File name:

pdfcreator-5.3.2-installer_9Xx-4S1.exe

Full analysis: https://app.any.run/tasks/a37b41eb-f61a-4e31-8600-5b5710e7a88c
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 21, 2025, 17:22:51
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
innosetup
delphi
inno
installer
arch-exec
loader
stealer
antivm
auto-reg
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

7A6577A02C87D22263633A1667AABEB6

SHA1:

9EAA735E7B5778F5AA99186072900B875989522E

SHA256:

362F9D3A1DCE84EDB668181D458FE0DF02671CE270EBE367A823F9B54E15F3C6

SSDEEP:

98304:WLVIF8P3n1BLHxtD59KEKjSvDQgokZWtKsovt0FcN2TFOMR8gW6rijUNG2KOYGco:6sYr3t/m7qoEJ+bBH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • AvastBrowserInstaller.exe (PID: 2108)
      • AvastBrowserInstaller.exe (PID: 2384)
      • AvastBrowser.exe (PID: 3836)

    • Changes the autorun value in the registry

      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7180)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 2524)
      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 4036)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • avast_secure_browser_setup.exe (PID: 4172)
      • saBSI.exe (PID: 6388)
      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • AvastBrowserUpdate.exe (PID: 4760)
      • saBSI.exe (PID: 1180)
      • 7z.exe (PID: 3876)
      • avast_secure_browser_setup.exe (PID: 4116)
      • installer.exe (PID: 4456)
      • installer.exe (PID: 516)
      • AvastBrowserInstaller.exe (PID: 7868)
      • saBSI.exe (PID: 5620)
      • saBSI.exe (PID: 7960)
      • setup.exe (PID: 7884)
      • AvastBrowserInstaller.exe (PID: 2108)
      • tmpE5C2.tmp (PID: 4948)
      • 7z.exe (PID: 6388)
      • PDFCreatorSetup.exe (PID: 2388)
      • rundll32.exe (PID: 7880)
      • rundll32.exe (PID: 1636)
      • rundll32.exe (PID: 1816)
      • rundll32.exe (PID: 7264)
      • rundll32.exe (PID: 8652)

    • Reads security settings of Internet Explorer

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 3392)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • saBSI.exe (PID: 6388)
      • AvastBrowserInstaller.exe (PID: 2108)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • AvastBrowserUpdate.exe (PID: 4760)
      • saBSI.exe (PID: 1180)
      • PDFCreatorSetup.exe (PID: 1576)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 516)
      • uihost.exe (PID: 7212)
      • saBSI.exe (PID: 5620)
      • saBSI.exe (PID: 7960)
      • chrmstp.exe (PID: 7564)
      • tmpE5C2.tmp (PID: 4948)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 1560)

    • Reads the Windows owner or organization settings

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • msiexec.exe (PID: 7980)

