstall entry

      • icarus.exe (PID: 7060)

    • Process checks presence of unattended files

      • icarus.exe (PID: 7060)

    • Checks for external IP

      • AvEmUpdate.exe (PID: 516)
      • AVGSvc.exe (PID: 6512)
      • avgToolsSvc.exe (PID: 4412)

    • Executes as Windows Service

      • afwServ.exe (PID: 3964)
      • AVGSvc.exe (PID: 6512)
      • avgToolsSvc.exe (PID: 4412)
      • aswidsagent.exe (PID: 7172)
      • wsc_proxy.exe (PID: 4708)

    • Connects to unusual port

      • AVGSvc.exe (PID: 6512)

    • Process requests binary or script from the Internet

      • AVGSvc.exe (PID: 6512)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 7060)

    • Application launched itself

      • AVGUI.exe (PID: 8088)

  • INFO

    • Checks supported languages

      • data_2.dat.exe (PID: 1332)
      • data_2.dat.exe (PID: 3288)
      • data_2.dat.exe (PID: 6292)
      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus.exe (PID: 5348)
      • icarus_ui.exe (PID: 1488)
      • icarus.exe (PID: 7060)
      • icarus.exe (PID: 5284)
      • engsup.exe (PID: 1496)
      • SetupInf.exe (PID: 2044)
      • SetupInf.exe (PID: 6876)
      • SetupInf.exe (PID: 4808)
      • SetupInf.exe (PID: 4552)
      • SetupInf.exe (PID: 3588)
      • AvEmUpdate.exe (PID: 3972)
      • AvEmUpdate.exe (PID: 516)
      • SetupInf.exe (PID: 1212)
      • RegSvr.exe (PID: 6868)
      • RegSvr.exe (PID: 4916)
      • SetupInf.exe (PID: 4932)

    • The sample compiled with english language support

      • data_2.dat.exe (PID: 1332)
      • data_2.dat.exe (PID: 6292)
      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus.exe (PID: 5348)
      • icarus.exe (PID: 7060)
      • icarus.exe (PID: 5284)
      • engsup.exe (PID: 1496)
      • AVGSvc.exe (PID: 6512)
      • aswOfferTool.exe (PID: 7736)

    • Reads the computer name

      • data_2.dat.exe (PID: 3288)
      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • data_2.dat.exe (PID: 6292)
      • icarus.exe (PID: 5348)
      • icarus_ui.exe (PID: 1488)
      • icarus.exe (PID: 7060)
      • icarus.exe (PID: 5284)
      • data_2.dat.exe (PID: 1332)
      • engsup.exe (PID: 1496)
      • SetupInf.exe (PID: 2044)
      • SetupInf.exe (PID: 6876)
      • SetupInf.exe (PID: 4552)
      • SetupInf.exe (PID: 4808)
      • SetupInf.exe (PID: 3588)
      • AvEmUpdate.exe (PID: 516)
      • AvEmUpdate.exe (PID: 3972)
      • SetupInf.exe (PID: 1212)
      • RegSvr.exe (PID: 4916)
      • RegSvr.exe (PID: 6868)
      • SetupInf.exe (PID: 4932)

    • Manual execution by a user

      • data_2.dat.exe (PID: 1216)
      • data_2.dat.exe (PID: 6292)
      • data_2.dat.exe (PID: 3288)
      • data_2.dat.exe (PID: 4372)
      • AVGUI.exe (PID: 8088)
      • Set-up.exe (PID: 8572)

    • Creates files in the program directory

      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus.exe (PID: 5348)
      • icarus_ui.exe (PID: 1488)
      • icarus.exe (PID: 7060)
      • engsup.exe (PID: 1496)
      • AvEmUpdate.exe (PID: 3972)
      • AvEmUpdate.exe (PID: 516)
      • icarus.exe (PID: 5284)

    • Reads the software policy settings

      • data_2.dat.exe (PID: 6292)
      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus_ui.exe (PID: 1488)
      • slui.exe (PID: 1896)
      • AvEmUpdate.exe (PID: 516)

    • Reads the machine GUID from the registry

      • data_2.dat.exe (PID: 6292)
      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus_ui.exe (PID: 1488)
      • icarus.exe (PID: 5348)
      • icarus.exe (PID: 5284)
      • icarus.exe (PID: 7060)
      • data_2.dat.exe (PID: 1332)
      • data_2.dat.exe (PID: 3288)

    • Create files in a temporary directory

      • avg_antivirus_free_online_setup.exe (PID: 3872)

