File name:

avg_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/93da4294-35a2-4dfb-8c4f-a9b891765ea2
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 03, 2025, 12:31:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
antivm
auto-reg
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

94DAF29C0FF8A3CECFB555CE84900112

SHA1:

9988C1CCF3C293A2F7820BA391B63B1D3326582A

SHA256:

0FD1275FF704A55897DEF37346FEFC41261139D5E21335AB2E594A4978FE34B5

SSDEEP:

98304:U+DYDBGyJlmU6T7eQ9GuDZ3e8VYevYo8GU0vIKV07HlXNmF/858e/97zRDn/EwUC:cqpQjuMxNYHFaZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowser.exe (PID: 7176)

    • Changes the autorun value in the registry

      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)

  • SUSPICIOUS

    • The process verifies whether the antivirus software is installed

      • AVGBrowserInstaller.exe (PID: 7668)

    • Executable content was dropped or overwritten

      • avg_secure_browser_setup.exe (PID: 7620)
      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserInstaller.exe (PID: 6120)
      • setup.exe (PID: 6396)
      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowser.exe (PID: 1144)

    • Reads security settings of Internet Explorer

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdateCore.exe (PID: 7320)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowserProtect.exe (PID: 7180)
      • AVGBrowser.exe (PID: 2192)

    • There is functionality for VM detection VMWare (YARA)

      • AVGBrowserInstaller.exe (PID: 7668)

    • There is functionality for taking screenshot (YARA)

      • AVGBrowserInstaller.exe (PID: 7668)
      • avg_secure_browser_setup.exe (PID: 7620)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdate.exe (PID: 7260)

    • There is functionality for VM detection antiVM strings (YARA)

      • AVGBrowserInstaller.exe (PID: 7668)

    • There is functionality for VM detection VirtualBox (YARA)

      • AVGBrowserInstaller.exe (PID: 7668)

    • Creates/Modifies COM task schedule object

      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3464)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3432)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 696)
      • AVGBrowserUpdate.exe (PID: 2160)
      • AVGBrowserUpdate.exe (PID: 3984)

    • Starts itself from another location

      • AVGBrowserUpdate.exe (PID: 3984)

    • Application launched itself

      • AVGBrowserUpdate.exe (PID: 7508)
      • setup.exe (PID: 6396)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 7784)
      • AVGBrowser.exe (PID: 1076)
      • AVGBrowser.exe (PID: 2192)
      • AVGBrowser.exe (PID: 3032)

    • Potential Corporate Privacy Violation

      • AVGBrowserUpdate.exe (PID: 7336)

    • Searches for installed software

      • setup.exe (PID: 6396)
      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)

    • Reads the BIOS version

      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)

    • Connects to unusual port

      • AVGBrowser.exe (PID: 5860)
      • AVGBrowser.exe (PID: 6504)

    • Reads the date of Windows installation

      • SystemSettings.exe (PID: 7356)