    • The process verifies whether the antivirus software is installed

      • AvastBrowserInstaller.exe (PID: 2108)
      • AvastBrowserUpdate.exe (PID: 4760)
      • AvastBrowserUpdate.exe (PID: 6572)
      • AvastBrowserUpdate.exe (PID: 5952)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7108)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 4744)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 3860)
      • AvastBrowserUpdate.exe (PID: 1632)
      • AvastBrowserUpdate.exe (PID: 2728)
      • AvastBrowserUpdate.exe (PID: 3480)
      • saBSI.exe (PID: 1180)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 4456)
      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • uihost.exe (PID: 7212)
      • updater.exe (PID: 7652)
      • cmd.exe (PID: 7744)
      • cmd.exe (PID: 7804)
      • AvastBrowserInstaller.exe (PID: 7868)
      • setup.exe (PID: 7904)
      • setup.exe (PID: 7884)
      • saBSI.exe (PID: 7960)
      • AvastBrowserCrashHandler64.exe (PID: 8088)
      • AvastBrowserCrashHandler.exe (PID: 8080)
      • AvastBrowser.exe (PID: 7192)
      • AvastBrowser.exe (PID: 7180)
      • chrmstp.exe (PID: 5556)
      • chrmstp.exe (PID: 7108)
      • chrmstp.exe (PID: 4112)
      • chrmstp.exe (PID: 7564)
      • AvastBrowser.exe (PID: 3800)
      • AvastBrowser.exe (PID: 7896)
      • elevation_service.exe (PID: 8068)
      • AvastBrowser.exe (PID: 7932)
      • AvastBrowser.exe (PID: 6584)
      • AvastBrowser.exe (PID: 4844)
      • AvastBrowser.exe (PID: 8088)
      • AvastBrowser.exe (PID: 3836)
      • elevation_service.exe (PID: 7956)
      • AvastBrowser.exe (PID: 7192)
      • AvastBrowser.exe (PID: 2388)
      • AvastBrowser.exe (PID: 3460)
      • AvastBrowser.exe (PID: 6392)
      • AvastBrowser.exe (PID: 5988)
      • elevation_service.exe (PID: 8040)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 7944)
      • AvastBrowser.exe (PID: 424)
      • AvastBrowser.exe (PID: 4864)
      • AvastBrowser.exe (PID: 7724)
      • AvastBrowser.exe (PID: 72)
      • AvastBrowser.exe (PID: 8092)
      • AvastBrowser.exe (PID: 5288)
      • AvastBrowser.exe (PID: 1528)
      • AvastBrowser.exe (PID: 5476)
      • AvastBrowser.exe (PID: 5020)
      • AvastBrowser.exe (PID: 2880)
      • AvastBrowser.exe (PID: 7572)
      • AvastBrowser.exe (PID: 8140)
      • AvastBrowser.exe (PID: 5576)
      • AvastBrowser.exe (PID: 6140)
      • AvastBrowser.exe (PID: 2400)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 8040)
      • AvastBrowser.exe (PID: 4824)
      • AvastBrowser.exe (PID: 1948)
      • AvastBrowser.exe (PID: 4200)
      • AvastBrowser.exe (PID: 7844)
      • AvastBrowser.exe (PID: 5236)
      • AvastBrowser.exe (PID: 5468)
      • AvastBrowser.exe (PID: 5904)
      • AvastBrowser.exe (PID: 1524)
      • AvastBrowser.exe (PID: 8148)
      • AvastBrowser.exe (PID: 7892)
      • AvastBrowser.exe (PID: 7260)
      • AvastBrowser.exe (PID: 8032)
      • AvastBrowser.exe (PID: 7572)
      • AvastBrowser.exe (PID: 7296)
      • AvastBrowser.exe (PID: 6572)
      • AvastBrowser.exe (PID: 2112)
      • AvastBrowser.exe (PID: 7096)
      • AvastBrowser.exe (PID: 72)
      • AvastBrowser.exe (PID: 8116)
      • AvastBrowser.exe (PID: 7000)
      • AvastBrowser.exe (PID: 1980)
      • AvastBrowser.exe (PID: 4112)
      • AvastBrowser.exe (PID: 8048)
      • AvastBrowser.exe (PID: 1128)
      • AvastBrowser.exe (PID: 7256)
      • AvastBrowser.exe (PID: 2356)
      • AvastBrowser.exe (PID: 7656)
      • AvastBrowser.exe (PID: 7920)
      • setup.exe (PID: 8128)
      • AvastBrowser.exe (PID: 4228)
      • setup.exe (PID: 7912)
      • AvastBrowser.exe (PID: 1524)
      • AvastBrowser.exe (PID: 7724)
      • AvastBrowser.exe (PID: 1560)
      • AvastBrowser.exe (PID: 5576)
      • AvastBrowser.exe (PID: 2468)
      • AvastBrowser.exe (PID: 4476)
      • elevation_service.exe (PID: 5188)
      • AvastBrowser.exe (PID: 8068)
      • AvastBrowser.exe (PID: 2040)
      • AvastBrowser.exe (PID: 7940)
      • AvastBrowser.exe (PID: 7708)

    • Adds/modifies Windows certificates

      • saBSI.exe (PID: 6388)
      • AvastBrowserInstaller.exe (PID: 2108)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • servicehost.exe (PID: 4724)
      • tmpE5C2.tmp (PID: 4948)

    • Drops 7-zip archiver for unpacking

      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • tmpE5C2.tmp (PID: 4948)

    • Disables SEHOP

      • AvastBrowserUpdate.exe (PID: 4760)

    • Creates/Modifies COM task schedule object

      • AvastBrowserUpdateComRegisterShell64.exe (PID: 4744)
      • AvastBrowserUpdate.exe (PID: 6572)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7108)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 3860)
      • AvastBrowserUpdate.exe (PID: 4760)
      • installer.exe (PID: 516)

    • Starts itself from another location

      • AvastBrowserUpdate.exe (PID: 4760)

    • Executes as Windows Service

      • AvastBrowserUpdate.exe (PID: 2728)
      • servicehost.exe (PID: 4724)
      • elevation_service.exe (PID: 8068)
      • elevation_service.exe (PID: 7956)
      • elevation_service.exe (PID: 8040)
      • elevation_service.exe (PID: 5188)

    • Reads the date of Windows installation

      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • chrmstp.exe (PID: 7564)
      • tmpE5C2.tmp (PID: 4948)
      • AvastBrowser.exe (PID: 1560)

    • Executes application which crashes

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)

    • Process drops legitimate windows executable

      • 7z.exe (PID: 3876)
      • installer.exe (PID: 516)
      • 7z.exe (PID: 6388)
      • msiexec.exe (PID: 7980)

