File name:

inssider-5.6.1.2-installer_7tX3w-1.exe

Full analysis: https://app.any.run/tasks/dbbfe194-388c-42d1-b033-1897ed59565d
Verdict: Malicious activity
Analysis date: July 01, 2024, 15:28:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
amsi
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B2E6BAC3BAED5FD235B90C30BA9BDEC8

SHA1:

9DD517743452918CE4E4583CE327EF907E6DA97B

SHA256:

C7DA9264A674A297C34B9EA7A34E5314140883E0914576563CA8BEE1B4EA8B15

SSDEEP:

49152:H7HecD4dnbibBlEnCWFc7qThTkTrlmSqmyTiYhunFVMmxABTok1GSK5F6xHhnBKl:b+cD4dnvDGGhTkvljCiYgFamaTvhNPKl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • inssider-5.6.1.2-installer_7tX3w-1.exe (PID: 3368)
      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • inssider-5.6.1.2-installer.exe (PID: 3672)
      • Update.exe (PID: 3856)
      • icarus.exe (PID: 2488)
      • icarus.exe (PID: 3396)

    • Creates a writable file in the system directory

      • icarus.exe (PID: 3396)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • inssider-5.6.1.2-installer_7tX3w-1.exe (PID: 3368)
      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • inssider-5.6.1.2-installer.exe (PID: 3672)
      • Update.exe (PID: 3856)
      • icarus.exe (PID: 2488)
      • icarus.exe (PID: 3396)

    • Reads settings of System Certificates

      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • inSSIDer.exe (PID: 4056)
      • icarus.exe (PID: 2488)
      • Update.exe (PID: 3856)

    • Process drops legitimate windows executable

      • inssider-5.6.1.2-installer.exe (PID: 3672)
      • Update.exe (PID: 3856)
      • icarus.exe (PID: 3396)

    • Drops a system driver (possible attempt to evade defenses)

      • Update.exe (PID: 3856)

    • The process drops C-runtime libraries

      • Update.exe (PID: 3856)
      • icarus.exe (PID: 3396)

    • Process drops SQLite DLL files

      • Update.exe (PID: 3856)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 3856)
      • inSSIDer.exe (PID: 4056)

    • Reads the Internet Settings

      • Update.exe (PID: 3856)
      • inSSIDer.exe (PID: 4056)

    • Checks Windows Trust Settings

      • inSSIDer.exe (PID: 4056)

    • Patches Antimalware Scan Interface function (YARA)

      • Update.exe (PID: 3856)
      • inSSIDer.exe (PID: 4056)

    • Searches for installed software

      • Update.exe (PID: 3856)

    • Creates a software uninstall entry

      • Update.exe (PID: 3856)

    • Starts itself from another location

      • icarus.exe (PID: 2488)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 3396)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 3396)

  • INFO

    • Checks supported languages

      • inssider-5.6.1.2-installer_7tX3w-1.exe (PID: 3368)
      • inssider-5.6.1.2-installer_7tX3w-1.tmp (PID: 3392)
      • wmpnscfg.exe (PID: 3416)
      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • inssider-5.6.1.2-installer.exe (PID: 3672)
      • inssider-5.6.1.2-installer.exe (PID: 3584)
      • Update.exe (PID: 3856)
      • icarus.exe (PID: 2488)
      • inSSIDer.exe (PID: 3920)
      • inSSIDer.exe (PID: 4056)
      • icarus.exe (PID: 3272)
      • icarus.exe (PID: 3396)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3416)
      • inssider-5.6.1.2-installer_7tX3w-1.tmp (PID: 3392)
      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • Update.exe (PID: 3856)
      • inssider-5.6.1.2-installer.exe (PID: 3584)
      • icarus.exe (PID: 2488)
      • inSSIDer.exe (PID: 3920)
      • inSSIDer.exe (PID: 4056)
      • icarus.exe (PID: 3396)
      • icarus.exe (PID: 3272)

