Malware analysis cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9407 Malicious activity

Add for printing

URL:	cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9407
Full analysis:	https://app.any.run/tasks/9ff656a3-7df0-441c-8d3c-b9734fec0594
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	April 10, 2024, 00:44:21
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	loader
Indicators:
MD5:	A77626FF077B7A00FA454361D02D08E7
SHA1:	9C2826666020078D6C1B72EDB68F99D9C7F1277F
SHA256:	67698FCF9E6CB53E42AD8397D47055A4DAF1EAA171DA3C3426C8755078ED2247
SSDEEP:	3:PK4np6SHXyK5tCS3iY4/+RPafRVS:PFnUaiK5jSY4/+RPaf+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdateSetup.exe (PID: 2388)
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowserInstaller.exe (PID: 2584)
  - AVGBrowserUpdate.exe (PID: 3976)
  - setup.exe (PID: 1216)
- Steals credentials from Web Browsers
  - aj53CB.exe (PID: 2832)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3820)
- Changes the autorun value in the registry
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3720)
- Actions looks like stealing of personal data
  - aj53CB.exe (PID: 2832)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3820)
SUSPICIOUS
- Executable content was dropped or overwritten
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdateSetup.exe (PID: 2388)
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowserInstaller.exe (PID: 2584)
  - setup.exe (PID: 1216)
- The process verifies whether the antivirus software is installed
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
- Searches for installed software
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowser.exe (PID: 1504)
  - setup.exe (PID: 1216)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3820)
- Reads settings of System Certificates
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdate.exe (PID: 1848)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3264)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 2792)
  - AVGBrowser.exe (PID: 2176)
  - AVGBrowser.exe (PID: 3820)
- Reads security settings of Internet Explorer
  - aj53CB.exe (PID: 2832)
- Reads the Internet Settings
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowserUpdate.exe (PID: 1848)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3820)
- Checks Windows Trust Settings
  - aj53CB.exe (PID: 2832)
- Starts itself from another location
  - AVGBrowserUpdate.exe (PID: 2484)
- Creates/Modifies COM task schedule object
  - AVGBrowserUpdate.exe (PID: 2780)
  - AVGBrowserUpdate.exe (PID: 2484)
- Process requests binary or script from the Internet
  - AVGBrowserUpdate.exe (PID: 3976)
- Application launched itself
  - setup.exe (PID: 1216)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3008)
  - setup.exe (PID: 1388)
  - AVGBrowser.exe (PID: 3820)
  - AVGBrowser.exe (PID: 3768)
- Creates a software uninstall entry
  - aj53CB.exe (PID: 2832)
  - AVGBrowser.exe (PID: 1504)
  - setup.exe (PID: 1216)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3820)
- Reads Mozilla Firefox installation path
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3820)
- Reads the date of Windows installation
  - setup.exe (PID: 1388)
INFO
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 3092)
  - iexplore.exe (PID: 3936)
- Application launched itself
  - iexplore.exe (PID: 3936)
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 3092)
  - iexplore.exe (PID: 3936)
- The process uses the downloaded file
  - iexplore.exe (PID: 3936)
- Modifies the phishing filter of IE
  - iexplore.exe (PID: 3936)
- Checks supported languages
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdateSetup.exe (PID: 2388)
  - AVGBrowserUpdate.exe (PID: 2780)
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowserUpdate.exe (PID: 1848)
  - AVGBrowserUpdate.exe (PID: 1816)
  - AVGBrowserInstaller.exe (PID: 2584)
  - setup.exe (PID: 1216)
  - setup.exe (PID: 920)
  - AVGBrowserCrashHandler.exe (PID: 2984)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 1380)
  - AVGBrowser.exe (PID: 3264)
  - AVGBrowser.exe (PID: 3248)
  - AVGBrowser.exe (PID: 3472)
  - AVGBrowser.exe (PID: 2032)
  - AVGBrowser.exe (PID: 3416)
  - AVGBrowser.exe (PID: 324)
  - AVGBrowser.exe (PID: 3600)
  - AVGBrowser.exe (PID: 3860)
  - AVGBrowser.exe (PID: 2792)
  - AVGBrowser.exe (PID: 3584)
  - AVGBrowser.exe (PID: 1900)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3536)
  - AVGBrowser.exe (PID: 3180)
  - AVGBrowser.exe (PID: 4044)
  - AVGBrowser.exe (PID: 4024)
  - AVGBrowser.exe (PID: 3008)
  - AVGBrowser.exe (PID: 2948)
  - AVGBrowser.exe (PID: 3148)
  - AVGBrowser.exe (PID: 3828)
  - AVGBrowser.exe (PID: 492)
  - AVGBrowser.exe (PID: 2800)
  - AVGBrowser.exe (PID: 3116)
  - AVGBrowser.exe (PID: 996)
  - AVGBrowser.exe (PID: 2760)
  - AVGBrowser.exe (PID: 2020)
  - AVGBrowser.exe (PID: 3696)
  - AVGBrowser.exe (PID: 2936)
  - AVGBrowser.exe (PID: 4040)
  - AVGBrowser.exe (PID: 2204)
  - AVGBrowser.exe (PID: 1600)
  - AVGBrowser.exe (PID: 1020)
  - AVGBrowser.exe (PID: 2984)
  - AVGBrowser.exe (PID: 4064)
  - AVGBrowser.exe (PID: 2632)
  - AVGBrowser.exe (PID: 2656)
  - AVGBrowser.exe (PID: 2512)
  - AVGBrowser.exe (PID: 392)