  • INFO

    • Checks supported languages

      • avg_secure_browser_setup.exe (PID: 7620)
      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdate.exe (PID: 2160)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3432)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 3464)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 696)
      • AVGBrowserUpdate.exe (PID: 7236)
      • AVGBrowserUpdate.exe (PID: 7260)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdateCore.exe (PID: 7320)
      • AVGBrowserUpdate.exe (PID: 7508)
      • AVGBrowserCrashHandler.exe (PID: 7560)
      • AVGBrowserInstaller.exe (PID: 6120)
      • AVGBrowserCrashHandler64.exe (PID: 7604)
      • AVGBrowserUpdate.exe (PID: 2188)
      • setup.exe (PID: 6396)
      • setup.exe (PID: 2284)
      • AVGBrowserCrashHandler.exe (PID: 8160)
      • AVGBrowserCrashHandler64.exe (PID: 8124)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 3332)
      • AVGBrowser.exe (PID: 3308)
      • AVGBrowser.exe (PID: 1632)
      • AVGBrowser.exe (PID: 1164)
      • AVGBrowser.exe (PID: 2408)
      • AVGBrowser.exe (PID: 804)
      • AVGBrowser.exe (PID: 7176)
      • AVGBrowser.exe (PID: 7320)
      • AVGBrowser.exe (PID: 6140)
      • AVGBrowser.exe (PID: 7496)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 6456)
      • AVGBrowser.exe (PID: 5860)
      • AVGBrowser.exe (PID: 7228)
      • AVGBrowser.exe (PID: 5308)
      • AVGBrowser.exe (PID: 3032)
      • AVGBrowser.exe (PID: 7784)
      • AVGBrowser.exe (PID: 7364)
      • AVGBrowser.exe (PID: 412)
      • AVGBrowser.exe (PID: 6212)
      • AVGBrowser.exe (PID: 2524)
      • AVGBrowser.exe (PID: 2820)
      • AVGBrowser.exe (PID: 5084)
      • AVGBrowser.exe (PID: 6524)
      • AVGBrowser.exe (PID: 5048)
      • AVGBrowser.exe (PID: 4252)
      • AVGBrowser.exe (PID: 4244)
      • AVGBrowser.exe (PID: 7940)
      • AVGBrowser.exe (PID: 5420)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 1076)
      • AVGBrowser.exe (PID: 7256)
      • AVGBrowser.exe (PID: 6368)
      • AVGBrowser.exe (PID: 1060)
      • AVGBrowser.exe (PID: 1272)
      • AVGBrowserProtect.exe (PID: 7180)
      • AVGBrowser.exe (PID: 7308)
      • AVGBrowser.exe (PID: 1632)
      • AVGBrowser.exe (PID: 4420)
      • AVGBrowser.exe (PID: 3332)
      • AVGBrowser.exe (PID: 5608)
      • AVGBrowser.exe (PID: 3420)
      • AVGBrowser.exe (PID: 7748)
      • AVGBrowser.exe (PID: 1144)
      • AVGBrowser.exe (PID: 2264)
      • AVGBrowser.exe (PID: 7956)
      • AVGBrowser.exe (PID: 4804)
      • AVGBrowser.exe (PID: 7364)
      • AVGBrowser.exe (PID: 4140)
      • AVGBrowser.exe (PID: 2716)
      • AVGBrowser.exe (PID: 8164)
      • AVGBrowser.exe (PID: 5352)
      • AVGBrowser.exe (PID: 1196)
      • AVGBrowser.exe (PID: 7348)
      • AVGBrowser.exe (PID: 3432)
      • AVGBrowser.exe (PID: 2268)
      • AVGBrowser.exe (PID: 7616)
      • AVGBrowser.exe (PID: 2192)
      • AVGBrowser.exe (PID: 4264)
      • AVGBrowser.exe (PID: 5496)
      • AVGBrowser.exe (PID: 988)
      • AVGBrowser.exe (PID: 6764)
      • AVGBrowser.exe (PID: 7100)
      • AVGBrowser.exe (PID: 7764)
      • AVGBrowser.exe (PID: 7528)
      • AVGBrowser.exe (PID: 5164)
      • AVGBrowser.exe (PID: 6140)
      • AVGBrowser.exe (PID: 2920)
      • AVGBrowser.exe (PID: 804)
      • AVGBrowser.exe (PID: 6504)
      • SystemSettings.exe (PID: 7356)
      • AVGBrowser.exe (PID: 204)
      • AVGBrowser.exe (PID: 692)
      • AVGBrowser.exe (PID: 3032)
      • AVGBrowser.exe (PID: 7924)
      • AVGBrowser.exe (PID: 5520)
      • AVGBrowser.exe (PID: 3696)

    • Create files in a temporary directory

      • avg_secure_browser_setup.exe (PID: 7620)
      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)

