| URL: | filmyfly.com |
| Full analysis: | https://app.any.run/tasks/0d7df471-95ff-4187-8e19-a062424de46e |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | February 24, 2026, 06:01:24 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | C85C91C9BB75402092BA8D3B7FCC25FE |
| SHA1: | 4A1E7FDA94E0CA85748E37F0CEEF272B109759CB |
| SHA256: | 566939065212B8796BA1C721F2376A705B4F85D09DADA453374B1C1737079755 |
| SSDEEP: | 3:5pI:5pI |
MALICIOUS
Actions looks like stealing of personal data
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowser.exe (PID: 2712)
Changes the autorun value in the registry
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
SUSPICIOUS
The process verifies whether the antivirus software is installed
- AvastBrowserInstaller.exe (PID: 2684)
Starts itself from another location
- AvastBrowserUpdate.exe (PID: 1040)
Creates/Modifies COM task schedule object
- AvastBrowserUpdateComRegisterShell64.exe (PID: 2680)
- AvastBrowserUpdateComRegisterShell64.exe (PID: 6940)
- AvastBrowserUpdateComRegisterShell64.exe (PID: 6952)
- AvastBrowserUpdate.exe (PID: 8820)
- AvastBrowserUpdate.exe (PID: 1040)
There is functionality for VM detection VirtualBox (YARA)
- AvastBrowserInstaller.exe (PID: 2684)
There is functionality for VM detection VMWare (YARA)
- AvastBrowserInstaller.exe (PID: 2684)
Application launched itself
- setup.exe (PID: 2900)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9932)
- setup.exe (PID: 9252)
- AvastBrowser.exe (PID: 9444)
- AvastBrowser.exe (PID: 1692)
Searches for installed software
- setup.exe (PID: 2900)
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
There is functionality for VM detection antiVM strings (YARA)
- AvastBrowserInstaller.exe (PID: 2684)
Reads the BIOS version
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
Reads Mozilla Firefox installation path
- AvastBrowser.exe (PID: 2052)
Reads the date of Windows installation
- AvastBrowser.exe (PID: 9412)
- setup.exe (PID: 9252)
- SystemSettings.exe (PID: 1824)
INFO
Context menu (right-click) prevention is present
- msedge.exe (PID: 7452)
Drops script file
- msedge.exe (PID: 7452)
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 8340)
- AvastBrowser.exe (PID: 3092)
- AvastBrowser.exe (PID: 6900)
- AvastBrowser.exe (PID: 6880)
- AvastBrowser.exe (PID: 1984)
- AvastBrowser.exe (PID: 9340)
- AvastBrowser.exe (PID: 3004)
- AvastBrowser.exe (PID: 8340)
- AvastBrowser.exe (PID: 9764)
- AvastBrowser.exe (PID: 9688)
- AvastBrowser.exe (PID: 9444)
Application launched itself
- msedge.exe (PID: 7452)
Launching a file from the Downloads directory
- msedge.exe (PID: 7452)
Checks supported languages
- AvastBrowserInstaller.exe (PID: 2684)
- avast_secure_browser_setup.exe (PID: 5180)
- identity_helper.exe (PID: 3348)
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowserUpdate.exe (PID: 8820)
- AvastBrowserUpdateComRegisterShell64.exe (PID: 2680)
- AvastBrowserUpdateComRegisterShell64.exe (PID: 6940)
- AvastBrowserUpdateComRegisterShell64.exe (PID: 6952)
- AvastBrowserUpdateSetup.exe (PID: 7648)
- AvastBrowserUpdate.exe (PID: 1820)
- AvastBrowserUpdate.exe (PID: 6068)
- AvastBrowserUpdate.exe (PID: 2256)
- AvastBrowserInstaller.exe (PID: 6848)
- setup.exe (PID: 2900)
- setup.exe (PID: 8864)
- AvastBrowserCrashHandler.exe (PID: 4152)
- AvastBrowserCrashHandler64.exe (PID: 4116)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 7220)
- AvastBrowser.exe (PID: 8940)
- AvastBrowser.exe (PID: 7652)
- AvastBrowser.exe (PID: 1708)
- AvastBrowser.exe (PID: 7492)
- AvastBrowser.exe (PID: 1688)
- AvastBrowser.exe (PID: 2712)
- AvastBrowser.exe (PID: 2996)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 4152)
- AvastBrowser.exe (PID: 8844)
- AvastBrowser.exe (PID: 4700)
- AvastBrowser.exe (PID: 4220)
- AvastBrowser.exe (PID: 8692)
- AvastBrowser.exe (PID: 3980)
- AvastBrowser.exe (PID: 5708)
- AvastBrowser.exe (PID: 3004)
- AvastBrowser.exe (PID: 4688)
- AvastBrowser.exe (PID: 8340)
- AvastBrowser.exe (PID: 2944)
- AvastBrowser.exe (PID: 3092)
- AvastBrowser.exe (PID: 5920)
- AvastBrowser.exe (PID: 1984)
- AvastBrowser.exe (PID: 6068)
- AvastBrowser.exe (PID: 5708)
- AvastBrowser.exe (PID: 2680)
- AvastBrowser.exe (PID: 6880)
- AvastBrowser.exe (PID: 7768)
- AvastBrowser.exe (PID: 1752)