    • Process requests binary or script from the Internet

      • AvastBrowserUpdate.exe (PID: 2728)

    • Potential Corporate Privacy Violation

      • AvastBrowserUpdate.exe (PID: 2728)

    • There is functionality for taking screenshot (YARA)

      • avast_secure_browser_setup.exe (PID: 4172)
      • AvastBrowserInstaller.exe (PID: 2108)

    • The process creates files with name similar to system file names

      • installer.exe (PID: 516)

    • There is functionality for VM detection antiVM strings (YARA)

      • AvastBrowserInstaller.exe (PID: 2108)

    • There is functionality for VM detection VMWare (YARA)

      • AvastBrowserInstaller.exe (PID: 2108)

    • There is functionality for VM detection VirtualBox (YARA)

      • AvastBrowserInstaller.exe (PID: 2108)

    • Creates a software uninstall entry

      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • setup.exe (PID: 7884)
      • AvastBrowserInstaller.exe (PID: 2108)
      • elevation_service.exe (PID: 8068)
      • elevation_service.exe (PID: 8040)
      • elevation_service.exe (PID: 5188)

    • Reads Mozilla Firefox installation path

      • uihost.exe (PID: 7212)
      • servicehost.exe (PID: 4724)

    • Starts CMD.EXE for commands execution

      • updater.exe (PID: 7652)

    • Searches for installed software

      • updater.exe (PID: 7652)
      • setup.exe (PID: 7884)
      • AvastBrowserInstaller.exe (PID: 2108)
      • chrmstp.exe (PID: 5556)
      • chrmstp.exe (PID: 7564)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowserInstaller.exe (PID: 2384)
      • PDFCreatorSetup.exe (PID: 2388)
      • setup.exe (PID: 8128)
      • AvastBrowser.exe (PID: 4228)
      • rundll32.exe (PID: 1816)

    • Application launched itself

      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7180)
      • chrmstp.exe (PID: 5556)
      • chrmstp.exe (PID: 7564)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 7892)
      • AvastBrowser.exe (PID: 7572)
      • setup.exe (PID: 8128)
      • AvastBrowser.exe (PID: 4228)
      • AvastBrowser.exe (PID: 7940)
      • msiexec.exe (PID: 7980)

    • Starts application with an unusual extension

      • PDFCreatorSetup.exe (PID: 1576)

    • Reads the BIOS version

      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 4228)

    • Checks for external IP

      • AvastBrowser.exe (PID: 4476)

    • Uses RUNDLL32.EXE to load library

      • msiexec.exe (PID: 5564)