    • Create files in a temporary directory

      • inssider-5.6.1.2-installer_7tX3w-1.exe (PID: 3368)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • icarus.exe (PID: 2488)
      • Update.exe (PID: 3856)
      • icarus.exe (PID: 3272)
      • icarus.exe (PID: 3396)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3416)
      • inssider-5.6.1.2-installer.exe (PID: 3672)

    • Reads the machine GUID from the registry

      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • inssider-5.6.1.2-installer.exe (PID: 3584)
      • Update.exe (PID: 3856)
      • icarus.exe (PID: 2488)
      • inSSIDer.exe (PID: 3920)
      • inSSIDer.exe (PID: 4056)
      • icarus.exe (PID: 3272)
      • icarus.exe (PID: 3396)

    • Reads the software policy settings

      • avg_antivirus_free_setup.exe (PID: 940)
      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • inSSIDer.exe (PID: 4056)
      • icarus.exe (PID: 2488)
      • Update.exe (PID: 3856)

    • Creates files in the program directory

      • avg_antivirus_free_online_setup.exe (PID: 2416)
      • icarus.exe (PID: 2488)
      • inSSIDer.exe (PID: 4056)
      • icarus.exe (PID: 3396)

    • Creates files or folders in the user directory

      • inssider-5.6.1.2-installer.exe (PID: 3672)
      • Update.exe (PID: 3856)
      • inSSIDer.exe (PID: 3920)
      • inSSIDer.exe (PID: 4056)

    • Reads CPU info

      • icarus.exe (PID: 2488)
      • icarus.exe (PID: 3272)
      • icarus.exe (PID: 3396)

    • Disables trace logs

      • Update.exe (PID: 3856)

    • Reads Environment values

      • Update.exe (PID: 3856)
      • icarus.exe (PID: 3396)

    • Dropped object may contain TOR URL's

      • icarus.exe (PID: 2488)
      • icarus.exe (PID: 3396)

    • Application launched itself

      • msedge.exe (PID: 2876)
      • msedge.exe (PID: 596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 423.56.98.8907
ProductVersionNumber: 423.56.98.8907
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic ??????nternational SA
FileVersion: 423.56.98.8907
LegalCopyright: ©2023 Softonic ??????nternational SA
OriginalFileName:
ProductName: Softonic ??????nternational SA
ProductVersion: 3.1.5.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
84
Monitored processes
39
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start inssider-5.6.1.2-installer_7tx3w-1.exe inssider-5.6.1.2-installer_7tx3w-1.tmp no specs wmpnscfg.exe no specs avg_antivirus_free_setup.exe avg_antivirus_free_online_setup.exe inssider-5.6.1.2-installer.exe no specs inssider-5.6.1.2-installer.exe THREAT update.exe icarus.exe inssider.exe no specs THREAT inssider.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs icarus.exe icarus.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
596"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://metageek.link/need-inssider-account?utm_campaign=Software&utm_medium=inssider&utm_source=AuthenticationWindowC:\Program Files\Microsoft\Edge\Application\msedge.exeinSSIDer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
940"C:\Users\admin\AppData\Local\Temp\is-J8BUC.tmp\component0_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5fbO1TdpMe3DTgjwg9GK0uSprvNECe8Z96i4bFtkJfvarNo50Sp76T58YY0lu93vBMAiZjC7AC:\Users\admin\AppData\Local\Temp\is-J8BUC.tmp\component0_extract\avg_antivirus_free_setup.exe
inssider-5.6.1.2-installer_7tX3w-1.tmp
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
2.1.99.0
Modules
Images
c:\users\admin\appdata\local\temp\is-j8buc.tmp\component0_extract\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1132"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1624 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1808"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2804 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1908"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3932 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1920"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3956 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1944"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1992"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4768 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2256"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4836 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2296"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4296 --field-trial-handle=1164,i,17832111398187662961,7123781971973643081,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
44 048
Read events
43 834
Write events
207
Delete events
7

