File name:

avast_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/9e4582a4-9c70-4597-af3c-4ed6a9de947d
Verdict: Malicious activity
Analysis date: November 29, 2023, 13:01:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

3085510A65E8FE7BC9FBE80BF397BA17

SHA1:

B1333AEE22719E36AD7DF617B387CAAF1DF6469B

SHA256:

065615954D715FC33B16A8A6EF92C26E44ED81225EB7908D74F26F52BFAED17A

SSDEEP:

98304:MjMzSEAuMNS6jnOQdZxi+wcABFNjkIjrmNTT9stBkLdVxCvI0D6wxNvfP2zdeNa7:UCRKxZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • AvastBrowserUpdate.exe (PID: 3068)
      • AvastBrowserUpdateSetup.exe (PID: 3120)
      • AvastBrowserInstaller.exe (PID: 3200)
      • AvastBrowserUpdate.exe (PID: 3832)
      • setup.exe (PID: 3396)

    • Steals credentials from Web Browsers

      • ajF00C.exe (PID: 2516)
      • AvastBrowser.exe (PID: 3712)

    • Actions looks like stealing of personal data

      • ajF00C.exe (PID: 2516)
      • AvastBrowser.exe (PID: 3900)
      • AvastBrowser.exe (PID: 3712)

    • Changes the autorun value in the registry

      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)

  • SUSPICIOUS

    • The process verifies whether the antivirus software is installed

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)

    • Searches for installed software

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)

    • Reads the Internet Settings

      • ajF00C.exe (PID: 2516)
      • AvastBrowserUpdate.exe (PID: 1452)
      • AvastBrowserUpdate.exe (PID: 3832)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)

    • Checks Windows Trust Settings

      • ajF00C.exe (PID: 2516)

    • Reads security settings of Internet Explorer

      • ajF00C.exe (PID: 2516)

    • Reads settings of System Certificates

      • ajF00C.exe (PID: 2516)
      • AvastBrowserUpdate.exe (PID: 1452)
      • AvastBrowserUpdate.exe (PID: 3832)
      • AvastBrowser.exe (PID: 2064)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)
      • AvastBrowser.exe (PID: 2792)

    • Starts itself from another location

      • AvastBrowserUpdate.exe (PID: 3068)

    • Creates/Modifies COM task schedule object

      • AvastBrowserUpdate.exe (PID: 2432)

    • Process requests binary or script from the Internet

      • AvastBrowserUpdate.exe (PID: 3832)

    • Application launched itself

      • setup.exe (PID: 3396)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)
      • AvastBrowser.exe (PID: 664)
      • setup.exe (PID: 772)
      • AvastBrowser.exe (PID: 528)

    • Creates a software uninstall entry

      • ajF00C.exe (PID: 2516)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)

    • Reads Mozilla Firefox installation path

      • AvastBrowser.exe (PID: 3712)

  • INFO

    • Create files in a temporary directory

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • AvastBrowserUpdateSetup.exe (PID: 3120)
      • AvastBrowserUpdate.exe (PID: 3832)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)

    • Reads the computer name

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • wmpnscfg.exe (PID: 824)
      • AvastBrowserUpdate.exe (PID: 3068)
      • AvastBrowserUpdate.exe (PID: 2432)
      • AvastBrowserUpdate.exe (PID: 1452)
      • AvastBrowserUpdate.exe (PID: 2760)
      • AvastBrowserInstaller.exe (PID: 3200)
      • setup.exe (PID: 3396)
      • AvastBrowserUpdate.exe (PID: 3832)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 2064)
      • AvastBrowser.exe (PID: 4020)
      • AvastBrowser.exe (PID: 3900)
      • AvastBrowser.exe (PID: 3540)
      • AvastBrowser.exe (PID: 2792)
      • AvastBrowser.exe (PID: 2084)
      • AvastBrowser.exe (PID: 1660)
      • AvastBrowser.exe (PID: 3816)
      • AvastBrowser.exe (PID: 664)
      • setup.exe (PID: 772)
      • AvastBrowser.exe (PID: 528)