  • INFO

    • Checks supported languages

      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 2524)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 3392)
      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 4036)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • saBSI.exe (PID: 6388)
      • avast_secure_browser_setup.exe (PID: 4172)
      • saBSI.exe (PID: 5620)
      • AvastBrowserInstaller.exe (PID: 2108)
      • saBSI.exe (PID: 1180)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • 7z.exe (PID: 3876)
      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)
      • AvastBrowserUpdate.exe (PID: 5952)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 4744)
      • AvastBrowserUpdate.exe (PID: 6572)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 3860)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7108)
      • AvastBrowserUpdate.exe (PID: 3480)
      • AvastBrowserUpdate.exe (PID: 1632)
      • AvastBrowserUpdate.exe (PID: 2728)
      • PDFCreatorSetup.exe (PID: 1576)
      • avast_secure_browser_setup.exe (PID: 4116)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 4456)
      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • uihost.exe (PID: 7212)
      • updater.exe (PID: 7652)
      • AvastBrowserInstaller.exe (PID: 7868)
      • setup.exe (PID: 7884)
      • setup.exe (PID: 7904)
      • saBSI.exe (PID: 7960)
      • AvastBrowserCrashHandler64.exe (PID: 8088)
      • AvastBrowserCrashHandler.exe (PID: 8080)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 7192)
      • chrmstp.exe (PID: 5556)
      • chrmstp.exe (PID: 7564)
      • chrmstp.exe (PID: 7108)
      • chrmstp.exe (PID: 4112)
      • tmpE5C2.tmp (PID: 4948)
      • 7z.exe (PID: 6388)
      • AvastBrowser.exe (PID: 3800)
      • AvastBrowser.exe (PID: 7896)
      • AvastBrowser.exe (PID: 7932)
      • elevation_service.exe (PID: 8068)
      • AvastBrowser.exe (PID: 6584)
      • AvastBrowser.exe (PID: 3836)
      • AvastBrowser.exe (PID: 8088)
      • elevation_service.exe (PID: 7956)
      • AvastBrowser.exe (PID: 4844)
      • AvastBrowser.exe (PID: 7192)
      • AvastBrowser.exe (PID: 2388)
      • AvastBrowser.exe (PID: 3460)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 424)
      • AvastBrowser.exe (PID: 6392)
      • AvastBrowser.exe (PID: 5988)
      • elevation_service.exe (PID: 8040)
      • AvastBrowser.exe (PID: 7944)
      • AvastBrowser.exe (PID: 4864)
      • AvastBrowser.exe (PID: 7724)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 72)
      • AvastBrowser.exe (PID: 8092)
      • AvastBrowser.exe (PID: 5288)
      • AvastBrowser.exe (PID: 1528)
      • AvastBrowser.exe (PID: 5476)
      • AvastBrowser.exe (PID: 2880)
      • AvastBrowser.exe (PID: 5020)
      • AvastBrowser.exe (PID: 7572)
      • AvastBrowser.exe (PID: 8140)
      • AvastBrowser.exe (PID: 5576)
      • AvastBrowser.exe (PID: 6140)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 2400)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 8040)
      • AvastBrowser.exe (PID: 4824)
      • AvastBrowser.exe (PID: 1948)
      • AvastBrowser.exe (PID: 4200)
      • AvastBrowser.exe (PID: 7844)
      • AvastBrowser.exe (PID: 5236)
      • AvastBrowser.exe (PID: 5904)
      • AvastBrowser.exe (PID: 1524)
      • AvastBrowser.exe (PID: 8148)
      • AvastBrowser.exe (PID: 7892)
      • AvastBrowser.exe (PID: 8032)
      • AvastBrowser.exe (PID: 7260)
      • AvastBrowser.exe (PID: 8116)
      • AvastBrowser.exe (PID: 5468)
      • AvastBrowser.exe (PID: 7572)
      • AvastBrowser.exe (PID: 7296)
      • AvastBrowser.exe (PID: 6572)
      • AvastBrowser.exe (PID: 2112)
      • AvastBrowser.exe (PID: 7096)
      • AvastBrowser.exe (PID: 72)
      • AvastBrowser.exe (PID: 7000)
      • AvastBrowser.exe (PID: 1980)
      • AvastBrowser.exe (PID: 4112)
      • AvastBrowser.exe (PID: 8048)
      • AvastBrowser.exe (PID: 1128)
      • AvastBrowser.exe (PID: 7256)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 7656)
      • AvastBrowser.exe (PID: 2356)
      • AvastBrowser.exe (PID: 7724)
      • msiexec.exe (PID: 7980)
      • setup.exe (PID: 8128)
      • AvastBrowser.exe (PID: 1524)
      • setup.exe (PID: 7912)
      • AvastBrowser.exe (PID: 1560)
      • AvastBrowser.exe (PID: 4228)
      • AvastBrowser.exe (PID: 5576)
      • AvastBrowser.exe (PID: 4476)
      • AvastBrowser.exe (PID: 2468)
      • elevation_service.exe (PID: 5188)
      • AvastBrowser.exe (PID: 2040)
      • AvastBrowser.exe (PID: 8068)
      • AvastBrowser.exe (PID: 7940)
      • AvastBrowser.exe (PID: 7708)
      • msiexec.exe (PID: 5564)

    • Reads the computer name

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 3392)
      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 4036)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • saBSI.exe (PID: 6388)
      • saBSI.exe (PID: 5620)
      • AvastBrowserInstaller.exe (PID: 2108)
      • saBSI.exe (PID: 1180)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • 7z.exe (PID: 3876)
      • AvastBrowserUpdate.exe (PID: 4760)
      • AvastBrowserUpdate.exe (PID: 5952)
      • AvastBrowserUpdate.exe (PID: 6572)
      • AvastBrowserUpdate.exe (PID: 3480)
      • AvastBrowserUpdate.exe (PID: 1632)
      • AvastBrowserUpdate.exe (PID: 2728)
      • PDFCreatorSetup.exe (PID: 1576)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • uihost.exe (PID: 7212)
      • updater.exe (PID: 7652)
      • AvastBrowserInstaller.exe (PID: 7868)
      • setup.exe (PID: 7884)
      • saBSI.exe (PID: 7960)
      • AvastBrowser.exe (PID: 7180)
      • chrmstp.exe (PID: 5556)
      • chrmstp.exe (PID: 7564)
      • tmpE5C2.tmp (PID: 4948)
      • 7z.exe (PID: 6388)
      • AvastBrowser.exe (PID: 3800)
      • elevation_service.exe (PID: 8068)
      • AvastBrowser.exe (PID: 7896)
      • AvastBrowser.exe (PID: 3836)
      • elevation_service.exe (PID: 7956)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 6392)
      • elevation_service.exe (PID: 8040)
      • AvastBrowser.exe (PID: 424)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 7892)
      • AvastBrowser.exe (PID: 7572)
      • msiexec.exe (PID: 7980)
      • AvastBrowser.exe (PID: 4228)
      • setup.exe (PID: 8128)
      • AvastBrowser.exe (PID: 1560)
      • AvastBrowser.exe (PID: 5576)
      • elevation_service.exe (PID: 5188)
      • AvastBrowser.exe (PID: 4476)
      • AvastBrowser.exe (PID: 7940)
      • msiexec.exe (PID: 5564)