Modification events

(PID) Process:(940) avg_antivirus_free_setup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Windows\Temp\asw.5a350722be2d6008
(PID) Process:(940) avg_antivirus_free_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
138F65F3DE11A9670C8CF1AB7F8C2DEC
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
138F65F3DE11A9670C8CF1AB7F8C2DEC
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAqSMwLWn6UUuwIvtvYlK0dwQAAAACAAAAAAAQZgAAAAEAACAAAAAxhvmqpB//ydcLNmv1oMZagjXpUCpF+iH7XPHrYGfRnwAAAAAOgAAAAAIAACAAAADpzYAWW7hefedGWVCy3eJ50afno6FuvbHqH4JTyZ73AFAAAAB481qYLZRGN++kReL4Hiy1XOwfvgPgCxX/VLozlZ6CRH7w9J5nv3cqGebZfrBYo8bxaTOL3m0XLD+XVFZoT1fZURIRGmhJ+cJqacaoX99W+EAAAADegaczzHmVuR8squx33TLEUPJK8gcLbhnllLLxU13e/vEoCrhuGMCWoHPFkHlWd5tqGeOhe/aNuC6ehde4frr3
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAqSMwLWn6UUuwIvtvYlK0dwQAAAACAAAAAAAQZgAAAAEAACAAAAAxhvmqpB//ydcLNmv1oMZagjXpUCpF+iH7XPHrYGfRnwAAAAAOgAAAAAIAACAAAADpzYAWW7hefedGWVCy3eJ50afno6FuvbHqH4JTyZ73AFAAAAB481qYLZRGN++kReL4Hiy1XOwfvgPgCxX/VLozlZ6CRH7w9J5nv3cqGebZfrBYo8bxaTOL3m0XLD+XVFZoT1fZURIRGmhJ+cJqacaoX99W+EAAAADegaczzHmVuR8squx33TLEUPJK8gcLbhnllLLxU13e/vEoCrhuGMCWoHPFkHlWd5tqGeOhe/aNuC6ehde4frr3
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
57787c13-3d7f-4794-aae9-3ca74ac04c4e
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
57787c13-3d7f-4794-aae9-3ca74ac04c4e
(PID) Process:(2416) avg_antivirus_free_online_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2488) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
57787c13-3d7f-4794-aae9-3ca74ac04c4e
Executable files
309
Suspicious files
226
Text files
184
Unknown types
69

