File name:

avg_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/fe736e28-8022-4d85-883f-a971c291ff98
Verdict: Malicious activity
Analysis date: March 27, 2023, 10:17:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

775964F0CA9CFE7F12BEE4FA77392E38

SHA1:

6419EC8D160E30723AF071D6911F6E376400C00A

SHA256:

251AF2D396C5D86B2F02B7E26D01D082B8DD75E99C86C707719FED7F4B02F1D1

SSDEEP:

98304:ChrFUtI3ZZwvNVTGCLlAL4nI2xR3icXzGVgCFNhmAW2sEZiO//xuGal5vnh3pKe+:U6tI3ZZwvN5vCL2IwRRDx5AJjhivnhf+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdateSetup.exe (PID: 3036)
      • AVGBrowserUpdate.exe (PID: 3076)
      • AVGBrowserUpdate.exe (PID: 3304)
      • AVGBrowserUpdate.exe (PID: 3636)
      • AVGBrowserUpdate.exe (PID: 3408)
      • AVGBrowserUpdate.exe (PID: 1796)

    • Steals credentials from Web Browsers

      • ajFED.exe (PID: 3388)

    • Actions looks like stealing of personal data

      • ajFED.exe (PID: 3388)

  • SUSPICIOUS

    • The process checks presence of the antivirus software

      • avg_secure_browser_setup.exe (PID: 2340)
      • ajFED.exe (PID: 3388)

    • Executable content was dropped or overwritten

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdateSetup.exe (PID: 3036)
      • AVGBrowserUpdate.exe (PID: 3076)
      • avg_secure_browser_setup.exe (PID: 2340)

    • Reads the Internet Settings

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdate.exe (PID: 3408)
      • AVGBrowserUpdate.exe (PID: 1796)

    • Checks Windows Trust Settings

      • ajFED.exe (PID: 3388)

    • Searches for installed software

      • ajFED.exe (PID: 3388)

    • Reads security settings of Internet Explorer

      • ajFED.exe (PID: 3388)

    • Reads settings of System Certificates

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdate.exe (PID: 3408)
      • AVGBrowserUpdate.exe (PID: 1796)

    • Starts itself from another location

      • AVGBrowserUpdate.exe (PID: 3076)

    • Creates/Modifies COM task schedule object

      • AVGBrowserUpdate.exe (PID: 3304)

    • Process requests binary or script from the Internet

      • AVGBrowserUpdate.exe (PID: 1796)

  • INFO

    • Checks supported languages

      • avg_secure_browser_setup.exe (PID: 2340)
      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdate.exe (PID: 3076)
      • AVGBrowserUpdateSetup.exe (PID: 3036)
      • AVGBrowserUpdate.exe (PID: 3304)
      • AVGBrowserUpdate.exe (PID: 3408)
      • AVGBrowserUpdate.exe (PID: 3636)
      • AVGBrowserUpdate.exe (PID: 1796)

    • The process checks LSA protection

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdate.exe (PID: 3076)
      • AVGBrowserUpdate.exe (PID: 3408)
      • AVGBrowserUpdate.exe (PID: 3636)
      • AVGBrowserUpdate.exe (PID: 1796)
      • avg_secure_browser_setup.exe (PID: 2340)

    • Create files in a temporary directory

      • avg_secure_browser_setup.exe (PID: 2340)
      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdateSetup.exe (PID: 3036)
      • AVGBrowserUpdate.exe (PID: 1796)
      • chrome.exe (PID: 2996)

    • Process checks computer location settings

      • avg_secure_browser_setup.exe (PID: 2340)
      • ajFED.exe (PID: 3388)

    • Reads Environment values

      • avg_secure_browser_setup.exe (PID: 2340)
      • ajFED.exe (PID: 3388)

    • Reads the computer name

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdate.exe (PID: 3076)
      • AVGBrowserUpdate.exe (PID: 3304)
      • AVGBrowserUpdate.exe (PID: 3636)
      • AVGBrowserUpdate.exe (PID: 3408)
      • AVGBrowserUpdate.exe (PID: 1796)
      • avg_secure_browser_setup.exe (PID: 2340)

    • Reads the machine GUID from the registry

      • ajFED.exe (PID: 3388)
      • AVGBrowserUpdate.exe (PID: 3076)
      • AVGBrowserUpdate.exe (PID: 3636)
      • AVGBrowserUpdate.exe (PID: 1796)
      • AVGBrowserUpdate.exe (PID: 3408)

    • Checks proxy server information

      • ajFED.exe (PID: 3388)

    • Creates files or folders in the user directory

      • AVGBrowserUpdate.exe (PID: 3076)

    • Manual execution by a user

      • chrome.exe (PID: 2996)