    • Checks supported languages

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • wmpnscfg.exe (PID: 824)
      • AvastBrowserUpdateSetup.exe (PID: 3120)
      • AvastBrowserUpdate.exe (PID: 3068)
      • AvastBrowserUpdate.exe (PID: 1452)
      • AvastBrowserUpdate.exe (PID: 2760)
      • AvastBrowserUpdate.exe (PID: 2432)
      • AvastBrowserInstaller.exe (PID: 3200)
      • setup.exe (PID: 3396)
      • setup.exe (PID: 1276)
      • AvastBrowserUpdate.exe (PID: 3832)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3448)
      • AvastBrowser.exe (PID: 2064)
      • AvastBrowser.exe (PID: 4020)
      • AvastBrowser.exe (PID: 4008)
      • AvastBrowserCrashHandler.exe (PID: 2536)
      • AvastBrowser.exe (PID: 3900)
      • AvastBrowser.exe (PID: 3736)
      • AvastBrowser.exe (PID: 3604)
      • AvastBrowser.exe (PID: 3664)
      • AvastBrowser.exe (PID: 3368)
      • AvastBrowser.exe (PID: 3540)
      • AvastBrowser.exe (PID: 4036)
      • AvastBrowser.exe (PID: 2268)
      • AvastBrowser.exe (PID: 2792)
      • AvastBrowser.exe (PID: 2084)
      • AvastBrowser.exe (PID: 3788)
      • AvastBrowser.exe (PID: 3824)
      • AvastBrowser.exe (PID: 1660)
      • AvastBrowser.exe (PID: 664)
      • AvastBrowser.exe (PID: 1644)
      • AvastBrowser.exe (PID: 3640)
      • AvastBrowser.exe (PID: 3816)
      • AvastBrowser.exe (PID: 1848)
      • AvastBrowser.exe (PID: 528)
      • AvastBrowser.exe (PID: 2368)
      • AvastBrowser.exe (PID: 2576)
      • AvastBrowser.exe (PID: 2168)
      • AvastBrowser.exe (PID: 2600)
      • AvastBrowser.exe (PID: 1860)
      • AvastBrowser.exe (PID: 1836)
      • AvastBrowser.exe (PID: 3628)
      • AvastBrowser.exe (PID: 3364)
      • AvastBrowser.exe (PID: 2584)
      • AvastBrowser.exe (PID: 3120)
      • AvastBrowser.exe (PID: 3560)
      • AvastBrowser.exe (PID: 3012)
      • AvastBrowser.exe (PID: 3960)
      • AvastBrowser.exe (PID: 3716)
      • AvastBrowser.exe (PID: 2924)
      • AvastBrowser.exe (PID: 3272)
      • AvastBrowser.exe (PID: 316)
      • AvastBrowser.exe (PID: 4060)
      • AvastBrowser.exe (PID: 1872)
      • AvastBrowser.exe (PID: 4064)
      • AvastBrowser.exe (PID: 1016)
      • AvastBrowser.exe (PID: 3296)
      • AvastBrowser.exe (PID: 3636)
      • AvastBrowser.exe (PID: 3704)
      • AvastBrowser.exe (PID: 968)
      • AvastBrowser.exe (PID: 3324)
      • setup.exe (PID: 772)
      • setup.exe (PID: 3796)
      • AvastBrowser.exe (PID: 4020)
      • AvastBrowser.exe (PID: 2092)
      • AvastBrowser.exe (PID: 2812)
      • AvastBrowser.exe (PID: 528)

    • Reads Environment values

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3540)

    • Process checks computer location settings

      • avast_secure_browser_setup.exe (PID: 2980)
      • ajF00C.exe (PID: 2516)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3604)
      • AvastBrowser.exe (PID: 3736)
      • AvastBrowser.exe (PID: 3664)
      • AvastBrowser.exe (PID: 3824)
      • AvastBrowser.exe (PID: 3788)
      • AvastBrowser.exe (PID: 3540)
      • AvastBrowser.exe (PID: 3636)
      • AvastBrowser.exe (PID: 3120)
      • AvastBrowser.exe (PID: 3704)
      • AvastBrowser.exe (PID: 968)
      • AvastBrowser.exe (PID: 4064)

    • Reads the machine GUID from the registry

      • ajF00C.exe (PID: 2516)
      • wmpnscfg.exe (PID: 824)
      • AvastBrowserUpdate.exe (PID: 3068)
      • AvastBrowserUpdate.exe (PID: 2760)
      • AvastBrowserUpdate.exe (PID: 1452)
      • AvastBrowserUpdate.exe (PID: 3832)
      • setup.exe (PID: 3396)
      • AvastBrowser.exe (PID: 3712)
      • AvastBrowser.exe (PID: 3816)
      • setup.exe (PID: 772)

    • Checks proxy server information

      • ajF00C.exe (PID: 2516)

