File name:

avast_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/cd05d3a4-4776-4781-b51b-035baae95331
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 07:48:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

56C4F9942F885C46E560151D3E7257B0

SHA1:

AB2BE14BCBD438B2EC8B393499DEF0374F22CB6F

SHA256:

631AD28E71096BD77C71B96805B00D91704D0F9435A988EC878046CE7C2BD6E3

SSDEEP:

98304:wAW6q2f+FUbOSuVM9FGULMlV4oKvHc2xdqWpbREp03m2Xxvs46mrGOejKVUj8ypa:J1yKhrWc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • ajBC02.exe (PID: 7592)

    • Changes the autorun value in the registry

      • setup.exe (PID: 6988)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • avast_secure_browser_setup.exe (PID: 7452)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)

    • Executable content was dropped or overwritten

      • avast_secure_browser_setup.exe (PID: 7452)
      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserInstaller.exe (PID: 2516)
      • setup.exe (PID: 6988)

    • The process verifies whether the antivirus software is installed

      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserUpdate.exe (PID: 7984)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8036)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8012)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8060)
      • AvastBrowserUpdate.exe (PID: 7952)
      • AvastBrowserUpdate.exe (PID: 8108)
      • AvastBrowserUpdate.exe (PID: 8128)
      • AvastBrowserUpdate.exe (PID: 8184)
      • AvastBrowserInstaller.exe (PID: 2516)
      • setup.exe (PID: 900)
      • setup.exe (PID: 6988)

    • Reads the BIOS version

      • ajBC02.exe (PID: 7592)

    • Searches for installed software

      • ajBC02.exe (PID: 7592)
      • setup.exe (PID: 6988)

    • Disables SEHOP

      • AvastBrowserUpdate.exe (PID: 7912)

    • Starts itself from another location

      • AvastBrowserUpdate.exe (PID: 7912)

    • Creates/Modifies COM task schedule object

      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8036)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8012)
      • AvastBrowserUpdate.exe (PID: 7984)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8060)
      • AvastBrowserUpdate.exe (PID: 7912)

    • Executes as Windows Service

      • AvastBrowserUpdate.exe (PID: 8184)

    • Process requests binary or script from the Internet

      • AvastBrowserUpdate.exe (PID: 8184)

    • There is functionality for taking screenshot (YARA)

      • avast_secure_browser_setup.exe (PID: 7452)

    • Potential Corporate Privacy Violation

      • AvastBrowserUpdate.exe (PID: 8184)

    • Application launched itself

      • setup.exe (PID: 6988)

    • Creates a software uninstall entry

      • setup.exe (PID: 6988)

  • INFO

    • Checks supported languages

      • avast_secure_browser_setup.exe (PID: 7452)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserUpdate.exe (PID: 7952)
      • AvastBrowserUpdate.exe (PID: 7984)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8036)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8060)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 8012)
      • AvastBrowserUpdate.exe (PID: 8108)
      • AvastBrowserUpdate.exe (PID: 8128)
      • AvastBrowserUpdate.exe (PID: 8184)
      • setup.exe (PID: 6988)
      • AvastBrowserInstaller.exe (PID: 2516)
      • setup.exe (PID: 900)

    • Reads Environment values

      • avast_secure_browser_setup.exe (PID: 7452)
      • ajBC02.exe (PID: 7592)

    • The sample compiled with english language support

      • avast_secure_browser_setup.exe (PID: 7452)
      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserUpdate.exe (PID: 8184)
      • AvastBrowserInstaller.exe (PID: 2516)
      • setup.exe (PID: 6988)

    • Process checks computer location settings

      • avast_secure_browser_setup.exe (PID: 7452)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)

    • Create files in a temporary directory

      • avast_secure_browser_setup.exe (PID: 7452)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 8184)

    • Reads the computer name

      • avast_secure_browser_setup.exe (PID: 7452)
      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserUpdate.exe (PID: 7952)
      • AvastBrowserUpdate.exe (PID: 7984)
      • AvastBrowserUpdate.exe (PID: 8128)
      • AvastBrowserUpdate.exe (PID: 8108)
      • AvastBrowserUpdate.exe (PID: 8184)
      • setup.exe (PID: 6988)
      • AvastBrowserInstaller.exe (PID: 2516)

    • The sample compiled with arabic language support

      • avast_secure_browser_setup.exe (PID: 7452)

    • Reads the machine GUID from the registry

      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserUpdate.exe (PID: 8184)

    • Reads the software policy settings

      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 8108)
      • AvastBrowserUpdate.exe (PID: 8184)

    • Creates files or folders in the user directory

      • ajBC02.exe (PID: 7592)

    • Creates files in the program directory

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserInstaller.exe (PID: 2516)
      • AvastBrowserUpdate.exe (PID: 8184)
      • setup.exe (PID: 6988)

    • The sample compiled with czech language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • Checks proxy server information

      • ajBC02.exe (PID: 7592)
      • AvastBrowserUpdate.exe (PID: 8108)