    • Application launched itself

      • chrome.exe (PID: 2996)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

ProductVersion: 8.9.0.6117
ProductName: إعداد AVG Secure Browser
OmahaVersion: 1.8.1582.3
LegalCopyright: حقوق الطبع والنشر لعام 2022 لـ AVG Technologies
JsisCommit: bc26fe057328f82c2184a80394770674a7aad8a8
InternalName: AVG Secure Browser
InstallerKeyword: avg-securebrowser
InstallerEdition: web
InstallerCommit: e8ba9200ad22ea9e3eab4921fb59ea3846132883
FileVersion: 8.9.0.6117
FileDescription: إعداد AVG Secure Browser
BuildVersion: 8.9.0.6117
BuildTimestamp: 1670430887
BuildDate: 19700120T080030
CharacterSet: Windows, Arabic
LanguageCode: Arabic
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0000
ProductVersionNumber: 8.9.0.6117
FileVersionNumber: 8.9.0.6117
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: 6
OSVersion: 4
EntryPoint: 0x350d
UninitializedDataSize: 2048
InitializedDataSize: 141824
CodeSize: 26112
LinkerVersion: 6
PEType: PE32
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
TimeStamp: 2019:12:16 00:50:53+00:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 16-Dec-2019 00:50:53
Detected languages:
  • Arabic - Saudi Arabia
  • Belarusian - Belarus
  • Bulgarian - Bulgaria
  • Catalan - Spain
  • Chinese - PRC
  • Chinese - Taiwan
  • Croatian - Croatia
  • Czech - Czech Republic
  • Danish - Denmark
  • Dutch - Netherlands
  • English - United States
  • Estonian - Estonia
  • Farsi - Iran
  • Finnish - Finland
  • French - France
  • German - Germany
  • Greek - Greece
  • Hebrew - Israel
  • Hindi - India
  • Hungarian - Hungary
  • Indonesian - Indonesia (Bahasa)
  • Italian - Italy
  • Japanese - Japan
  • Korean - Korea
  • Latvian - Latvia
  • Lithuanian - Lithuania
  • Malay - Malaysia
  • Norwegian - Norway (Bokmal)
  • Polish - Poland
  • Portuguese - Brazil
  • Portuguese - Portugal
  • Romanian - Romania
  • Russian - Russia
  • Serbian - Serbia (Latin)
  • Slovak - Slovakia
  • Slovenian - Slovenia
  • Spanish - Spain (Traditional sort)
  • Swedish - Sweden
  • Thai - Thailand
  • Turkish - Turkey
  • Ukrainian - Ukraine
  • Urdu - Pakistan
  • Vietnamese - Viet Nam
BuildDate: 19700120T080030
BuildTimestamp: 1670430887
BuildVersion: 8.9.0.6117
FileDescription: Podešavanje programa AVG Secure Browser
FileVersion: 8.9.0.6117
InstallerCommit: e8ba9200ad22ea9e3eab4921fb59ea3846132883
InstallerEdition: web
InstallerKeyword: avg-securebrowser
InternalName: AVG Secure Browser
JsisCommit: bc26fe057328f82c2184a80394770674a7aad8a8
LegalCopyright: (c) 2022 AVG Technologies
OmahaVersion: 1.8.1582.3
ProductName: Podešavanje programa AVG Secure Browser
ProductVersion: 8.9.0.6117

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000C8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 16-Dec-2019 00:50:53
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x0000647B
0x00006600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.42652
.rdata
0x00008000
0x00001384
0x00001400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.13635
.data
0x0000A000
0x00020358
0x00000600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.00585
.ndata
0x0002B000
0x0005F000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rsrc
0x0008A000
0x0001FE30
0x00020000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.73406

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.29132
1020
UNKNOWN
English - United States
RT_MANIFEST
2
4.91525
9640
UNKNOWN
English - United States
RT_ICON
3
5.33705
4264
UNKNOWN
English - United States
RT_ICON
4
5.11052
3752
UNKNOWN
English - United States
RT_ICON
5
5.10581
2216
UNKNOWN
English - United States
RT_ICON
6
3.83709
1640
UNKNOWN
English - United States
RT_ICON
7
4.74131
1384
UNKNOWN
English - United States
RT_ICON
8
6.00508
1128
UNKNOWN
English - United States
RT_ICON
9
4.30117
744
UNKNOWN
English - United States
RT_ICON
10
4.53771
296
UNKNOWN
English - United States
RT_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
22
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start avg_secure_browser_setup.exe ajfed.exe avgbrowserupdatesetup.exe avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
900"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1236"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1240"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1228 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
1760"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
1796"C:\Users\admin\AppData\Local\AVG\Browser\Update\AVGBrowserUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\AVG\Browser\Update\AVGBrowserUpdate.exe
svchost.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Browser
Exit code:
0
Version:
1.8.1582.3
Modules
Images
c:\users\admin\appdata\local\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
2172"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2340"C:\Users\admin\Downloads\avg_secure_browser_setup.exe" C:\Users\admin\Downloads\avg_secure_browser_setup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
AVG Secure Browser Setup
Exit code:
0
Version:
8.9.0.6117
Modules
Images
c:\users\admin\downloads\avg_secure_browser_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
2396"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3440 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
2440"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,4023313611510043691,5709943873986516332,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3124 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
Total events
45 030
Read events
41 828
Write events
3 180
Delete events
22