Dropped files

PID
Process
Filename
Type
2416avg_antivirus_free_online_setup.exeC:\ProgramData\AVG\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
940avg_antivirus_free_setup.exeC:\Windows\Temp\asw.5a350722be2d6008\avg_antivirus_free_online_setup.exeexecutable
MD5:89799311702BD341AA9B7DAEE903B5C2
SHA256:FDD5DB7B0BA463D31FC12A0478854E393E02102164F6B19CEBB7CD3AC496E2D3
3672inssider-5.6.1.2-installer.exeC:\Users\admin\AppData\Local\SquirrelTemp\Update.exeexecutable
MD5:C5F6CDA4976AE38CD9FBA3D1E5EBD244
SHA256:DAE7BD888B715B8E215482BC5EA6F028DED32A3AD88BF4ACB6431D2A62FFE3F4
2416avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0binary
MD5:3C7DF3D1B8D5ED9B1014843CCD1B360D
SHA256:902295F58E8A0126CFCD8E5B1A6B5A3DE1E21ED43EE595514D6B47C1FBD38708
940avg_antivirus_free_setup.exeC:\windows\temp\asw.5a350722be2d6008\ecoo.edattext
MD5:3F44A3C655AC2A5C3AB32849ECB95672
SHA256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
2416avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-f075224b-fbc3-421f-a19c-d217fa3b4af8\common\icarus_mod.dllexecutable
MD5:F37B83A39F1C7B6A87D0C4B41091CD87
SHA256:DBEFC0C1A7785FE08AE05046F72095ACF3F3BFC348D370C99E4AC05B09C7EF46
2416avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3binary
MD5:336A73B76E70C250520B5B69AA0104EB
SHA256:0E52E2D0B148555EC20F6A19CC8663484AAD6CBBFA43C227E064CE7BDDB27896
2416avg_antivirus_free_online_setup.exeC:\Users\admin\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286binary
MD5:05A69DE61E2286A8758F422FF37FBEEF
SHA256:EF50CCC1D2DDB5360ACF261A6DF78B9A3F995C3D7AF9219E461D4A5D38F0A34C
2416avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-f075224b-fbc3-421f-a19c-d217fa3b4af8\common\bba6b222-7efe-43dc-a465-b974ec59284abinary
MD5:8333964FC08C904CF6BDED04A2841655
SHA256:305C379BEBE84E2F22D2FF4328D2399527FE584D5F3ECD3B2CF8AC1D0A91445B
2416avg_antivirus_free_online_setup.exeC:\Windows\Temp\asw-f075224b-fbc3-421f-a19c-d217fa3b4af8\common\product-info.xmlxml
MD5:1CD82588F7C425083E7C2DF8D3A635DA
SHA256:275E2B5FDA8C7924DAC945914CA156E4B5A6D7C76947D7299A7B907D798DE199
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
117
DNS requests
133
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
940
avg_antivirus_free_setup.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
unknown
1372
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
940
avg_antivirus_free_setup.exe
POST
204
34.117.223.223:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
unknown
unknown
1060
svchost.exe
GET
304
2.16.100.168:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?32e8c3cdb69e6bfa
unknown
unknown
940
avg_antivirus_free_setup.exe
POST
200
216.58.212.174:80
http://www.google-analytics.com/collect
unknown
unknown
940
avg_antivirus_free_setup.exe
POST
200
216.58.212.174:80
http://www.google-analytics.com/collect
unknown
unknown
2876
msedge.exe
GET
88.221.110.106:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?723814f193433926
unknown
unknown
2876
msedge.exe
GET
88.221.110.106:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1b972e79fc18ee0f
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2300
inssider-5.6.1.2-installer_7tX3w-1.tmp
18.66.121.154:443
d2dbdb0phbn9qb.cloudfront.net
AMAZON-02
US
unknown
2300
inssider-5.6.1.2-installer_7tX3w-1.tmp
2.23.65.62:443
images.sftcdn.net
AKAMAI-AS
DE
unknown
2300
inssider-5.6.1.2-installer_7tX3w-1.tmp
199.232.194.133:443
gsf-fl.softonic.com
FASTLY
US
unknown
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1372
svchost.exe
2.19.126.163:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
d2dbdb0phbn9qb.cloudfront.net
  • 18.66.121.154
  • 18.66.121.63
  • 18.66.121.153
  • 18.66.121.161
unknown
images.sftcdn.net
  • 2.23.65.62
whitelisted
gsf-fl.softonic.com
  • 199.232.194.133
  • 199.232.198.133
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 2.19.126.163
  • 2.19.126.137
  • 2.16.100.168
  • 88.221.110.106
  • 88.221.110.121
whitelisted
crl.microsoft.com
  • 2.16.164.106
  • 2.16.164.43
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
www.google-analytics.com
  • 216.58.212.174
whitelisted
honzik.avcdn.net
  • 2.19.100.183
  • 23.212.89.10
  • 2a02:26f0:480:788::240d
  • 2a02:26f0:480:7a8::240d
unknown
v7event.stats.avast.com
  • 34.117.223.223
whitelisted