    • The sample compiled with german language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with portuguese language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with french language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with Indonesian language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with Italian language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with korean language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with japanese language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with polish language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with russian language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with slovak language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with turkish language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with swedish language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • The sample compiled with chinese language support

      • AvastBrowserUpdateSetup.exe (PID: 7820)
      • AvastBrowserUpdate.exe (PID: 7912)

    • AVAST browser mutex has been found

      • AvastBrowserUpdate.exe (PID: 7912)
      • AvastBrowserUpdate.exe (PID: 7984)
      • AvastBrowserUpdate.exe (PID: 7952)
      • AvastBrowserUpdate.exe (PID: 8184)
      • AvastBrowserUpdate.exe (PID: 8108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 7.2.0.4030
ProductVersionNumber: 7.2.0.4030
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700119T211515
BuildTimestamp: 1631715925
BuildVersion: 7.2.0.4030
FileDescription: إعداد Avast Secure Browser
FileVersion: 7.2.0.4030
InstallerCommit: 8abd2d48266e18ea0e4378542d665091ad12fe6e
InstallerEdition: main
InstallerKeyword: avast-securebrowser
InternalName: Avast Secure Browser
JsisCommit: 10e2102a297a0d50d7bf5ce00e3246d3f307e263
LegalCopyright: حقوق الطبع والنشر لعام 2021 لـ AVAST Software
OmahaVersion: 1.8.1189.1
ProductName: إعداد Avast Secure Browser
ProductVersion: 7.2.0.4030
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
15
Malicious processes
15
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avast_secure_browser_setup.exe ajbc02.exe avastbrowserupdatesetup.exe avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe avastbrowserinstaller.exe setup.exe setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
900"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\CR_58412.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=134.0.29548.179 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7949fee90,0x7ff7949fee9c,0x7ff7949feea8C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\CR_58412.tmp\setup.exesetup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Secure Browser Installer
Version:
134.0.29548.179
Modules
Images
c:\program files (x86)\avast software\browser\update\install\{99bce22c-7a96-4a1f-94b5-110e56ad9c20}\cr_58412.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
2516"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\AvastBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=0 --default-search-id=3 --default-search=bing.com --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --system-levelC:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\AvastBrowserInstaller.exe
AvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Secure Browser Installer
Version:
134.0.29548.179
Modules
Images
c:\program files (x86)\avast software\browser\update\install\{99bce22c-7a96-4a1f-94b5-110e56ad9c20}\avastbrowserinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
6988"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\CR_58412.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\CR_58412.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=0 --default-search-id=3 --default-search=bing.com --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --system-levelC:\Program Files (x86)\AVAST Software\Browser\Update\Install\{99BCE22C-7A96-4A1F-94B5-110E56AD9C20}\CR_58412.tmp\setup.exe
AvastBrowserInstaller.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Secure Browser Installer
Version:
134.0.29548.179
Modules
Images
c:\program files (x86)\avast software\browser\update\install\{99bce22c-7a96-4a1f-94b5-110e56ad9c20}\cr_58412.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
7452"C:\Users\admin\AppData\Local\Temp\avast_secure_browser_setup.exe" C:\Users\admin\AppData\Local\Temp\avast_secure_browser_setup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Avast Secure Browser Setup
Version:
7.2.0.4030
Modules
Images
c:\users\admin\appdata\local\temp\avast_secure_browser_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7592"C:\Users\admin\AppData\Local\Temp\ajBC02.exe" /relaunch=9 /was_elevated=0 /tagdata C:\Users\admin\AppData\Local\Temp\ajBC02.exe
avast_secure_browser_setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Avast Secure Browser Setup
Version:
7.2.0.4030
Modules
Images
c:\users\admin\appdata\local\temp\ajbc02.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7820"C:\Users\admin\AppData\Local\Temp\nstC075.tmp\AvastBrowserUpdateSetup.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=6120&installargs=--make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies" C:\Users\admin\AppData\Local\Temp\nstC075.tmp\AvastBrowserUpdateSetup.exe
ajBC02.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Browser Setup
Version:
1.8.1189.1
Modules
Images
c:\users\admin\appdata\local\temp\nstc075.tmp\avastbrowserupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7912"C:\Program Files (x86)\GUMDE8A.tmp\AvastBrowserUpdate.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=6120&installargs=--make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies" C:\Program Files (x86)\GUMDE8A.tmp\AvastBrowserUpdate.exe
AvastBrowserUpdateSetup.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Browser
Version:
1.8.1189.1
Modules
Images
c:\program files (x86)\gumde8a.tmp\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7952"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regsvcC:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeAvastBrowserUpdate.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Browser
Exit code:
0
Version:
1.8.1189.1
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7984"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regserverC:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeAvastBrowserUpdate.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Browser
Exit code:
0
Version:
1.8.1189.1
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
8012"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserUpdateComRegisterShell64.exe" C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserUpdateComRegisterShell64.exeAvastBrowserUpdate.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1189.1
Modules
Images
c:\program files (x86)\avast software\browser\update\1.8.1189.1\avastbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
5 112
Read events
3 558
Write events
1 512
Delete events
42