    • Reads Environment values

      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 2524)
      • PDFCreatorSetup.exe (PID: 1576)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 1336)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 4228)

    • Create files in a temporary directory

      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 2524)
      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 4036)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • avast_secure_browser_setup.exe (PID: 4172)
      • AvastBrowserInstaller.exe (PID: 2108)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • 7z.exe (PID: 3876)
      • saBSI.exe (PID: 1180)
      • AvastBrowserUpdate.exe (PID: 2728)
      • PDFCreatorSetup.exe (PID: 1576)
      • avast_secure_browser_setup.exe (PID: 4116)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 516)
      • saBSI.exe (PID: 7960)
      • tmpE5C2.tmp (PID: 4948)
      • AvastBrowser.exe (PID: 7180)
      • 7z.exe (PID: 6388)
      • AvastBrowser.exe (PID: 1336)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 4228)

    • Process checks computer location settings

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 3392)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • AvastBrowserInstaller.exe (PID: 2108)
      • AvastBrowserUpdate.exe (PID: 4760)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • AvastBrowserInstaller.exe (PID: 2384)
      • uihost.exe (PID: 7212)
      • servicehost.exe (PID: 4724)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 6584)
      • AvastBrowser.exe (PID: 4844)
      • AvastBrowser.exe (PID: 8088)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 7944)
      • tmpE5C2.tmp (PID: 4948)
      • AvastBrowser.exe (PID: 2400)
      • AvastBrowser.exe (PID: 8040)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 4824)
      • AvastBrowser.exe (PID: 2356)
      • AvastBrowser.exe (PID: 4228)
      • AvastBrowser.exe (PID: 1560)
      • AvastBrowser.exe (PID: 8068)
      • AvastBrowser.exe (PID: 2040)

    • Checks proxy server information

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • saBSI.exe (PID: 6388)
      • AvastBrowserInstaller.exe (PID: 2108)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • AvastBrowserUpdate.exe (PID: 3480)
      • saBSI.exe (PID: 1180)
      • PDFCreatorSetup.exe (PID: 1576)
      • WerFault.exe (PID: 6400)
      • WerFault.exe (PID: 6724)
      • AvastBrowserInstaller.exe (PID: 2384)
      • saBSI.exe (PID: 5620)
      • saBSI.exe (PID: 7960)
      • slui.exe (PID: 5564)
      • tmpE5C2.tmp (PID: 4948)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 1336)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 4228)

    • Reads the machine GUID from the registry

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • saBSI.exe (PID: 6388)
      • AvastBrowserInstaller.exe (PID: 2108)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • saBSI.exe (PID: 1180)
      • AvastBrowserUpdate.exe (PID: 4760)
      • AvastBrowserUpdate.exe (PID: 3480)
      • AvastBrowserUpdate.exe (PID: 2728)
      • PDFCreatorSetup.exe (PID: 1576)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • uihost.exe (PID: 7212)
      • updater.exe (PID: 7652)
      • saBSI.exe (PID: 5620)
      • saBSI.exe (PID: 7960)
      • tmpE5C2.tmp (PID: 4948)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 1336)
      • PDFCreatorSetup.exe (PID: 2388)
      • AvastBrowser.exe (PID: 4228)
      • msiexec.exe (PID: 7980)

    • Reads the software policy settings

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • saBSI.exe (PID: 6388)
      • AvastBrowserInstaller.exe (PID: 2108)
      • saBSI.exe (PID: 1180)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • AvastBrowserUpdate.exe (PID: 3480)
      • AvastBrowserUpdate.exe (PID: 2728)
      • PDFCreatorSetup.exe (PID: 1576)
      • WerFault.exe (PID: 6400)
      • WerFault.exe (PID: 6724)
      • AvastBrowserInstaller.exe (PID: 2384)
      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • uihost.exe (PID: 7212)
      • updater.exe (PID: 7652)
      • saBSI.exe (PID: 5620)
      • saBSI.exe (PID: 7960)
      • slui.exe (PID: 5564)
      • tmpE5C2.tmp (PID: 4948)
      • PDFCreatorSetup.exe (PID: 2388)
      • msiexec.exe (PID: 7980)

    • Compiled with Borland Delphi (YARA)

      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 2524)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 3392)
      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 4036)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)

    • Detects InnoSetup installer (YARA)

      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 2524)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 3392)
      • pdfcreator-5.3.2-installer_9Xx-4S1.exe (PID: 4036)
      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)