    • Process checks computer location settings

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdateCore.exe (PID: 7320)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 804)
      • AVGBrowser.exe (PID: 6140)
      • AVGBrowser.exe (PID: 2408)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 5308)
      • AVGBrowser.exe (PID: 5048)
      • AVGBrowser.exe (PID: 4244)
      • AVGBrowser.exe (PID: 4252)
      • AVGBrowser.exe (PID: 7256)
      • AVGBrowser.exe (PID: 8164)
      • AVGBrowser.exe (PID: 5352)
      • AVGBrowser.exe (PID: 2192)
      • AVGBrowser.exe (PID: 5496)
      • AVGBrowser.exe (PID: 7764)
      • AVGBrowser.exe (PID: 7528)
      • AVGBrowser.exe (PID: 5164)
      • AVGBrowser.exe (PID: 6140)
      • AVGBrowser.exe (PID: 204)
      • AVGBrowser.exe (PID: 804)
      • AVGBrowser.exe (PID: 2920)
      • AVGBrowser.exe (PID: 7924)

    • Reads the computer name

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdate.exe (PID: 7236)
      • AVGBrowserUpdate.exe (PID: 7260)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdate.exe (PID: 7508)
      • AVGBrowserUpdateCore.exe (PID: 7320)
      • AVGBrowserInstaller.exe (PID: 6120)
      • setup.exe (PID: 6396)
      • AVGBrowserUpdate.exe (PID: 2188)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 3308)
      • AVGBrowser.exe (PID: 1632)
      • AVGBrowser.exe (PID: 7176)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowserUpdate.exe (PID: 2160)
      • AVGBrowser.exe (PID: 6456)
      • AVGBrowser.exe (PID: 5860)
      • AVGBrowser.exe (PID: 7784)
      • AVGBrowserProtect.exe (PID: 7180)
      • AVGBrowser.exe (PID: 6368)
      • AVGBrowser.exe (PID: 1076)
      • AVGBrowser.exe (PID: 2192)
      • AVGBrowser.exe (PID: 4264)
      • AVGBrowser.exe (PID: 6504)
      • SystemSettings.exe (PID: 7356)
      • AVGBrowser.exe (PID: 3032)
      • AVGBrowser.exe (PID: 692)

    • The sample compiled with english language support

      • avg_secure_browser_setup.exe (PID: 7620)
      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserInstaller.exe (PID: 6120)
      • setup.exe (PID: 6396)
      • AVGBrowser.exe (PID: 1144)

    • Process checks whether UAC notifications are on

      • AVGBrowserInstaller.exe (PID: 7668)

    • Checks proxy server information

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 7236)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdate.exe (PID: 2188)
      • slui.exe (PID: 1664)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowserProtect.exe (PID: 7180)
      • AVGBrowser.exe (PID: 2192)

    • Reads the software policy settings

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 7236)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdate.exe (PID: 2188)
      • slui.exe (PID: 1664)
      • SystemSettings.exe (PID: 7356)

    • Creates files or folders in the user directory

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserInstaller.exe (PID: 6120)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdate.exe (PID: 2188)
      • setup.exe (PID: 2284)
      • setup.exe (PID: 6396)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 1632)
      • AVGBrowser.exe (PID: 7496)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 5860)
      • AVGBrowser.exe (PID: 7364)
      • AVGBrowser.exe (PID: 7784)
      • AVGBrowser.exe (PID: 1076)
      • AVGBrowser.exe (PID: 7616)
      • AVGBrowser.exe (PID: 2192)
      • AVGBrowser.exe (PID: 6504)
      • AVGBrowser.exe (PID: 3032)

    • The sample compiled with bulgarian language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with arabic language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with german language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with korean language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with czech language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with french language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with Indonesian language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with polish language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with japanese language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with Italian language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • Reads the machine GUID from the registry

      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowserUpdate.exe (PID: 7236)
      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowserUpdate.exe (PID: 7336)
      • AVGBrowserUpdate.exe (PID: 2188)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)
      • SystemSettings.exe (PID: 7356)