Modification events

(PID) Process:(7592) ajBC02.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(7592) ajBC02.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser
Operation:writeName:machine_id
Value:
0000b0e1009aba5e95f7227e57434874
(PID) Process:(7592) ajBC02.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Browser
Operation:writeName:machine_id
Value:
0000b0e1009aba5e95f7227e57434874
(PID) Process:(7592) ajBC02.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7592) ajBC02.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7592) ajBC02.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7592) ajBC02.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_id
Value:
cea17ad77c0b4031a3237e3eb9d3dd16
(PID) Process:(7592) ajBC02.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_date
Value:
20250429
(PID) Process:(7592) ajBC02.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Browser
Operation:writeName:machine_date
Value:
20250429
(PID) Process:(7592) ajBC02.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_timestamp
Value:
1745912949
Executable files
180
Suspicious files
10
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
7452avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nslB951.tmp\Midex.dllexecutable
MD5:A35AB415723CB3E67FB294A61E9F5590
SHA256:38E3DF1118EAEFBBC17E1124967A16DC25754DA3FD17DE045C0AAB99A02F72B9
7452avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nslB951.tmp\AccessControl.dllexecutable
MD5:0845433E8E8925133FA5C01CA498B815
SHA256:B178244BCFEF5CCB413B3F04F40F5453359CB52477A525111300D36AE6B7B7C8
7452avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nslB951.tmp\reboot.dllexecutable
MD5:549DDC2454F014A3FCA80A4C3C6F0D3C
SHA256:CB5CBAC539E8DBF9F80827B8082A76E694687D8DE836AAF1980CEA130EBDB3AF
7452avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nslB951.tmp\nsResize.dllexecutable
MD5:7E8BE15CD60CC752D56815CC7087E426
SHA256:666192D8FB1BA4D9F00A3D04BA0E83AD308C6B9013A63958D555214BC628178E
7452avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nslB951.tmp\ultimateSplash.dllexecutable
MD5:D58ECD861CAC36215146ACD6929F219B
SHA256:283B33802956486D753E201B3E50119254CE0478E767A2C59E89592EE88C8689
7592ajBC02.exeC:\Users\admin\AppData\Local\Temp\nstC075.tmp\JsisPlugins.dllexecutable
MD5:67E7F9190D5C50585A260435D59FA7A5
SHA256:318EE717460B11C64A95424F562255CA8EBC2FDE61101119CABFA9AD4F7B1963
7452avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nslB951.tmp\splash.gifimage
MD5:419E789D771D30071D42669D8F4AC23A
SHA256:03D2F58AF18AD3BDC81AA68A9C539D9266FCF33DE2634FE5460A16F15B7EC55B
7592ajBC02.exeC:\Users\admin\AppData\Local\Temp\nstC075.tmp\Midex.dllexecutable
MD5:A35AB415723CB3E67FB294A61E9F5590
SHA256:38E3DF1118EAEFBBC17E1124967A16DC25754DA3FD17DE045C0AAB99A02F72B9
7592ajBC02.exeC:\Users\admin\AppData\Local\Temp\nstC075.tmp\nsJSON.dllexecutable
MD5:37CB5127CA2606F62F91D959A9459A56
SHA256:C637CD9C952869C439FEB946FAA05B41DFE247CB86AFEABCBB8088C741B9A655
7592ajBC02.exeC:\Users\admin\AppData\Local\Temp\nstC075.tmp\jsis.dllexecutable
MD5:4CEE726485049F176A803A3241ACB538
SHA256:9C06A51437948A101757E8C8D6A5B7B9BC50AED48782251E9309872247EB11FD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
24
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7592
ajBC02.exe
GET
200
142.250.185.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
7592
ajBC02.exe
GET
200
142.250.185.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
8184
AvastBrowserUpdate.exe
GET
200
23.50.131.94:80
http://browser-update.avast.com/browser/win/x64/134.0.29548.179/AvastBrowserInstaller.exe
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7264
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7264
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6708
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7592
ajBC02.exe
104.22.79.87:443
stats.avastbrowser.com
CLOUDFLARENET
suspicious

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
stats.avastbrowser.com
  • 104.22.79.87
  • 172.67.15.96
  • 104.22.78.87
unknown
c.pki.goog
  • 142.250.185.163
whitelisted
login.live.com
  • 40.126.31.129
  • 20.190.159.73
  • 40.126.31.131
  • 40.126.31.3
  • 40.126.31.1
  • 40.126.31.67
  • 40.126.31.0
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
update.avastbrowser.com
  • 172.67.15.96
  • 104.22.79.87
  • 104.22.78.87
unknown

Threats

PID
Process
Class
Message
8184
AvastBrowserUpdate.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avast_secure_browser_setup.exe