    • Creates files or folders in the user directory

      • ajF00C.exe (PID: 2516)
      • AvastBrowserUpdate.exe (PID: 3068)
      • AvastBrowserUpdate.exe (PID: 3832)
      • AvastBrowserInstaller.exe (PID: 3200)
      • setup.exe (PID: 1276)
      • AvastBrowser.exe (PID: 3712)
      • setup.exe (PID: 3396)
      • AvastBrowser.exe (PID: 2064)
      • AvastBrowser.exe (PID: 2268)
      • AvastBrowser.exe (PID: 3540)
      • AvastBrowser.exe (PID: 3364)
      • AvastBrowser.exe (PID: 2792)
      • setup.exe (PID: 772)
      • AvastBrowser.exe (PID: 2812)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 01:50:53+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.11.5.7269
ProductVersionNumber: 8.11.5.7269
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700120T163136
BuildTimestamp: 1701096510
BuildVersion: 8.11.5.7269
FileDescription: إعداد Avast Secure Browser
FileVersion: 8.11.5.7269
InstallerCommit: 9f7fdfd50145d84250cbfc8b264b821d4fd70781
InstallerEdition: web
InstallerKeyword: avast-securebrowser
InternalName: Avast Secure Browser
JsisCommit: 9493fd2f0fa70e8e33fa09133b99cb45ce6442ca
LegalCopyright: حقوق الطبع والنشر (c) لعام 2023 محفوظة لشركة AVAST Software
OmahaVersion: 1.8.1653.5
ProductName: إعداد Avast Secure Browser
ProductVersion: 8.11.5.7269
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
110
Monitored processes
71
Malicious processes
12
Suspicious processes
1

Behavior graph

Click at the process to see the details
start avast_secure_browser_setup.exe ajf00c.exe wmpnscfg.exe no specs avastbrowserupdatesetup.exe no specs avastbrowserupdate.exe no specs avastbrowserupdate.exe no specs avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe avastbrowserinstaller.exe no specs setup.exe no specs setup.exe no specs avastbrowsercrashhandler.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs setup.exe no specs setup.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4024 --field-trial-handle=1128,i,15451947005433123439,6619607379749295459,131072 /prefetch:8C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
AVAST Software
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
528"C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1128,i,15451947005433123439,6619607379749295459,131072 /prefetch:8C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
AVAST Software
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
528AvastBrowser.exe --check-run=src=installer --start-maximizedC:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeajF00C.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
604"C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 --field-trial-handle=1152,i,365038143671754543,14484335432145070688,131072 /prefetch:2C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
AVAST Software
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
664"C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --disable-protectC:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
772setup.exe /silent --create-shortcuts=0 --install-level=0C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\109.0.19981.120\Installer\setup.exeajF00C.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Secure Browser Installer
Exit code:
73
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
824"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
968"C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4048 --field-trial-handle=1128,i,15451947005433123439,6619607379749295459,131072 /prefetch:1C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
AVAST Software
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1016"C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1128,i,15451947005433123439,6619607379749295459,131072 /prefetch:8C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
AVAST Software
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avast software\browser\application\109.0.19981.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1276"C:\Users\admin\AppData\Local\AVAST Software\Browser\Update\Install\{79A59B4F-617A-4502-8829-7BC56701AAC2}\CR_84B73.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win32 --annotation=prod=Avast --annotation=ver=109.0.19981.120 --initial-client-data=0x19c,0x1a0,0x1a4,0x170,0x1a8,0xda88e0,0xda88f0,0xda88fcC:\Users\admin\AppData\Local\AVAST Software\Browser\Update\Install\{79A59B4F-617A-4502-8829-7BC56701AAC2}\CR_84B73.tmp\setup.exesetup.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast Secure Browser Installer
Exit code:
0
Version:
109.0.19981.120
Modules
Images
c:\users\admin\appdata\local\avast software\browser\update\install\{79a59b4f-617a-4502-8829-7bc56701aac2}\cr_84b73.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
Total events
25 491
Read events
22 648
Write events
2 818
Delete events
25

Modification events

(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2516) ajF00C.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2516) ajF00C.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(824) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{2B6677C8-1254-4D23-8C01-6EE3EFB6BB03}\{01721EA5-A060-4CC2-89B7-A7542FCDAF06}
Operation:delete keyName:(default)
Value:
Executable files
183
Suspicious files
860
Text files
337
Unknown types
0

