File name:

avast_driver_updater_online_setup.exe

Full analysis: https://app.any.run/tasks/b48b4263-fc05-45b7-bd4d-0c04e80cc221
Verdict: Malicious activity
Analysis date: November 22, 2023, 07:41:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

09974CA47222E54A1223FFD13FF0DF68

SHA1:

E4B922C81FC8E97AF013DC03E31D2FE01DE1E999

SHA256:

F5018A33856399A4EB00981C098A306842E53F3B3F23B8F7BC3591AB9B189E58

SSDEEP:

49152:XjhWnDfYCqVT3y/0N1prjCmNXrF6ETisbaNJ0FOzohlCkt:XEfYCGT3y/0NH5N7FfFbaNJ0F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • avast_driver_updater_online_setup.exe (PID: 3124)
      • icarus.exe (PID: 3488)
      • icarus.exe (PID: 3984)

    • Creates a writable file in the system directory

      • icarus.exe (PID: 3984)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • avast_driver_updater_online_setup.exe (PID: 3124)
      • DriverUpdUI.exe (PID: 2108)

    • Starts itself from another location

      • icarus.exe (PID: 3488)

    • Executes as Windows Service

      • DriverUpdSvc.exe (PID: 1272)

    • The process verifies whether the antivirus software is installed

      • DriverUpdSvc.exe (PID: 1272)
      • DriverUpdUI.exe (PID: 2108)
      • DriverUpdUI.exe (PID: 1992)
      • DriverUpdUI.exe (PID: 272)
      • DriverUpdUI.exe (PID: 2748)
      • DriverUpdUI.exe (PID: 2820)
      • DriverUpdUI.exe (PID: 3356)
      • DriverUpdUI.exe (PID: 3224)
      • DriverUpdUI.exe (PID: 3900)
      • DriverUpdUI.exe (PID: 3948)
      • icarus.exe (PID: 3984)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 3984)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 3984)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 3984)

    • Application launched itself

      • DriverUpdUI.exe (PID: 2108)

    • Reads the Internet Settings

      • DriverUpdUI.exe (PID: 2108)

    • Connects to unusual port

      • DriverUpdSvc.exe (PID: 1272)

  • INFO

    • Reads the computer name

      • avast_driver_updater_online_setup.exe (PID: 3124)
      • wmpnscfg.exe (PID: 3500)
      • icarus.exe (PID: 3488)
      • icarus.exe (PID: 3984)
      • icarus_ui.exe (PID: 3652)
      • DriverUpdSvc.exe (PID: 1272)
      • wmpnscfg.exe (PID: 1360)
      • DriverUpdUI.exe (PID: 2108)
      • DriverUpdUI.exe (PID: 1992)
      • DriverUpdUI.exe (PID: 2820)
      • DriverUpdUI.exe (PID: 2748)
      • DriverUpdUI.exe (PID: 272)
      • DriverUpdUI.exe (PID: 3224)
      • DriverUpdUI.exe (PID: 3356)
      • DriverUpdUI.exe (PID: 3900)
      • DriverUpdUI.exe (PID: 3948)

    • Checks supported languages

      • avast_driver_updater_online_setup.exe (PID: 3124)
      • icarus.exe (PID: 3488)
      • wmpnscfg.exe (PID: 3500)
      • icarus_ui.exe (PID: 3652)
      • icarus.exe (PID: 3984)
      • wmpnscfg.exe (PID: 1360)
      • DriverUpdSvc.exe (PID: 1272)
      • DriverUpdUI.exe (PID: 2108)
      • DriverUpdUI.exe (PID: 272)
      • DriverUpdUI.exe (PID: 2820)
      • DriverUpdUI.exe (PID: 2748)
      • DriverUpdUI.exe (PID: 1992)
      • DriverUpdUI.exe (PID: 3356)
      • DriverUpdUI.exe (PID: 3224)
      • DriverUpdUI.exe (PID: 3900)
      • DriverUpdUI.exe (PID: 3948)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3500)
      • wmpnscfg.exe (PID: 1360)
      • DriverUpdUI.exe (PID: 2108)

    • Reads the machine GUID from the registry

      • avast_driver_updater_online_setup.exe (PID: 3124)
      • wmpnscfg.exe (PID: 3500)
      • icarus.exe (PID: 3488)
      • icarus_ui.exe (PID: 3652)
      • icarus.exe (PID: 3984)
      • wmpnscfg.exe (PID: 1360)
      • DriverUpdSvc.exe (PID: 1272)
      • DriverUpdUI.exe (PID: 2108)