    • The sample compiled with english language support

      • pdfcreator-5.3.2-installer_9Xx-4S1.tmp (PID: 6408)
      • avast_secure_browser_setup.exe (PID: 4172)
      • saBSI.exe (PID: 6388)
      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • AvastBrowserUpdate.exe (PID: 4760)
      • 7z.exe (PID: 3876)
      • avast_secure_browser_setup.exe (PID: 4116)
      • installer.exe (PID: 4456)
      • installer.exe (PID: 516)
      • AvastBrowserInstaller.exe (PID: 7868)
      • saBSI.exe (PID: 5620)
      • setup.exe (PID: 7884)
      • tmpE5C2.tmp (PID: 4948)
      • 7z.exe (PID: 6388)
      • PDFCreatorSetup.exe (PID: 2388)
      • msiexec.exe (PID: 7980)

    • Creates files in the program directory

      • saBSI.exe (PID: 6388)
      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)
      • AvastBrowserUpdate.exe (PID: 2728)
      • PDFCreatorSetup.exe (PID: 1576)
      • saBSI.exe (PID: 1180)
      • installer.exe (PID: 4456)
      • installer.exe (PID: 516)
      • servicehost.exe (PID: 4724)
      • uihost.exe (PID: 7212)
      • AvastBrowserInstaller.exe (PID: 7868)
      • setup.exe (PID: 7884)
      • saBSI.exe (PID: 5620)
      • AvastBrowserInstaller.exe (PID: 2108)
      • PDFCreatorSetup.exe (PID: 2388)
      • setup.exe (PID: 8128)

    • Manual execution by a user

      • saBSI.exe (PID: 5240)
      • saBSI.exe (PID: 5620)
      • avast_secure_browser_setup.exe (PID: 4116)
      • OpenWith.exe (PID: 6732)
      • chrmstp.exe (PID: 5556)
      • AvastBrowser.exe (PID: 7892)
      • AvastBrowser.exe (PID: 7572)
      • msedge.exe (PID: 7976)
      • msedge.exe (PID: 8504)
      • msedge.exe (PID: 8704)
      • msedge.exe (PID: 8896)
      • msedge.exe (PID: 9040)
      • msedge.exe (PID: 9152)
      • msedge.exe (PID: 2508)

    • Creates files or folders in the user directory

      • AvastBrowserInstaller.exe (PID: 2108)
      • pdfcreator-5.3.2-installer.exe (PID: 6332)
      • WerFault.exe (PID: 6400)
      • WerFault.exe (PID: 6724)
      • chrmstp.exe (PID: 7564)
      • tmpE5C2.tmp (PID: 4948)
      • AvastBrowser.exe (PID: 7180)
      • AvastBrowser.exe (PID: 7896)
      • AvastBrowser.exe (PID: 3460)
      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 424)
      • AvastBrowser.exe (PID: 7260)
      • AvastBrowser.exe (PID: 7892)
      • AvastBrowser.exe (PID: 7572)
      • AvastBrowser.exe (PID: 1524)
      • AvastBrowser.exe (PID: 4228)
      • AvastBrowser.exe (PID: 4476)
      • AvastBrowser.exe (PID: 7940)

    • The sample compiled with arabic language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with bulgarian language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with czech language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with german language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with french language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with japanese language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with korean language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with Indonesian language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with polish language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with Italian language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with portuguese language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with swedish language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with russian language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with slovak language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with turkish language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • The sample compiled with chinese language support

      • AvastBrowserUpdateSetup.exe (PID: 3572)
      • AvastBrowserUpdate.exe (PID: 4760)

    • Disables trace logs

      • PDFCreatorSetup.exe (PID: 1576)
      • PDFCreatorSetup.exe (PID: 2388)

    • Process checks whether UAC notifications are on

      • AvastBrowserInstaller.exe (PID: 2384)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 6732)

    • Launching a file from a Registry key

      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7180)

    • Reads CPU info

      • AvastBrowser.exe (PID: 1336)
      • AvastBrowser.exe (PID: 4228)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 7540)
      • rundll32.exe (PID: 1816)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7980)

    • Application launched itself

      • msedge.exe (PID: 5876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:03 14:45:36+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 704512
InitializedDataSize: 162304
UninitializedDataSize: -
EntryPoint: 0xacfe0
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.0.40.78
ProductVersionNumber: 2.0.40.78
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Kopetra Ltd.
FileVersion: 2.0.40.78
LegalCopyright: ©2023 Kopetra Ltd.
OriginalFileName: Kopetra Ltd..exe
ProductName: Kopetra Ltd.
ProductVersion: 2.0.40.78
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
307
Monitored processes
164
Malicious processes
114
Suspicious processes
6