Threats

No threats detected
Process
Message
inSSIDer.exe
inSSIDer.exe Information: 0 :
inSSIDer.exe
Exception while trying to copy the existing settings: Could not find a part of the path 'C:\Users\admin\AppData\Local\MetaGeek'.
inSSIDer.exe
inSSIDer.exe Warning: 0 :
inSSIDer.exe
The token is null or empty.
inSSIDer.exe
inSSIDer.exe Warning: 0 :
inSSIDer.exe
Exception making user from token: Object reference not set to an instance of an object.
inSSIDer.exe
inSSIDer.exe Information: 0 :
inSSIDer.exe
Not authenticated
inSSIDer.exe
System.ComponentModel.Composition Warning: 1 :
inSSIDer.exe
The ComposablePartDefinition 'MetaGeek.InssiderPro.ProModuleDefinition' has been rejected. The composition remains unchanged. The changes were rejected because of the following error(s): The composition produced multiple composition errors, with 7 root causes. The root causes are provided below. Review the CompositionException.Errors property for more detailed information. 1) No exports were found that match the constraint: ContractName MetaGeek.WiSpy.Services.WiSpyDeviceStore RequiredTypeIdentity MetaGeek.WiSpy.Services.WiSpyDeviceStore Resulting in: Cannot set import 'MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.WiSpy.Services.WiSpyDeviceStore")' on part 'MetaGeek.InssiderPro.ProModuleDefinition'. Element: MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.WiSpy.Services.WiSpyDeviceStore") --> MetaGeek.InssiderPro.ProModuleDefinition --> AssemblyCatalog (Assembly="MetaGeek.InssiderPro, Version=5.5.0.0, Culture=neutral, PublicKeyToken=null") 2) No exports were found that match the constraint: ContractName MetaGeek.InssiderPro.ProUIComposer RequiredTypeIdentity MetaGeek.InssiderPro.ProUIComposer Resulting in: Cannot set import 'MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.InssiderPro.ProUIComposer")' on part 'MetaGeek.InssiderPro.ProModuleDefinition'. Element: MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.InssiderPro.ProUIComposer") --> MetaGeek.InssiderPro.ProModuleDefinition --> AssemblyCatalog (Assembly="MetaGeek.InssiderPro, Version=5.5.0.0, Culture=neutral, PublicKeyToken=null") 3) No exports were found that match the constraint: ContractName MetaGeek.Infrastructure.Windows.Services.ExceptionLogger RequiredTypeIdentity MetaGeek.Infrastructure.Windows.Services.ExceptionLogger Resulting in: Cannot set import 'MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Infrastructure.Windows.Services.ExceptionLogger")' on part 'MetaGeek.InssiderPro.ProModuleDefinition'. Element: MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Infrastructure.Windows.Services.ExceptionLogger") --> MetaGeek.InssiderPro.ProModuleDefinition --> AssemblyCatalog (Assembly="MetaGeek.InssiderPro, Version=5.5.0.0, Culture=neutral, PublicKeyToken=null") 4) No exports were found that match the constraint: ContractName MetaGeek.Infrastructure.Windows.Services.TraceTextFileLoggerHandler RequiredTypeIdentity MetaGeek.Infrastructure.Windows.Services.TraceTextFileLoggerHandler Resulting in: Cannot set import 'MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Infrastructure.Windows.Services.TraceTextFileLoggerHandler")' on part 'MetaGeek.InssiderPro.ProModuleDefinition'. Element: MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Infrastructure.Windows.Services.TraceTextFileLoggerHandler") --> MetaGeek.InssiderPro.ProModuleDefinition --> AssemblyCatalog (Assembly="MetaGeek.InssiderPro, Version=5.5.0.0, Culture=neutral, PublicKeyToken=null") 5) No exports were found that match the constraint: ContractName MetaGeek.Inssider.Services.InssiderMenuService RequiredTypeIdentity MetaGeek.Inssider.Services.InssiderMenuService Resulting in: Cannot set import 'MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Inssider.Services.InssiderMenuService")' on part 'MetaGeek.InssiderPro.ProModuleDefinition'. Element: MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Inssider.Services.InssiderMenuService") --> MetaGeek.InssiderPro.ProModuleDefinition --> AssemblyCatalog (Assembly="MetaGeek.InssiderPro, Version=5.5.0.0, Culture=neutral, PublicKeyToken=null") 6) No exports were found that match the constraint: ContractName MetaGeek.Inssider.Services.SignalThresholdService RequiredTypeIdentity MetaGeek.Inssider.Services.SignalThresholdService Resulting in: Cannot set import 'MetaGeek.InssiderPro.ProModuleDefinition.? (ContractName="MetaGeek.Inssider.Services.SignalThresholdService")' on part 'MetaGeek.InssiderPro.ProModuleDefinition
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
inssider-5.6.1.2-installer_7tX3w-1.exe