    • Checks proxy server information

      • avg_antivirus_free_online_setup.exe (PID: 3872)
      • icarus_ui.exe (PID: 1488)
      • slui.exe (PID: 1896)
      • AvEmUpdate.exe (PID: 3972)
      • AvEmUpdate.exe (PID: 516)

    • Reads CPU info

      • icarus.exe (PID: 5348)
      • icarus_ui.exe (PID: 1488)
      • icarus.exe (PID: 5284)
      • icarus.exe (PID: 7060)
      • SetupInf.exe (PID: 2044)
      • SetupInf.exe (PID: 6876)
      • SetupInf.exe (PID: 4808)
      • SetupInf.exe (PID: 4552)
      • SetupInf.exe (PID: 3588)
      • AvEmUpdate.exe (PID: 3972)
      • SetupInf.exe (PID: 1212)
      • AvEmUpdate.exe (PID: 516)
      • RegSvr.exe (PID: 6868)
      • RegSvr.exe (PID: 4916)
      • SetupInf.exe (PID: 4932)
      • engsup.exe (PID: 1496)

    • Reads Environment values

      • icarus.exe (PID: 7060)
      • AvEmUpdate.exe (PID: 3972)
      • AvEmUpdate.exe (PID: 516)

    • Creates files or folders in the user directory

      • icarus_ui.exe (PID: 1488)

    • The sample compiled with czech language support

      • icarus.exe (PID: 7060)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:04:12 08:36:29+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 137216
InitializedDataSize: 89088
UninitializedDataSize: -
EntryPoint: 0x1020
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.1.99.0
ProductVersionNumber: 2.1.99.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: AVG Technologies CZ, s.r.o.
Edition: 15
FileDescription: AVG Installer
FileVersion: 2.1.99.0
InternalName: microstub
LegalCopyright: Copyright (C) 2023 AVG Technologies CZ, s.r.o.
OriginalFileName: microstub.exe
ProductName: AVG
ProductVersion: 2.1.99.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
50
Malicious processes
19
Suspicious processes
0

Behavior graph

Click at the process to see the details
start data_2.dat.exe data_2.dat.exe no specs data_2.dat.exe data_2.dat.exe no specs data_2.dat.exe avg_antivirus_free_online_setup.exe icarus.exe icarus_ui.exe icarus.exe icarus.exe slui.exe engsup.exe setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs afwserv.exe avgsvc.exe avgtoolssvc.exe aswengsrv.exe no specs aswidsagent.exe no specs wpr.exe no specs icarus.exe conhost.exe no specs unsecapp.exe no specs icarus.exe avgui.exe overseer.exe engsup.exe no specs aswoffertool.exe aswoffertool.exe no specs avgui.exe avgui.exe no specs avgui.exe avgui.exe no specs avgui.exe no specs set-up.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe no specs data_2.dat.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
516"C:\Users\admin\Desktop\data_2.dat.exe" C:\Users\admin\Desktop\data_2.dat.exeexplorer.exe
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
MEDIUM
Description:
AVG Installer
Exit code:
3221226540
Version:
2.1.99.0
Modules
Images
c:\users\admin\desktop\data_2.dat.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
516"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installerC:\Program Files\AVG\Antivirus\AvEmUpdate.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Emergency Update
Exit code:
0
Version:
25.5.10141.0
Modules
Images
c:\program files\avg\antivirus\avemupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
1212"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRvrt.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
25.5.10141.0
Modules
Images
c:\program files\avg\antivirus\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1216"C:\Users\admin\Desktop\data_2.dat.exe" C:\Users\admin\Desktop\data_2.dat.exeexplorer.exe
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
MEDIUM
Description:
AVG Installer
Exit code:
3221226540
Version:
2.1.99.0
Modules
Images
c:\users\admin\desktop\data_2.dat.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1332"C:\Users\admin\Desktop\data_2.dat.exe" C:\Users\admin\Desktop\data_2.dat.exe
explorer.exe
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
HIGH
Description:
AVG Installer
Exit code:
2250
Version:
2.1.99.0
Modules
Images
c:\users\admin\desktop\data_2.dat.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1488C:\WINDOWS\Temp\asw-cd2fccf0-ec65-4552-995d-1c6b7035b51b\common\icarus_ui.exe /cookie:mmm_bav_003_999_a7j_m:dlid_FREEGSR-HP /edat_dir:C:\WINDOWS\Temp\asw.e5d54d648d95d720 /track-guid:fe9f9da6-3f42-42ef-90f3-6f503474c30e /sssid:3872 /er_master:master_ep_8f2d35f4-198b-43fd-afb8-daf3507bea06 /er_ui:ui_ep_d0886ea5-e680-4227-9e88-546020770877C:\Windows\Temp\asw-cd2fccf0-ec65-4552-995d-1c6b7035b51b\common\icarus_ui.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG UI
Version:
25.5.9257.0
Modules
Images
c:\windows\temp\asw-cd2fccf0-ec65-4552-995d-1c6b7035b51b\common\icarus_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ucrtbase.dll
1496"C:\Program Files\AVG\Antivirus\defs\25061500\engsup.exe" /prepare_definitions_folderC:\Program Files\AVG\Antivirus\defs\25061500\engsup.exe
icarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus vps tool
Exit code:
0
Version:
18.0.2262.0
Modules
Images
c:\program files\avg\antivirus\defs\25061500\engsup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1896C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2044"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:sw_avgNdisC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
25.5.10141.0
Modules
Images
c:\program files\avg\antivirus\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2664"C:\Program Files\AVG\Antivirus\AVGUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --field-trial-handle=6936,17239729863696553653,4283169317085209273,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=9604 /prefetch:1C:\Program Files\AVG\Antivirus\AVGUI.exeAVGUI.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Antivirus
Version:
25.5.10141.0
Modules
Images
c:\program files\avg\antivirus\avgui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\avg\antivirus\aswhook.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
Total events
64 455
Read events
63 186
Write events
1 125
Delete events
144