- AvastBrowser.exe (PID: 7220)
- AvastBrowser.exe (PID: 3004)
- AvastBrowser.exe (PID: 1688)
- AvastBrowser.exe (PID: 9108)
- AvastBrowser.exe (PID: 2996)
- AvastBrowser.exe (PID: 7220)
- AvastBrowser.exe (PID: 6900)
- AvastBrowser.exe (PID: 8340)
- AvastBrowser.exe (PID: 8328)
- AvastBrowser.exe (PID: 9136)
- AvastBrowser.exe (PID: 9340)
- AvastBrowser.exe (PID: 9288)
- AvastBrowser.exe (PID: 9436)
- AvastBrowser.exe (PID: 9248)
- AvastBrowser.exe (PID: 9296)
- AvastBrowser.exe (PID: 9480)
- AvastBrowser.exe (PID: 9528)
- AvastBrowser.exe (PID: 9520)
- AvastBrowser.exe (PID: 9540)
- AvastBrowser.exe (PID: 9688)
- AvastBrowser.exe (PID: 9680)
- AvastBrowser.exe (PID: 9764)
- AvastBrowser.exe (PID: 9780)
- AvastBrowser.exe (PID: 9852)
- AvastBrowser.exe (PID: 9924)
- AvastBrowser.exe (PID: 9932)
- AvastBrowser.exe (PID: 9964)
- AvastBrowserProtect.exe (PID: 10056)
- AvastBrowser.exe (PID: 10088)
- AvastBrowser.exe (PID: 10220)
- setup.exe (PID: 9252)
- setup.exe (PID: 9284)
- AvastBrowser.exe (PID: 9412)
- AvastBrowser.exe (PID: 10164)
- AvastBrowser.exe (PID: 9444)
- AvastBrowser.exe (PID: 9740)
- AvastBrowser.exe (PID: 9744)
- AvastBrowser.exe (PID: 9728)
- AvastBrowser.exe (PID: 10112)
- AvastBrowser.exe (PID: 7948)
- AvastBrowser.exe (PID: 9968)
- AvastBrowser.exe (PID: 10116)
- AvastBrowser.exe (PID: 9764)
- AvastBrowser.exe (PID: 10100)
- AvastBrowser.exe (PID: 9816)
- AvastBrowser.exe (PID: 9804)
- AvastBrowser.exe (PID: 9976)
- AvastBrowser.exe (PID: 10080)
- SystemSettings.exe (PID: 1824)
- AvastBrowser.exe (PID: 9220)
- AvastBrowser.exe (PID: 9884)
- AvastBrowser.exe (PID: 9864)
- AvastBrowser.exe (PID: 1692)
- AvastBrowser.exe (PID: 4256)
- AvastBrowser.exe (PID: 9432)
- AvastBrowser.exe (PID: 9348)
- AvastBrowser.exe (PID: 10176)
- AvastBrowser.exe (PID: 8972)
Reads the computer name
- AvastBrowserInstaller.exe (PID: 2684)
- identity_helper.exe (PID: 3348)
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowserUpdate.exe (PID: 8820)
- AvastBrowserUpdate.exe (PID: 6068)
- AvastBrowserUpdate.exe (PID: 1820)
- AvastBrowserUpdate.exe (PID: 2256)
- AvastBrowserInstaller.exe (PID: 6848)
- setup.exe (PID: 2900)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 7652)
- AvastBrowser.exe (PID: 2712)
- AvastBrowser.exe (PID: 8940)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 4220)
- AvastBrowser.exe (PID: 4700)
- AvastBrowser.exe (PID: 9932)
- AvastBrowser.exe (PID: 9924)
- AvastBrowserProtect.exe (PID: 10056)
- setup.exe (PID: 9252)
- AvastBrowser.exe (PID: 9412)
- AvastBrowser.exe (PID: 9444)
- AvastBrowser.exe (PID: 9740)
- AvastBrowser.exe (PID: 9744)
- AvastBrowser.exe (PID: 1692)
- AvastBrowser.exe (PID: 4256)
- SystemSettings.exe (PID: 1824)
Create files in a temporary directory
- avast_secure_browser_setup.exe (PID: 5180)
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowserUpdateSetup.exe (PID: 7648)
- AvastBrowserUpdate.exe (PID: 2256)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
Reads Environment values
- identity_helper.exe (PID: 3348)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
Process checks computer location settings
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 7492)
- AvastBrowser.exe (PID: 1688)
- AvastBrowser.exe (PID: 2996)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 8692)
- AvastBrowser.exe (PID: 7768)
- AvastBrowser.exe (PID: 9108)
- AvastBrowser.exe (PID: 8328)
- AvastBrowser.exe (PID: 9296)
- AvastBrowser.exe (PID: 9528)
- AvastBrowser.exe (PID: 9520)
- AvastBrowser.exe (PID: 9136)
- AvastBrowser.exe (PID: 9852)
- AvastBrowser.exe (PID: 9412)
- AvastBrowser.exe (PID: 9444)
- AvastBrowser.exe (PID: 10112)
- AvastBrowser.exe (PID: 9816)
- AvastBrowser.exe (PID: 9968)
- AvastBrowser.exe (PID: 9804)
- AvastBrowser.exe (PID: 10080)
- AvastBrowser.exe (PID: 9976)
- AvastBrowser.exe (PID: 9764)
- AvastBrowser.exe (PID: 10116)
- AvastBrowser.exe (PID: 10100)
- AvastBrowser.exe (PID: 9864)
- AvastBrowser.exe (PID: 9884)
Process checks whether UAC notifications are on
- AvastBrowserInstaller.exe (PID: 2684)
Checks proxy server information
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowserUpdate.exe (PID: 6068)
- AvastBrowserUpdate.exe (PID: 2256)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowserProtect.exe (PID: 10056)