    • Creates files in the program directory

      • avast_driver_updater_online_setup.exe (PID: 3124)
      • icarus.exe (PID: 3488)
      • icarus_ui.exe (PID: 3652)
      • DriverUpdSvc.exe (PID: 1272)
      • icarus.exe (PID: 3984)
      • DriverUpdUI.exe (PID: 2108)

    • Create files in a temporary directory

      • icarus.exe (PID: 3488)
      • icarus.exe (PID: 3984)
      • DriverUpdUI.exe (PID: 2108)

    • Reads CPU info

      • icarus.exe (PID: 3488)
      • icarus_ui.exe (PID: 3652)
      • icarus.exe (PID: 3984)
      • DriverUpdSvc.exe (PID: 1272)
      • DriverUpdUI.exe (PID: 2108)
      • DriverUpdUI.exe (PID: 272)
      • DriverUpdUI.exe (PID: 1992)
      • DriverUpdUI.exe (PID: 2820)
      • DriverUpdUI.exe (PID: 2748)
      • DriverUpdUI.exe (PID: 3224)
      • DriverUpdUI.exe (PID: 3356)
      • DriverUpdUI.exe (PID: 3900)
      • DriverUpdUI.exe (PID: 3948)

    • Dropped object may contain TOR URL's

      • icarus.exe (PID: 3984)

    • Creates files or folders in the user directory

      • DriverUpdUI.exe (PID: 2108)
      • DriverUpdUI.exe (PID: 2820)

    • Process checks computer location settings

      • DriverUpdUI.exe (PID: 2748)
      • DriverUpdUI.exe (PID: 2108)
      • DriverUpdUI.exe (PID: 3900)
      • DriverUpdUI.exe (PID: 3948)

    • Reads Environment values

      • DriverUpdSvc.exe (PID: 1272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:20 09:41:05+02:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.36
CodeSize: 917504
InitializedDataSize: 485888
UninitializedDataSize: -
EntryPoint: 0x4e070
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 23.7.6305.0
ProductVersionNumber: 23.3.4586.15794
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Avast Software
FileDescription: Avast Self-Extract Package
FileVersion: 23.7.6305.0
InternalName: icarus_sfx
LegalCopyright: Copyright © 2023 Avast Software
MainProductId: avast-du
OriginalFileName: icarus_sfx.exe
ProductId: avast-icarus
ProductName: Avast Installer
ProductVersion: 23.3.4586.15794
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
56
Monitored processes
17
Malicious processes
13
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avast_driver_updater_online_setup.exe wmpnscfg.exe no specs icarus.exe icarus_ui.exe no specs icarus.exe wmpnscfg.exe no specs driverupdsvc.exe driverupdui.exe driverupdui.exe no specs driverupdui.exe no specs driverupdui.exe no specs driverupdui.exe driverupdui.exe no specs driverupdui.exe no specs driverupdui.exe no specs driverupdui.exe no specs avast_driver_updater_online_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
272"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" --type=gpu-process --field-trial-handle=1880,5622589263875373974,9479509348532317364,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --mojo-platform-channel-handle=1956 /prefetch:2C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exeDriverUpdUI.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1272"C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe"C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
services.exe
User:
SYSTEM
Company:
AVAST Software
Integrity Level:
SYSTEM
Description:
Avast Driver Updater Service
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
1360"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
1992"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,5622589263875373974,9479509348532317364,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=en-US --service-sandbox-type=utility --no-sandbox --force-wave-audio --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --mojo-platform-channel-handle=2712 /prefetch:8C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exeDriverUpdUI.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2108"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" /afterinstallC:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe
explorer.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2748"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --field-trial-handle=1880,5622589263875373974,9479509348532317364,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3312 /prefetch:1C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exeDriverUpdUI.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2820"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5622589263875373974,9479509348532317364,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=en-US --service-sandbox-type=none --no-sandbox --force-wave-audio --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --mojo-platform-channel-handle=3020 /prefetch:8C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe
DriverUpdUI.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3124"C:\Users\admin\AppData\Local\Temp\avast_driver_updater_online_setup.exe" C:\Users\admin\AppData\Local\Temp\avast_driver_updater_online_setup.exe
explorer.exe
User:
admin
Company:
Avast Software
Integrity Level:
HIGH
Description:
Avast Self-Extract Package
Exit code:
0
Version:
23.7.6305.0
Modules
Images
c:\users\admin\appdata\local\temp\avast_driver_updater_online_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3224"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --field-trial-handle=1880,5622589263875373974,9479509348532317364,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4052 /prefetch:1C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exeDriverUpdUI.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3356"C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --field-trial-handle=1880,5622589263875373974,9479509348532317364,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Driver Updater\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4008 /prefetch:1C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exeDriverUpdUI.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Driver Updater UI
Exit code:
0
Version:
23.3.4586.0
Modules
Images
c:\program files\avast software\driver updater\driverupdui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
12 155
Read events
12 024
Write events
125
Delete events
6