Modification events

(PID) Process:(3872) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9WeG5MJHvEqZXMUaT8IuDwQAAAACAAAAAAAQZgAAAAEAACAAAAB6qxcBxytBtqRuJfJZWlKr7IKy6qUMnMbx7uF88O6NYAAAAAAOgAAAAAIAACAAAADsP390NqXGYv33wXYQUP4hZFw/JW1vG45aVhHS6fDm+lAAAADIeIh2l2IhpF+g0ublEVghxpVhS3eRNIHpIxxxSMfzUv0lHPpbN6rGPcLpOcIMk2XZGA2mZD+d3xPMA8APnINmpJJ0RGBtonurX+eReOTJsUAAAAApT/mx8R17Y6YeZmTljiszY+OcDgcrypS9vZtmUEl2tiu62XqMnRe2eeYUlSIRCBh/9thQt/7dFwQX4omLNbRr
(PID) Process:(3872) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9WeG5MJHvEqZXMUaT8IuDwQAAAACAAAAAAAQZgAAAAEAACAAAAB6qxcBxytBtqRuJfJZWlKr7IKy6qUMnMbx7uF88O6NYAAAAAAOgAAAAAIAACAAAADsP390NqXGYv33wXYQUP4hZFw/JW1vG45aVhHS6fDm+lAAAADIeIh2l2IhpF+g0ublEVghxpVhS3eRNIHpIxxxSMfzUv0lHPpbN6rGPcLpOcIMk2XZGA2mZD+d3xPMA8APnINmpJJ0RGBtonurX+eReOTJsUAAAAApT/mx8R17Y6YeZmTljiszY+OcDgcrypS9vZtmUEl2tiu62XqMnRe2eeYUlSIRCBh/9thQt/7dFwQX4omLNbRr
(PID) Process:(3872) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
6a19356b-a170-408c-ae37-c30e373dec4c
(PID) Process:(3872) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
6a19356b-a170-408c-ae37-c30e373dec4c
(PID) Process:(3872) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(3872) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(5348) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
6a19356b-a170-408c-ae37-c30e373dec4c
(PID) Process:(5348) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
F6D4F52220BB5A3D7246A004278BB23F
(PID) Process:(1488) icarus_ui.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1488) icarus_ui.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
749
Suspicious files
1 680
Text files
287
Unknown types
0