- AvastBrowser.exe (PID: 9444)
- slui.exe (PID: 8252)
Reads security settings of Internet Explorer
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowser.exe (PID: 5204)
- setup.exe (PID: 9252)
- AvastBrowser.exe (PID: 9412)
- AvastBrowserProtect.exe (PID: 10056)
- AvastBrowser.exe (PID: 9444)
Reads the machine GUID from the registry
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowserUpdate.exe (PID: 2256)
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
- SystemSettings.exe (PID: 1824)
Launching a file from a Registry key
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
Creates files or folders in the user directory
- AvastBrowserUpdate.exe (PID: 1040)
- AvastBrowserInstaller.exe (PID: 6848)
- setup.exe (PID: 2900)
- setup.exe (PID: 8864)
- AvastBrowserUpdate.exe (PID: 2256)
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 7652)
- AvastBrowser.exe (PID: 8844)
- AvastBrowser.exe (PID: 4700)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9932)
- setup.exe (PID: 9252)
- AvastBrowser.exe (PID: 7948)
- AvastBrowser.exe (PID: 9444)
- AvastBrowser.exe (PID: 9744)
- SystemSettings.exe (PID: 1824)
- AvastBrowser.exe (PID: 1692)
There is functionality for taking screenshot (YARA)
- avast_secure_browser_setup.exe (PID: 5180)
- AvastBrowserInstaller.exe (PID: 2684)
Creates a software uninstall entry
- setup.exe (PID: 2900)
- AvastBrowserInstaller.exe (PID: 2684)
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
Reads CPU info
- AvastBrowser.exe (PID: 2052)
- AvastBrowser.exe (PID: 5204)
- AvastBrowser.exe (PID: 9444)
Reads Microsoft Office registry keys
- SystemSettings.exe (PID: 1824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
296
Monitored processes
144
Malicious processes
7
Suspicious processes
2
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 796 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=9056,i,7921200097493499556,15153050420917136989,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=9020 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 936 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=7692,i,7921200097493499556,15153050420917136989,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7084 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1000 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=9024,i,7921200097493499556,15153050420917136989,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\GUM5A2F.tmp\AvastBrowserUpdate.exe /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=false&lang=en&brand=6379&installargs= --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies" | C:\Users\admin\AppData\Local\Temp\GUM5A2F.tmp\AvastBrowserUpdate.exe | AvastBrowserUpdateSetup.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: MEDIUM Description: Avast Browser Exit code: 0 Version: 1.8.1995.6 Modules
| |||||||||||||||
| 1172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6128,i,7921200097493499556,15153050420917136989,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1388 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=1464,i,7921200097493499556,15153050420917136989,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=1520 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1488 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7940,i,7921200097493499556,15153050420917136989,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1688 | "C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --metrics-shmem-handle=3624,i,2279054880157967227,2267058326167913424,2097152 --field-trial-handle=2044,i,6371445194990669048,7018347095201839682,262144 --variations-seed-version --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3892 /prefetch:1 | C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe | — | AvastBrowser.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: LOW Description: Avast Secure Browser Exit code: 0 Version: 144.0.33853.133 Modules
| |||||||||||||||