Modification events

(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000003D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3388) ajFED.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3388) ajFED.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3304) AVGBrowserUpdate.exeKey:HKEY_CLASSES_ROOT\CLSID\{C9D22417-34EB-416B-BE82-31D5660097D6}\InprocServer32
Operation:delete keyName:(default)
Value:
Executable files
346
Suspicious files
262
Text files
218
Unknown types
22

Dropped files

PID
Process
Filename
Type
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\avg-securebrowser-web-tagsbinary
MD5:
SHA256:
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsc482.tmp\StdUtils.dllexecutable
MD5:9A44BA9A6E36099D8058FED7FEB1CA5A
SHA256:445A8C41038974BF604CD826E192DA08431E8B0C72F6A8ECB6894F8C5A6C777D
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsc482.tmp\nsJSON.dllexecutable
MD5:18662C1ACB667A9DB5FB9E90AA0F5DC8
SHA256:608D4AEFD5C5184BC109CBD94A5D4C8883A4AE6CEDF81CFC3028D2570A849A66
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsc482.tmp\jsis.dllexecutable
MD5:465D5265BFE5B90F821235F0E13BA5E4
SHA256:ECCA190CE5307CEE4B4F02062BA0FCA6AE2D0FA0D5AC223C726EAB31D55B822D
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsc482.tmp\Midex.dllexecutable
MD5:00FD199D6B8D08446F4862C31B191CA7
SHA256:1B2A0DE815E288161F0A156B4D1F17F06D2F4840B71D9D1903AD1284192CDE24
3388ajFED.exeC:\Users\admin\AppData\Local\Temp\nsc11D0.tmp\nsJSON.dllexecutable
MD5:18662C1ACB667A9DB5FB9E90AA0F5DC8
SHA256:608D4AEFD5C5184BC109CBD94A5D4C8883A4AE6CEDF81CFC3028D2570A849A66
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsc482.tmp\AccessControl.dllexecutable
MD5:604A2E2AE485971E2FA3C87381C34FA7
SHA256:5C5299D0B5EC902D6E17C81BA429094D943C38F6852A76292BB6BCBBF44AA163
2340avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsc482.tmp\JsisPlugins.dllexecutable
MD5:3F4F65C3551435AA4F70B23DB238E027
SHA256:3D52F17598297580CC04E8698010D8234B199250803F826FA03031A8F8507E7F
3388ajFED.exeC:\Users\admin\AppData\Local\Temp\nsc11D0.tmp\FF.places.tmp
MD5:
SHA256:
3388ajFED.exeC:\Users\admin\AppData\Local\Temp\nsc11D0.tmp\StdUtils.dllexecutable
MD5:9A44BA9A6E36099D8058FED7FEB1CA5A
SHA256:445A8C41038974BF604CD826E192DA08431E8B0C72F6A8ECB6894F8C5A6C777D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
26
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1796
AVGBrowserUpdate.exe
GET
23.48.23.58:80
http://browser-update.avg.com/browser-avg/win/x86/109.0.19981.121/AVGBrowserInstaller.exe
US
whitelisted
3712
chrome.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
crx
242 Kb
whitelisted
3388
ajFED.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
3388
ajFED.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0ed25029d42cd405
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3388
ajFED.exe
172.67.5.41:443
stats.avgbrowser.com
CLOUDFLARENET
US
whitelisted
3388
ajFED.exe
104.22.65.125:443
stats.avgbrowser.com
CLOUDFLARENET
whitelisted
3388
ajFED.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3388
ajFED.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1796
AVGBrowserUpdate.exe
172.67.5.41:443
stats.avgbrowser.com
CLOUDFLARENET
US
whitelisted
3408
AVGBrowserUpdate.exe
172.67.5.41:443
stats.avgbrowser.com
CLOUDFLARENET
US
whitelisted
3712
chrome.exe
142.250.181.238:443
clients2.google.com
GOOGLE
US
whitelisted
3712
chrome.exe
142.250.185.205:443
accounts.google.com
GOOGLE
US
suspicious
3712
chrome.exe
142.250.184.195:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
3712
chrome.exe
142.250.186.100:443
www.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
stats.avgbrowser.com
  • 172.67.5.41
  • 104.22.65.125
  • 104.22.64.125
suspicious
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
update.avgbrowser.com
  • 172.67.5.41
  • 104.22.64.125
  • 104.22.65.125
suspicious
clientservices.googleapis.com
  • 142.250.184.195
whitelisted
clients2.google.com
  • 142.250.181.238
whitelisted
accounts.google.com
  • 142.250.185.205
shared
www.google.com
  • 142.250.186.100
malicious
clients2.googleusercontent.com
  • 142.250.186.129
whitelisted
fonts.googleapis.com
  • 142.250.185.138
whitelisted

Threats

PID
Process
Class
Message
1796
AVGBrowserUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avg_secure_browser_setup.exe