Dropped files

PID
Process
Filename
Type
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\nsJSON.dllexecutable
MD5:A6866A31DE35CD31009FB535693A8612
SHA256:D3A1C0D5E3DB477595D3F3A41B2704405AD992D346397BEDD8DAF31F104F5300
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\jsis.dllexecutable
MD5:EEB9DC60D33C7F9479DD6F0A2DB6EC3C
SHA256:B3962B7EC5E21EA51BC4D9F42E293C77F3DA4632C711924619F2343AFF4D138A
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\JsisPlugins.dllexecutable
MD5:BF61CEDF96EE9D9ADE414B55EC92B3C0
SHA256:585F40B7428AC8258BBF7436A338B8235B9AA2516C42E669C6D1837CCE9CAD03
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\Midex.dllexecutable
MD5:E4EB6EE3CC523D52DDDD018497DE64C5
SHA256:75BF6CCE57CE3089F662E0E0700FCD28903FD0DAB06ECF47714F75A411A68305
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\thirdparty.dllexecutable
MD5:C855765DD1290045D985FFA2CA6D4882
SHA256:8C0222A57A491960CB86E167BC17188D581BE9B64CAE8BA3A6EC1A56B9091931
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\inetc.dllexecutable
MD5:23E0A7D53E3DF83685B70EA8CE33DC37
SHA256:96A871F048202C26B85487E24593080D6A95C271ACAF5CD676BD2E2D96DE57DB
2516ajF00C.exeC:\Users\admin\AppData\Local\Temp\nssF1A2.tmp\FF.places.tmp
MD5:
SHA256:
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\StdUtils.dllexecutable
MD5:CFFAB93125679136C065649F7196047C
SHA256:0870AAE45A6B0417DDDCD536207C6A4DF0B3D861180F60A44C4E5F8784C0AE58
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\jsisdl.dllexecutable
MD5:77C51CA944AF4FCBAB10D7AE8207B21E
SHA256:D5144A098D50F09F9CF2DF12AD56D50AA172554779BB6128A429A055259E65C3
2980avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nssE58C.tmp\AccessControl.dllexecutable
MD5:A1B76C4386328C2A243FC4D2B35328AF
SHA256:BAC3B3A526EB67AE375A9FE29CAB6268536E44C2ECE1239B65BD1827D055157A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
24
DNS requests
23
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2516
ajF00C.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5d1e8116ef760247
unknown
compressed
4.66 Kb
unknown
2516
ajF00C.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
binary
471 b
unknown
1080
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5c94acfb5b892539
unknown
unknown
1080
svchost.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8aef2fa3cb5e0a37
unknown
compressed
65.2 Kb
unknown
3832
AvastBrowserUpdate.exe
GET
200
2.16.164.122:80
http://browser-update.avast.com/browser/win/x86/109.0.19981.120/AvastBrowserInstaller.exe
unknown
executable
98.1 Mb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2516
ajF00C.exe
104.20.158.62:443
stats.securebrowser.com
CLOUDFLARENET
unknown
2516
ajF00C.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2516
ajF00C.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1080
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1452
AvastBrowserUpdate.exe
172.67.15.96:443
update.avastbrowser.com
CLOUDFLARENET
US
unknown
3832
AvastBrowserUpdate.exe
172.67.15.96:443
update.avastbrowser.com
CLOUDFLARENET
US
unknown

DNS requests

Domain
IP
Reputation
stats.securebrowser.com
  • 104.20.158.62
  • 104.20.159.62
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
update.avastbrowser.com
  • 172.67.15.96
  • 104.22.79.87
  • 104.22.78.87
unknown
browser-update.avast.com
  • 2.16.164.122
  • 2.16.164.99
unknown
engagement.avastbrowser.com
  • 104.22.79.87
  • 104.22.78.87
  • 172.67.15.96
unknown
s-install.avcdn.net
  • 23.212.89.10
unknown
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted
urlite.ff.avast.com
  • 34.110.186.80
unknown
optimizationguide-pa.googleapis.com
  • 142.250.184.234
  • 172.217.16.138
  • 172.217.18.106
  • 142.250.185.106
  • 142.250.185.170
  • 172.217.23.106
  • 142.250.184.202
  • 142.250.181.234
  • 142.250.185.138
  • 142.250.185.202
  • 142.250.185.234
  • 216.58.212.138
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.186.138
  • 142.250.185.74
whitelisted

Threats

PID
Process
Class
Message
3832
AvastBrowserUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
avast_secure_browser_setup.exe
2023-11-29T13:01:39 [libnsis] {00000ba4:00000a94} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avast_secure_browser_setup.exe
2023-11-29T13:01:39 [libnsis] {00000ba4:00000a94} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
avast_secure_browser_setup.exe
2023-11-29T13:01:39 [libnsis] {00000ba4:00000a94} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
ajF00C.exe
2023-11-29T13:01:40 [libnsis] {000009d4:000009c0} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
ajF00C.exe
2023-11-29T13:01:40 [libnsis] {000009d4:000009c0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19660 AND vtime <= 19691 GROUP BY vtime
ajF00C.exe
2023-11-29T13:01:40 [libnsis] {000009d4:000009c0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nssF1A2.tmp\CR.History.tmp
ajF00C.exe
2023-11-29T13:01:40 [libnsis] {000009d4:000009c0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nssF1A2.tmp\CR.History.tmp
ajF00C.exe
2023-11-29T13:01:40 [libnsis] {000009d4:000009c0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19660 AND vtime <= 19691 GROUP BY vtime
ajF00C.exe
2023-11-29T13:01:41 [libnsis] {000009d4:000009c0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nssF1A2.tmp\FF.places.tmp
ajF00C.exe
2023-11-29T13:01:41 [libnsis] {000009d4:000009c0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 19660 AND vtime <= 19691 GROUP BY vtime
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avast_secure_browser_setup.exe