| 1688 | "C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --force-high-res-timeticks=disabled --metrics-shmem-handle=4716,i,11638631542910824589,14796282832519452213,524288 --field-trial-handle=2104,i,5141511971342121282,10938416642014955729,262144 --variations-seed-version --trace-process-track-uuid=3190709008800875870 --mojo-platform-channel-handle=4256 /prefetch:8 | C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe | — | AvastBrowser.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: LOW Description: Avast Secure Browser Exit code: 0 Version: 144.0.33853.133 Modules
| |||||||||||||||
| 1692 | "C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe" --enable-protect | C:\Users\admin\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe | — | AvastBrowser.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: MEDIUM Description: Avast Secure Browser Exit code: 0 Version: 144.0.33853.133 Modules
| |||||||||||||||
Total events
31 653
Read events
30 416
Write events
1 162
Delete events
75
Modification events
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser |
| Operation: | write | Name: | user_id |
Value: 066f05fcdf82455eaf609062840b19ce | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser |
| Operation: | write | Name: | user_timestamp |
Value: 1771912952 | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser |
| Operation: | write | Name: | BankMode |
Value: 1 | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser\Update |
| Operation: | write | Name: | MachineId |
Value: 00000000000000000000000000000000E67CAB79AE400BF62D27B6F892308F1E | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser\Update |
| Operation: | write | Name: | uid |
Value: 066f05fcdf82455eaf609062840b19ce | |||
| (PID) Process: | (2684) AvastBrowserInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser\Update |
| Operation: | write | Name: | uid-create-time |
Value: 1771912952 | |||
| (PID) Process: | (1040) AvastBrowserUpdate.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser\Update |
| Operation: | write | Name: | devmode |
Value: 0 | |||
Executable files
0
Suspicious files
8
Text files
8
Unknown types
2 764
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e5571.TMP | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e5571.TMP | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1e5580.TMP | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e5580.TMP | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e5561.TMP | — | |
MD5:— | SHA256:— | |||
| 7452 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e5580.TMP | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
405
TCP/UDP connections
245
DNS requests
278
Threats
19
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6284 | msedge.exe | GET | 304 | 188.114.96.3:443 | https://image.linkmake.in/images/files/ff32.png | US | — | — | unknown |
6284 | msedge.exe | POST | 204 | 216.239.32.36:443 | https://region1.google-analytics.com/g/collect?v=2&tid=G-E811WPZXL6>m=45je62j0v9233069971za200zd9233069971&_p=1771912891995&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=771818993.1771912892&ul=en-us&sr=1360x768&uaa=x86&uab=64&uafvl=Not(A%253ABrand%3B99.0.0.0%7CMicrosoft%2520Edge%3B133.0.3065.92%7CChromium%3B133.0.6943.142&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~115616986~115938466~115938469~117455676~117455678&sid=1771912892&sct=1&seg=0&dl=https%3A%2F%2Ffilmyfly.cymru%2F&dt=filmyfly.cymru%202025%20South%20Bollywood%20%26%20Hollywood%20Hindi%20Animation%20Web%20Series%20at%20Filmy4wap%20-%20FilmyFly&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1416 | US | — | — | unknown |
6284 | msedge.exe | POST | 204 | 216.239.32.36:443 | https://region1.google-analytics.com/g/collect?v=2&tid=G-P0LJR3FHEL>m=45je62j0v867598820za200zb9233069971zd9233069971&_p=1771912891995&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=771818993.1771912892&ul=en-us&sr=1360x768&uaa=x86&uab=64&uafvl=Not(A%253ABrand%3B99.0.0.0%7CMicrosoft%2520Edge%3B133.0.3065.92%7CChromium%3B133.0.6943.142&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~115938466~115938469~117416194~117455676~117455678&sid=1771912892&sct=1&seg=0&dl=https%3A%2F%2Ffilmyfly.cymru%2F&dt=filmyfly.cymru%202025%20South%20Bollywood%20%26%20Hollywood%20Hindi%20Animation%20Web%20Series%20at%20Filmy4wap%20-%20FilmyFly&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1455 | US | — | — | unknown |
6284 | msedge.exe | GET | 304 | 188.114.96.3:443 | https://image.linkmake.in/images/files/ff32.png | US | — | — | unknown |