Modification events

(PID) Process:(3124) avast_driver_updater_online_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3500) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{6A972FAA-E663-4F8F-B608-FCAFEDEB8911}\{80D5E3AB-0D7C-4AD6-9F2C-2B464A230674}
Operation:delete keyName:(default)
Value:
(PID) Process:(3500) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{6A972FAA-E663-4F8F-B608-FCAFEDEB8911}
Operation:delete keyName:(default)
Value:
(PID) Process:(3500) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{250BA96C-01F6-47F9-BA15-A830C0915FB0}
Operation:delete keyName:(default)
Value:
(PID) Process:(3984) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
a33b12c3-82da-4d92-813b-5710dfb144d9
(PID) Process:(3984) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
a33b12c3-82da-4d92-813b-5710dfb144d9
(PID) Process:(3984) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:5FD38555-4B16-40AE-9A09-E2C969CB74AF
Value:
138F65F3DE11A9670C8CF1AB7F8C2DEC
(PID) Process:(3984) icarus.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:7CCD586D-2ABC-42FF-A23B-3731F4F183D9
Value:
138F65F3DE11A9670C8CF1AB7F8C2DEC
(PID) Process:(3984) icarus.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:BootExecute
Value:
autocheck autochk *
(PID) Process:(3984) icarus.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Software\Avast Software\Icarus
Operation:writeName:DataFolder
Value:
C:\ProgramData\Avast Software\Icarus
Executable files
191
Suspicious files
551
Text files
128
Unknown types
0