Behavior graph

Click at the process to see the details
start pdfcreator-5.3.2-installer_9xx-4s1.exe pdfcreator-5.3.2-installer_9xx-4s1.tmp no specs pdfcreator-5.3.2-installer_9xx-4s1.exe pdfcreator-5.3.2-installer_9xx-4s1.tmp sabsi.exe avast_secure_browser_setup.exe sabsi.exe no specs sabsi.exe avastbrowserinstaller.exe sabsi.exe slui.exe pdfcreator-5.3.2-installer.exe avastbrowserupdatesetup.exe 7z.exe conhost.exe no specs avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe werfault.exe pdfcreatorsetup.exe werfault.exe avast_secure_browser_setup.exe avastbrowserinstaller.exe openwith.exe no specs installer.exe installer.exe servicehost.exe uihost.exe no specs updater.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs avastbrowserinstaller.exe setup.exe setup.exe no specs sabsi.exe avastbrowsercrashhandler.exe no specs avastbrowsercrashhandler64.exe no specs avastbrowser.exe avastbrowser.exe chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs tmpe5c2.tmp 7z.exe conhost.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs pdfcreatorsetup.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs msiexec.exe setup.exe no specs avastbrowser.exe no specs setup.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs openwith.exe no specs msedge.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe msedge.exe no specs rundll32.exe rundll32.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
72"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2116,i,8303319266061837310,1841820068017845737,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
137.0.31047.122
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\137.0.31047.122\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
72"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2116,i,8303319266061837310,1841820068017845737,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
137.0.31047.122
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\137.0.31047.122\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
236\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe7z.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
424"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-high-res-timeticks=disabled --field-trial-handle=2116,i,8303319266061837310,1841820068017845737,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
AvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Secure Browser
Exit code:
0
Version:
137.0.31047.122
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\137.0.31047.122\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
516"C:\Program Files\McAfee\Temp1436516201\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade C:\Program Files\McAfee\Temp1436516201\installer.exe
installer.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee WebAdvisor(installer)
Exit code:
0
Version:
4,1,1,1057
Modules
Images
c:\program files\mcafee\temp1436516201\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
1128"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2116,i,8303319266061837310,1841820068017845737,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
137.0.31047.122
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\137.0.31047.122\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1180"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91082 PaidDistribution=true InstallID=GnjW0t7MBW2fVvMqbPcTNfWQpSkwDO30cdJRah4G3UvTyLJFCYbcxftpPEP3s9aFfUzWXeyQneiwp6fKeoG saBsiVersion=4.1.1.865 CountryCode=CH /no_self_updateC:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
saBSI.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee WebAdvisor(bootstrap installer)
Exit code:
0
Version:
4,1,1,1006
Modules
Images
c:\programdata\mcafee\webadvisor\sabsi\sabsi.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
1336AvastBrowser.exe --silent-launchC:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowserInstaller.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Secure Browser
Exit code:
0
Version:
137.0.31047.122
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\137.0.31047.122\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x308,0x30c,0x310,0x300,0x318,0x7ffc349ef208,0x7ffc349ef214,0x7ffc349ef220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1524"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --field-trial-handle=2116,i,8303319266061837310,1841820068017845737,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
137.0.31047.122
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\137.0.31047.122\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
125 717
Read events
121 419
Write events
4 212
Delete events
86

Modification events

(PID) Process:(6408) pdfcreator-5.3.2-installer_9Xx-4S1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E907070001001500110017002D002502010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(6388) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:UUID
Value:
{6E06E296-EB1B-4CF9-BF9F-7F9FD1E2E216}
(PID) Process:(6388) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:InstallerFlags
Value:
1
(PID) Process:(2108) AvastBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_id
Value:
adbf80f0630240948e278e67801f96fe
(PID) Process:(2108) AvastBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2108) AvastBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2108) AvastBrowserInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6388) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(6388) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(6388) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
Executable files
520
Suspicious files
1 131
Text files
1 670
Unknown types
312

Dropped files

PID
Process
Filename
Type
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\is-PRE6E.tmp
MD5:
SHA256:
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\pdfcreator-5.3.2-installer.exe
MD5:
SHA256:
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\WebAdvisor.pngimage
MD5:5FD73821F3F097D177009D88DFD33605
SHA256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\Avast_BRW.pngimage
MD5:055D7E5D449CB01DBD95A965D4266153
SHA256:F29AB86815E8CD580DC0111196003D43396F75E1102AC40831D93282CEA08617
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\Downloads\pdfcreator-5.3.2-installer.exe
MD5:
SHA256:
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\is-VLH8S.tmpcompressed
MD5:F68008B70822BD28C82D13A289DEB418
SHA256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\mainlogoimage
MD5:5EB19EB12644924B3FDB526C71430DFF
SHA256:B29535A42D81AC0AE44C0F85B338F9BE9C52983BD89ECBB3F4F55B48506270F1
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\is-I2DLQ.tmpimage
MD5:5FD73821F3F097D177009D88DFD33605
SHA256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
2524pdfcreator-5.3.2-installer_9Xx-4S1.exeC:\Users\admin\AppData\Local\Temp\is-DIQO5.tmp\pdfcreator-5.3.2-installer_9Xx-4S1.tmpexecutable
MD5:0C60F097BD2E52EB6EAC7F6503A0E514
SHA256:3CDC4C27C131FEC93270BB1E9666121D3500E2E5883AB6C439099EA585383145
6408pdfcreator-5.3.2-installer_9Xx-4S1.tmpC:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\component1compressed
MD5:5576BA06B0D92AB106A45231AA1B35BC
SHA256:39EA5A042DE74AC417A87AA44C2F1F74EAECD425A7C6C4280E52A4194B7EB421
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
372
TCP/UDP connections
242
DNS requests
153
Threats
54