    • The sample compiled with slovak language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with chinese language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with swedish language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with turkish language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with russian language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • The sample compiled with portuguese language support

      • AVGBrowserUpdateSetup.exe (PID: 1572)
      • AVGBrowserUpdate.exe (PID: 3984)

    • Launching a file from a Registry key

      • AVGBrowserUpdate.exe (PID: 3984)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)

    • Manual execution by a user

      • AVGBrowserUpdateCore.exe (PID: 7320)
      • AVGBrowser.exe (PID: 7784)

    • Creates a software uninstall entry

      • setup.exe (PID: 6396)
      • AVGBrowserInstaller.exe (PID: 7668)
      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)

    • Reads Environment values

      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)

    • Reads CPU info

      • AVGBrowser.exe (PID: 5576)
      • AVGBrowser.exe (PID: 2076)
      • AVGBrowser.exe (PID: 2192)

    • Reads Microsoft Office registry keys

      • SystemSettings.exe (PID: 7356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:59+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186368
UninitializedDataSize: 2048
EntryPoint: 0x33fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 9.3.0.1702
ProductVersionNumber: 9.3.0.1702
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Gen Digital Inc.
FileDescription: Secure Browser Installer
FileVersion: 9.3.0.1702
IV: 4dea383e130b780e99a6d4851f01c0cd7a9d80ad9b8c150e344fe697f78c3056c4061a92d5d3287c56f1e60a55c725eae5d335029ec5a5b1952466fd6cea052e
LegalCopyright: (C) 2017-2025 Gen Digital Inc.
LegalTrademarks: -
ProductName: Secure Browser Installer
ProductVersion: 9.3.0.1702
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
257
Monitored processes
100
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start avg_secure_browser_setup.exe avgbrowserinstaller.exe avgbrowserupdatesetup.exe avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserupdatecore.exe no specs avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowsercrashhandler.exe no specs avgbrowsercrashhandler64.exe no specs slui.exe avgbrowserinstaller.exe setup.exe setup.exe no specs avgbrowsercrashhandler.exe no specs avgbrowsercrashhandler64.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowserprotect.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs systemsettings.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=13 --metrics-shmem-handle=5664,i,3349249623140707172,10061734574658300203,2097152 --field-trial-handle=2068,i,9110759802170786977,11444440689827282279,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:1C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
412"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --metrics-shmem-handle=4340,i,532570526986786121,7717536124443858212,524288 --field-trial-handle=2084,i,15122839789524523130,1880771185246675806,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:8C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
692"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --force-high-res-timeticks=disabled --metrics-shmem-handle=5328,i,8911561796744804461,2931400746887926249,524288 --field-trial-handle=2068,i,9110759802170786977,11444440689827282279,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:8C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
696"C:\Users\admin\AppData\Local\AVG\Browser\Update\1.8.1996.6\AVGBrowserUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\AVG\Browser\Update\1.8.1996.6\AVGBrowserUpdateComRegisterShell64.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1996.6
Modules
Images
c:\users\admin\appdata\local\avg\browser\update\1.8.1996.6\avgbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
804"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --metrics-shmem-handle=3268,i,4821779689460681129,5720889611202777217,2097152 --field-trial-handle=2088,i,466475676881557929,15766938000247711845,262144 --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:2C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
804"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=8 --metrics-shmem-handle=3104,i,1088467257039857422,6689914775714192719,2097152 --field-trial-handle=2068,i,9110759802170786977,11444440689827282279,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:2C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
988"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --metrics-shmem-handle=6204,i,6215980967255745276,4653925815961384514,524288 --field-trial-handle=2084,i,15122839789524523130,1880771185246675806,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1060C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=141.0.32537.78 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7fff78ac4f30,0x7fff78ac4f3c,0x7fff78ac4f48C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1076"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --enable-protectC:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Modules
Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\avg\browser\application\141.0.32537.78\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
1144"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --metrics-shmem-handle=5716,i,18361922785077208775,15373073584240311455,524288 --field-trial-handle=2084,i,15122839789524523130,1880771185246675806,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe
AVGBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
141.0.32537.78
Total events
39 570
Read events
36 690
Write events
2 813
Delete events
67