Dropped files

PID
Process
Filename
Type
3124avast_driver_updater_online_setup.exeC:\ProgramData\Avast Software\Icarus\Logs\sfx.logtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\103fb5c8-5b18-48e8-b874-d57a36c0d327binary
MD5:BA0978CEEB57431D425085EA20E202C8
SHA256:06EFA71539D851474ABC3F29033961AFE255A669ECE30D4A2151D97F6498E7F5
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\fb3efbd6-38c9-43cb-b740-ef366db36122binary
MD5:4E6EA5491F3EB9409CB32F88216EE03A
SHA256:263850112C87A2BFCB8B0D6DF07D34515B732523AC8539BFB77F30675082FEF0
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\icarus-info.xmlxml
MD5:3F41E2B67C0F3636F9FC5DF9B4525254
SHA256:078595776CC9A00CCC59E98524AEF48129B82D21C33424143EDCEE6CF7622246
3488icarus.exeC:\ProgramData\Avast Software\Icarus\Logs\report.log
MD5:
SHA256:
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\product-def.xmlxml
MD5:CC2CDF8F976508D05CC494D299DF6021
SHA256:49FF43DAC0590AE5683B8CE65641D477520B6D4841C6E73B312FBB14D9B488F1
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\product-info.xmlxml
MD5:FC3A8633E7C0A2592CD414ACA3F443DA
SHA256:A73CFBC17AE30C536356DAD4C24AFA6E9569CD9043A87E2A568FA1C656F8E380
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\icarus_ui.exeexecutable
MD5:19CD895CB27C95AE610283D404AFCABE
SHA256:09F81D28D09C0C839E942B0A6E7E09BD1EA7C0AB73B255DCAEED139B9ACA72BA
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\icarus.exeexecutable
MD5:5121B112B20A1AC8614F68F87EC655E4
SHA256:499E558048C90B65758DFC7350528C8A3AB60433A6DA69CF8C801F189FA9E78C
3124avast_driver_updater_online_setup.exeC:\Windows\Temp\asw-0de1a75e-8459-43a5-a21a-0269230bdfe1\common\dump_process.exeexecutable
MD5:3DC05AEC3134691933731BAB86157A8A
SHA256:599A08985BE1DCBBE37C9268BEEADED9FE32520A80D6ECFEBDAD766E56521A27
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
71
DNS requests
91
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1272
DriverUpdSvc.exe
GET
200
2.16.164.65:80
http://ncc.avast.com/ncc.txt
unknown
text
26 b
unknown
1272
DriverUpdSvc.exe
GET
200
2.16.164.40:80
http://ncc.avast.com/ncc.txt
unknown
text
26 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3124
avast_driver_updater_online_setup.exe
34.117.223.223:443
analytics.avcdn.net
GOOGLE-CLOUD-PLATFORM
US
unknown
3124
avast_driver_updater_online_setup.exe
23.212.89.10:443
honzik.avcdn.net
AKAMAI-AS
MX
unknown
3488
icarus.exe
34.117.223.223:443
analytics.avcdn.net
GOOGLE-CLOUD-PLATFORM
US
unknown
3488
icarus.exe
34.160.176.28:443
shepherd.ff.avast.com
GOOGLE
US
unknown
3488
icarus.exe
2.18.161.23:443
honzik.avcdn.net
AKAMAI-AS
DE
unknown
3984
icarus.exe
2.18.161.23:443
honzik.avcdn.net
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
analytics.avcdn.net
  • 34.117.223.223
unknown
honzik.avcdn.net
  • 23.212.89.10
  • 2.18.161.23
  • 2a02:26f0:3500:59a::240d
  • 2a02:26f0:3500:595::240d
unknown
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted
ncc.avast.com
  • 2.16.164.65
  • 2.16.164.40
whitelisted
0.pool.ntp.org
  • 62.75.236.38
  • 185.248.189.10
  • 78.46.53.2
  • 178.63.52.50
whitelisted
1.pool.ntp.org
  • 128.140.122.96
  • 5.75.152.43
  • 54.36.110.36
  • 88.218.226.91
  • 195.201.137.97
  • 185.252.140.126
  • 144.91.116.85
whitelisted
2.pool.ntp.org
  • 23.88.7.139
  • 217.14.146.53
  • 62.75.236.38
  • 185.244.195.159
whitelisted
3.pool.ntp.org
  • 159.69.185.246
  • 144.76.66.157
  • 37.221.195.24
  • 90.187.112.137
whitelisted
ipm.avcdn.net
  • 34.111.24.1
unknown
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
Process
Message
DriverUpdUI.exe
[2023-11-22 07:42:54.873] [error ] [JS_Main_UI ] [ 2108: 2252] [000000: 0] [23.3.4586.0] [https://local.avast.com/index.html#dashboard] [0] Cannot set empty devices.
DriverUpdSvc.exe
[2023-11-22 07:43:07.021] [error ] [shepsync ] [ 1272: 1988] [000000: 0] Exception: WinHttpReceiveResponse failed. WinHTTP error code: 12002. 'The operation timed out' Code: 0x00002ee2 (12002)
DriverUpdUI.exe
[2023-11-22 07:43:12.323] [error ] [chromium ] [ 2108: 2632] [000000: 0] ClientHandler OnLoadError for MainFrame with ErrorCode: -3 and url: https://ipm.avcdn.net/?data=CJQBEBcYAyDqIyoubW1tX2Ryd18wMDNfOTk5X2E3a19tOmRsaWRfRFJXLVRSSUFMLU9OTElORS1QUFICZW5aBWVuLXVzYgIGAXjbAogBAJACAcoDJDFmYmFmOTc0LTVjNjktNDkyZC05YWNhLTRiNzVkYzhiNDQ2ZMAHAYIJQDk3Yjc3MjFjNDk5NGUyNTU2ZmY2YTQzOTUxMGY2NjVkZjMyMzNhNjM3ODMzMDE2ZmRhNmIyZDY1MmE2ZmM5Y2SaDQN3aW7QGwGyHCFhdmFzdC1kcml2ZXItdXBkYXRlci10cmlhbC0xcy0xNWTYKAHgKAGILAHqMAdSZWxlYXNloDMAsjMAuDMAiDkA0jkGTm90U2V0kD4AuEEAwEEA8EMAuEYAoGoA%2BG0A&p_opmver=83&action=1&p_tbc=1&p_mid=AVAST_DU_CAMPAIGN_NAG_ROTATION&p_elm=347&p_plc=popup&debugMode=true&atowneruid=590208
DriverUpdUI.exe
[2023-11-22 07:43:33.513] [error ] [JS_Main_UI ] [ 2108: 3868] [000000: 0] [23.3.4586.0] [https://local.avast.com/index.html#dashboard] [0] Cannot set empty devices.
DriverUpdUI.exe
[2023-11-22 07:43:35.583] [error ] [JS_Main_UI ] [ 2108: 2484] [000000: 0] [23.3.4586.0] [https://local.avast.com/index.html#dashboard] [0] Cannot set empty devices.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avast_driver_updater_online_setup.exe