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4172
RUXIMICS.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4172
RUXIMICS.exe
GET
200
23.3.109.244:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.160.22:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
200
18.66.188.48:443
https://d3salkcn7s3fki.cloudfront.net/zbd
unknown
whitelisted
POST
200
18.66.188.48:443
https://d3salkcn7s3fki.cloudfront.net/o
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.3.109.244:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.3.109.244:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
151.101.65.91:443
https://sc.filehippo.net/images/t_app-icon-l/p/bff144a8-96bf-11e6-a0eb-00163ec9f5fa/2839159710/pdfcreator-logo
unknown
image
59.6 Kb
unknown
POST
200
20.190.160.22:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4172
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.55.110.211:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.55.110.211:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4172
RUXIMICS.exe
23.55.110.211:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.3.109.244:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
23.3.109.244:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.55.110.211
  • 23.55.110.193
  • 23.216.77.28
  • 23.216.77.16
  • 23.216.77.18
  • 23.216.77.20
  • 23.216.77.19
  • 23.216.77.29
  • 23.216.77.32
  • 23.216.77.25
  • 23.216.77.30
whitelisted
www.microsoft.com
  • 23.3.109.244
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.128
  • 20.190.159.75
  • 40.126.31.1
  • 40.126.31.128
  • 40.126.31.69
  • 40.126.31.131
  • 40.126.31.71
whitelisted
d3salkcn7s3fki.cloudfront.net
  • 18.172.111.148
  • 18.172.111.83
  • 18.172.111.222
  • 18.172.111.140
whitelisted
sc.filehippo.net
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
unknown
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.250
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET ADWARE_PUP Win32/OfferCore Checkin M1
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Process
Message
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:167) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:168) Jinx logging started
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:169) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:171) build date: May 12 2025 build number: 1738 build time: 11:01:36 build timestamp: May 12 2025 11:01:36 company: Gen Digital Inc. copyright: (C) 2017-2025 Gen Digital Inc. description: Secure Browser Installer file name: AvastBrowserInstaller.exe file version: 9.1.0.1738 git commit: 8544c67a02049729b6b1157ba0eacf01b83f2405 internal name: jinx-installer product name: Secure Browser Installer product version: 9.1.0.1738 target system: windows
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:181) Operating system: Windows Enterprise x64 10.0.19045.4046 SP0
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:184) Process is elevated.
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:190) Process owner: DESKTOP-JGLLJLD\admin (logon=true, admin=true)
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:106) Command line: "C:\Users\admin\AppData\Local\Temp\nsn9070.tmp\AvastBrowserInstaller.exe" "C:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\component1_extract\avast_secure_browser_setup.exe" /s /run_source=avast_ads_is /is_pixel_psh=agiSfC3kYwWFDBf7jkDs0lFf7h9yIoTMKwaHuNhw3TX4NwhohDW7Ckc2VjSXM3jAhQprM4eDr7o5VwhSIq /make-default User dotfile was used: false Global dotfile was used: false Execution arguments: is-pixel-psh : agiSfC3kYwWFDBf7jkDs0lFf7h9yIoTMKwaHuNhw3TX4NwhohDW7Ckc2VjSXM3jAhQprM4eDr7o5VwhSIq make-default : true run-source : avast_ads_is silent : true
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <1:Debug> (4bbd888238eee7c1\src\jinx\VmDetect.cpp:203) Starting VM Detection system
AvastBrowserInstaller.exe
2025-07-21T17:23:47 [installer] {0000083c:00001a0c} <1:Debug> (4bbd888238eee7c1\src\jinx\TagData.cpp:457) TagData: Extracting from "C:\Users\admin\AppData\Local\Temp\is-7N3V9.tmp\component1_extract\avast_secure_browser_setup.exe" using start marker '<##TAGDATA##>' and end marker '</##TAGDATA##>'
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
pdfcreator-5.3.2-installer_9Xx-4S1.exe