Dropped files

PID
Process
Filename
Type
6292data_2.dat.exeC:\Windows\Temp\asw.e5d54d648d95d720\ecoo.edattext
MD5:DB3CA64ED91DBA2F1386D6E47060AC24
SHA256:67C3E8261D9996119D319E4821365A14F0C64035370D3F8A3447F9BFF5EB093A
6292data_2.dat.exeC:\Windows\Temp\asw.e5d54d648d95d720\avg_antivirus_free_online_setup.exeexecutable
MD5:795564F96704DBE2DDC1D960F77A9295
SHA256:EF64282BA244EF34AD6E9BEFE842AC0322212583EA9F3C3F40D7C0E2B9C75BBC
3872avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286binary
MD5:CFE84BB9FED5F29D92C7BE13178C1427
SHA256:7CCC759BDA337182C5DA8675C02F81BA84940DB4C98C4B84965F65629B90ABB2
3872avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-cd2fccf0-ec65-4552-995d-1c6b7035b51b\common\icarus_mod.dllexecutable
MD5:D80E2FF58D8DBABB1D384B13B85CA1FC
SHA256:940548BA54A8D63F756ECBA19B1E233F3DF0660C4E222D4D94CF7913E90C5608
3872avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3binary
MD5:51CACEA0FBAE8346C20FB94EFEEF8809
SHA256:5749457FC3E5EE160FE41B6BC0743A890B38FD3F09965828BD19FE269E5BD434
3872avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-cd2fccf0-ec65-4552-995d-1c6b7035b51b\common\product-info.xmlxml
MD5:86A8A3B09BEBA1E29C4FA3C5D30BB355
SHA256:24B65497ABACB5026C9C02BDB9947FCB884EACB35BA1EC0EE7EF16727A0197BD
3872avg_antivirus_free_online_setup.exeC:\ProgramData\AVG\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
3872avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0binary
MD5:E557EBB2D7E8405FD52EBF9E520BEF56
SHA256:7ACC1D92B7FF404F35CB984858F9E7D428409F5D093677F815AE4D8867F51BC0
3872avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-cd2fccf0-ec65-4552-995d-1c6b7035b51b\common\f701f2c9-2afb-4315-bbd1-737687db4c0fcompressed
MD5:4C4BDAB2CC7E10BA5E94A4C90D0F33F2
SHA256:0BE0366E08D587249A9C9A33F95E995D9283E40EFA3E12EB162664E79CD99FA7
5348icarus.exeC:\ProgramData\AVG\Icarus\Logs\report.log
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
114
TCP/UDP connections
143
DNS requests
110
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1332
data_2.dat.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
1332
data_2.dat.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
unknown
whitelisted
3288
data_2.dat.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
unknown
whitelisted
6292
data_2.dat.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
unknown
whitelisted
3288
data_2.dat.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
6292
data_2.dat.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
whitelisted
6292
data_2.dat.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
unknown
whitelisted
6704
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4680
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1332
data_2.dat.exe
172.217.18.110:80
www.google-analytics.com
GOOGLE
US
whitelisted
1332
data_2.dat.exe
34.117.223.223:80
v7event.stats.avast.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 2.23.246.101
whitelisted
www.google-analytics.com
  • 172.217.18.110
whitelisted
v7event.stats.avast.com
  • 34.117.223.223
whitelisted
honzik.avcdn.net
  • 23.58.109.178
  • 2a02:26f0:480:788::240d
  • 2a02:26f0:480:7a8::240d
  • 23.212.89.10
whitelisted
analytics.avcdn.net
  • 34.117.223.223
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
516
AvEmUpdate.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
6512
AVGSvc.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
6512
AVGSvc.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
4412
avgToolsSvc.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Process
Message
AVGSvc.exe
[2025-06-15 06:44:50.773] [error ] [events_rep ] [ 6512: 6212] [0FF8B3: 49] asw::burger_event::regular_burger_event_reporter_holder::start_all : starting of class asw::burger_event::data_sharing_preference_report failed with an exception : Identity of Burger client was not set.
AVGSvc.exe
[2025-06-15 06:44:53.072] [error ] [dnsdoh ] [ 6512: 3752] [536B88: 73] failed to restore usage statistics Exception: corrupted file
AVGSvc.exe
[2025-06-15 06:44:54.212] [info ] [nsf_urlinfo] [ 6512: 3752] [542D42: 46] Starting UrlInfo
AVGSvc.exe
[2025-06-15 06:44:54.212] [info ] [nsf_urlinfo] [ 6512: 3752] [BD78E5: 39] Initialize UrlInfoMgr
AVGSvc.exe
[2025-06-15 06:44:54.228] [info ] [nsf_urlinfo] [ 6512: 3752] [BD78E5: 72] UrlInfoMgr initialized
AVGUI.exe
[2025-06-15 06:45:06.960] [error ] [UI:Brows:1 ] [ 8088: 7860] [10477D: 77] Exception: Request 'app.Antitrack.GetCount' was not processed. Routing parameters:
AVGUI.exe
[2025-06-15 06:45:06.960] [error ] [UI:Brows:1 ] [ 8088: 7500] [10477D: 77] Exception: Request 'app.Antitrack.GetCount' was not processed. Routing parameters:
AVGUI.exe
[2025-06-15 06:45:07.007] [error ] [browserpass] [ 8088: 8188] [CB6C2C: 38] ASB: failed to read data location (2)
AVGUI.exe
[2025-06-15 06:45:07.007] [error ] [browserpass] [ 8088: 8188] [554D37: 22] Chrome based: failed to get user data path
AVGUI.exe
[2025-06-15 06:45:07.007] [error ] [browserpass] [ 8088: 8188] [554D37: 22] Chrome based: failed to get user data path
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
data_2.dat