Modification events

(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser
Operation:writeName:user_id
Value:
dc929f9152894009ace944e8ce84003a
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser
Operation:writeName:user_timestamp
Value:
1762173088
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser
Operation:writeName:BankMode
Value:
1
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser\Update
Operation:writeName:MachineId
Value:
00000000000000000000000000000000E67CAB79AE400BF62D27B6F892308F1E
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser\Update
Operation:writeName:uid
Value:
dc929f9152894009ace944e8ce84003a
(PID) Process:(7668) AVGBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser\Update
Operation:writeName:uid-create-time
Value:
1762173088
(PID) Process:(3984) AVGBrowserUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser\Update
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\AVG\Browser\Update\AVGBrowserUpdate.exe
Executable files
185
Suspicious files
1 137
Text files
664
Unknown types
3

Dropped files

PID
Process
Filename
Type
7620avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsi3241.tmp\AVGBrowserInstaller.exeexecutable
MD5:33B6B64C9FF06BDD8E790F949A8ECAE7
SHA256:8100357AC187FC7CB21BA5187887EDC018D30E1DEE76A37BE11D36C2FEC05E0E
7620avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsi3241.tmp\AVGBrowserUpdateSetup.exeexecutable
MD5:57CBFC3E65ED40EFF76E7BA23729ABAA
SHA256:AF1A04752475E80F686C01EA7EC52E8368C04AE2D4B9E358A23A096CB2DE71B0
7668AVGBrowserInstaller.exeC:\Users\admin\AppData\Local\Temp\browser-history.tmpbinary
MD5:15689BCA2327BD6439BB5A321BFF1115
SHA256:1513329660C876E166FDE7919D705ECFA5339732849159685C59847BE92B7478
7620avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsi3241.tmp\sciterui.dllexecutable
MD5:0F8C464FF66CEA6F3E1112E306C68DE1
SHA256:6917590156FC7DBB0BD75EDFCAA9D8AAE1D4BF011C77488B4F130EF3D58E95AC
1572AVGBrowserUpdateSetup.exeC:\Users\admin\AppData\Local\Temp\GUMA5F9.tmp\@PaxHeadertext
MD5:6708FF4DBD8465B1D663951AEEAAEDB1
SHA256:7C5D562837562FFF9EED08BCB9997039FCA5377FA437F1B48604556FC27CAA61
7668AVGBrowserInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_05D81B53AC323447B65F0BEF58315ECAbinary
MD5:F3525699A3EC082CB494B9204B285804
SHA256:C94A2A6F438A63D5CFA4FDEDD5CEBA79EAAEDF172C9D825E48A6BB2E844A5D00
1572AVGBrowserUpdateSetup.exeC:\Users\admin\AppData\Local\Temp\GUMA5F9.tmp\AVGBrowserCrashHandler.exeexecutable
MD5:4E34B38545CCD21CFBCB03CA1AA21950
SHA256:2A465BC96E6C39C255B7E6DDDF6D3F2BA24AE6CFF219F2BA73443A1E9739F286
7668AVGBrowserInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:8BB5FC9D604FF96BCD1D48F4C5B93348
SHA256:AA84D8C947B85CE1424290C6397B9DFCA715BA22B57003EBE8FC46045D5CD444
7668AVGBrowserInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:AB2091A35CCFCDB862632CD117A02116
SHA256:96FB9587F0C146BFC213188FD5A44F6AF79AF788C1504E46EC50A21E88643737
7668AVGBrowserInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_05D81B53AC323447B65F0BEF58315ECAbinary
MD5:449E9F7B32C184691F5035BAF8534BEC
SHA256:DD5CC503E4BF13A34F730DEB9E81AA05F4D447541B44F9853DFABF00EA7CE881
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
87
DNS requests
65
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
104.20.4.191:443
https://stats.securebrowser.com/?_=1762173086786
US
binary
784 b
unknown
5596
MoUsoCoreWorker.exe
GET
200
23.55.48.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
FR
binary
825 b
whitelisted
POST
200
40.126.32.138:443
https://login.live.com/RST2.srf
US
xml
11.1 Kb
unknown
1284
svchost.exe
GET
200
23.55.48.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
FR
binary
825 b
whitelisted
2332
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
419 b
whitelisted
GET
200
20.242.39.171:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
unknown
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
US
unknown
2332
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
DE
binary
814 b
whitelisted
2332
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
DE
binary
401 b
whitelisted
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5232
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1284
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5596
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.3.89.105:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5232
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1284
svchost.exe
23.55.48.8:80
crl.microsoft.com
Akamai International B.V.
FR
whitelisted
5596
MoUsoCoreWorker.exe
23.55.48.8:80
crl.microsoft.com
Akamai International B.V.
FR
whitelisted
5596
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.64
  • 40.126.31.73
  • 20.190.159.128
  • 20.190.159.130
  • 20.190.159.131
  • 40.126.31.69
  • 40.126.31.130
  • 40.126.31.2
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
www.bing.com
  • 23.3.89.105
  • 23.3.89.106
  • 23.3.89.99
  • 23.3.89.104
  • 23.3.89.115
  • 23.3.89.97
  • 23.3.89.113
  • 23.3.89.112
  • 23.3.89.98
  • 2.20.142.186
  • 2.20.142.185
  • 2.20.142.4
  • 2.20.142.138
  • 2.20.142.154
  • 2.20.142.180
  • 2.20.142.162
  • 2.20.142.182
  • 2.20.142.139
whitelisted
google.com
  • 142.250.186.174
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 23.55.48.8
  • 23.55.48.40
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
stats.securebrowser.com
  • 104.20.4.191
  • 104.20.3.191
unknown
slscr.update.microsoft.com
  • 74.179.77.204
  • 20.165.94.63
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted

Threats

PID
Process
Class
Message
7336
AVGBrowserUpdate.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
5860
AVGBrowser.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Blob Storage (.blob .core .windows .net)
5860
AVGBrowser.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Blob Storage (.blob .core .windows .net)
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Process
Message
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:167) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:181) Operating system: Windows Enterprise x64 10.0.19045.4046 SP0
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:171) build date: Aug 27 2025 build number: 1702 build time: 11:41:52 build timestamp: Aug 27 2025 11:41:52 company: Gen Digital Inc. copyright: (C) 2017-2025 Gen Digital Inc. description: Secure Browser Installer file name: AVGBrowserInstaller.exe file version: 9.3.0.1702 git commit: e90ae09fb2bb01df6a16bb675ef4957cbc4e50d2 internal name: jinx-installer product name: Secure Browser Installer product version: 9.3.0.1702 target system: windows
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:168) Jinx logging started
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:184) Process is not elevated.
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:169) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:106) Command line: "C:\Users\admin\AppData\Local\Temp\nsi3241.tmp\AVGBrowserInstaller.exe" "C:\Users\admin\Desktop\avg_secure_browser_setup.exe" User dotfile was used: false Global dotfile was used: false Execution arguments:
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <1:Debug> (4bbd888238eee7c1\src\jinx\VmDetect.cpp:203) Starting VM Detection system
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <1:Debug> (4bbd888238eee7c1\src\jinx\TagData.cpp:254) TagData: Extracting payload from raw data
AVGBrowserInstaller.exe
2025-11-03T12:31:25 [installer] {00001df4:00001df8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:190) Process owner: DESKTOP-JGLLJLD\admin (logon=true, admin=true)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avg_secure_browser_setup.exe