6284 | msedge.exe | GET | 304 | 188.114.96.3:443 | https://image.linkmake.in/images/files/ff32.png | US | — | — | unknown |
6284 | msedge.exe | GET | 304 | 188.114.96.3:443 | https://image.linkmake.in/images/files/ff32.png | US | — | — | unknown |
6284 | msedge.exe | GET | 200 | 150.171.27.11:80 | http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:zriKI70ZOjWSzZmRV_p2tnozRslnJHMkr0jpO2HceQc&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | US | binary | 102 b | whitelisted |
6284 | msedge.exe | GET | 301 | 172.67.136.136:443 | https://filmyfly.com/ | US | — | — | unknown |
6284 | msedge.exe | GET | 200 | 142.251.141.136:443 | https://www.googletagmanager.com/gtag/js?id=G-E811WPZXL6 | US | binary | 444 Kb | unknown |
6284 | msedge.exe | GET | 200 | 142.251.141.136:443 | https://www.googletagmanager.com/gtag/js?id=G-P0LJR3FHEL | US | binary | 447 Kb | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
8700 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4516 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6768 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
— | — | 172.211.123.248:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6284 | msedge.exe | 52.123.243.217:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6284 | msedge.exe | 150.171.27.11:80 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6284 | msedge.exe | 188.114.96.3:443 | image.linkmake.in | CLOUDFLARENET | US | whitelisted |
6284 | msedge.exe | 150.171.28.11:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
filmyfly.com |
| unknown |
api.edgeoffer.microsoft.com |
| whitelisted |
copilot.microsoft.com |
| whitelisted |
filmyfly.cymru |
| unknown |
www.bing.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6284 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
6284 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
6284 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
6284 | msedge.exe | Misc activity | ET WEB_CLIENT Observed Hunter Obfuscator Code M1 |
6284 | msedge.exe | Misc activity | ET WEB_CLIENT Observed Hunter Obfuscator Code M1 |
8700 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
6284 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
6284 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
6284 | msedge.exe | Potentially Bad Traffic | SUSPICIOUS [ANY.RUN] Possible Domain Associated with Malware Distribution (ghabovethec .info) |
6284 | msedge.exe | Potentially Bad Traffic | SUSPICIOUS [ANY.RUN] Possible Domain Associated with Malware Distribution (ukankingwithea .com) |
Process | Message |
|---|---|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:168) Jinx logging started
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:167) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:171)
build date: Nov 25 2025
build number: 1804
build time: 19:47:29
build timestamp: Nov 25 2025 19:47:29
company: Gen Digital Inc.
copyright: (C) 2017-2025 Gen Digital Inc.
description: Secure Browser Installer
file name: AvastBrowserInstaller.exe
file version: 9.3.2.1804
git commit: d88e2deed6ef3bceaa97f4975153f45fa68d8cd9
internal name: jinx-installer
product name: Secure Browser Installer
product version: 9.3.2.1804
target system: windows
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:184) Process is not elevated.
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:181) Operating system: Windows Enterprise x64 10.0.19045.4046 SP0
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:169) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <1:Debug> (4bbd888238eee7c1\src\jinx\TagData.cpp:91) TagData: Extracting tag data from executable certificate
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <1:Debug> (4bbd888238eee7c1\src\jinx\TagData.cpp:254) TagData: Extracting payload from raw data
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <1:Debug> (4bbd888238eee7c1\src\jinx\TagData.cpp:457) TagData: Extracting from "C:\Users\admin\Downloads\avast_secure_browser_setup.exe" using start marker '<##TAGDATA##>' and end marker '</##TAGDATA##>'
|
AvastBrowserInstaller.exe | 2026-02-24T01:02:30 [installer] {00000a7c:0000225c} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:190) Process owner: DESKTOP-JGLLJLD\admin (logon=true, admin=true)
|