  - AVGBrowser.exe (PID: 3920)
  - AVGBrowser.exe (PID: 3480)
  - AVGBrowser.exe (PID: 3892)
  - AVGBrowser.exe (PID: 2524)
  - AVGBrowser.exe (PID: 2752)
  - AVGBrowser.exe (PID: 3012)
  - AVGBrowser.exe (PID: 3564)
  - AVGBrowser.exe (PID: 2824)
  - AVGBrowser.exe (PID: 1172)
  - AVGBrowser.exe (PID: 452)
  - AVGBrowser.exe (PID: 3468)
  - AVGBrowser.exe (PID: 324)
  - AVGBrowser.exe (PID: 1652)
  - AVGBrowser.exe (PID: 1876)
  - setup.exe (PID: 1388)
  - setup.exe (PID: 2592)
  - AVGBrowser.exe (PID: 1000)
  - AVGBrowser.exe (PID: 3820)
  - AVGBrowser.exe (PID: 3656)
  - AVGBrowser.exe (PID: 3692)
  - AVGBrowser.exe (PID: 2176)
  - AVGBrowser.exe (PID: 2772)
  - AVGBrowser.exe (PID: 3292)
  - AVGBrowser.exe (PID: 2660)
  - AVGBrowser.exe (PID: 1544)
  - AVGBrowser.exe (PID: 3568)
  - AVGBrowser.exe (PID: 2656)
  - AVGBrowser.exe (PID: 3876)
  - AVGBrowser.exe (PID: 3660)
  - AVGBrowser.exe (PID: 2416)
  - AVGBrowser.exe (PID: 1380)
  - AVGBrowser.exe (PID: 1652)
  - AVGBrowser.exe (PID: 2296)
  - AVGBrowser.exe (PID: 3768)
  - AVGBrowser.exe (PID: 2256)
  - AVGBrowser.exe (PID: 3476)
  - AVGBrowser.exe (PID: 2888)
  - AVGBrowser.exe (PID: 3560)
- Reads the computer name
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowserUpdate.exe (PID: 2780)
  - AVGBrowserUpdate.exe (PID: 1848)
  - AVGBrowserUpdate.exe (PID: 1816)
  - AVGBrowserInstaller.exe (PID: 2584)
  - setup.exe (PID: 1216)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3472)
  - AVGBrowser.exe (PID: 3264)
  - AVGBrowser.exe (PID: 2792)
  - AVGBrowser.exe (PID: 3180)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 4024)
  - AVGBrowser.exe (PID: 3008)
  - AVGBrowser.exe (PID: 3828)
  - setup.exe (PID: 1388)
  - AVGBrowser.exe (PID: 3820)
  - AVGBrowser.exe (PID: 2176)
  - AVGBrowser.exe (PID: 3292)
  - AVGBrowser.exe (PID: 3768)
  - AVGBrowser.exe (PID: 2416)
  - AVGBrowser.exe (PID: 3476)
- Create files in a temporary directory
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdateSetup.exe (PID: 2388)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3820)
- Process checks computer location settings
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3416)
  - AVGBrowser.exe (PID: 324)
  - AVGBrowser.exe (PID: 3600)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 1900)
  - AVGBrowser.exe (PID: 3584)
  - AVGBrowser.exe (PID: 324)
  - AVGBrowser.exe (PID: 2512)
  - AVGBrowser.exe (PID: 2824)
  - AVGBrowser.exe (PID: 1876)
  - AVGBrowser.exe (PID: 3820)
  - AVGBrowser.exe (PID: 3568)
  - AVGBrowser.exe (PID: 2660)
  - AVGBrowser.exe (PID: 3876)
  - AVGBrowser.exe (PID: 1544)
  - AVGBrowser.exe (PID: 3660)
  - AVGBrowser.exe (PID: 2656)
  - AVGBrowser.exe (PID: 1652)
  - AVGBrowser.exe (PID: 1380)
- Reads Environment values
  - avg_secure_browser_setup.exe (PID: 2148)
  - aj53CB.exe (PID: 2832)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 3820)
- Reads the machine GUID from the registry
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowserUpdate.exe (PID: 1848)
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowserUpdate.exe (PID: 1816)
  - setup.exe (PID: 1216)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3828)
  - setup.exe (PID: 1388)
  - AVGBrowser.exe (PID: 3820)
  - AVGBrowser.exe (PID: 3476)
- Checks proxy server information
  - aj53CB.exe (PID: 2832)
- Reads the software policy settings
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdate.exe (PID: 1848)
  - AVGBrowserUpdate.exe (PID: 3976)
- Creates files or folders in the user directory
  - aj53CB.exe (PID: 2832)
  - AVGBrowserUpdate.exe (PID: 2484)
  - AVGBrowserInstaller.exe (PID: 2584)
  - setup.exe (PID: 1216)
  - setup.exe (PID: 920)
  - AVGBrowserUpdate.exe (PID: 3976)
  - AVGBrowser.exe (PID: 1504)
  - AVGBrowser.exe (PID: 3264)
  - AVGBrowser.exe (PID: 3536)
  - AVGBrowser.exe (PID: 3720)
  - AVGBrowser.exe (PID: 2948)
  - AVGBrowser.exe (PID: 2792)
  - setup.exe (PID: 1388)
  - AVGBrowser.exe (PID: 1000)
  - AVGBrowser.exe (PID: 3820)
  - AVGBrowser.exe (PID: 2176)
  - AVGBrowser.exe (PID: 2256)
- Process checks whether UAC notifications are on
  - AVGBrowser.exe (PID: 3820)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

132

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

324

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1168,i,3511208782942840388,12043114106366659499,131072 /prefetch:1

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

324

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4252 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:1

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

392

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:8

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

452

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4268 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:8

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

492

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1204 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:8

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

920

C:\Users\admin\AppData\Local\AVG\Browser\Update\Install\{BB9BED16-491F-4F26-80EE-93DCE9BE5B26}\CR_B02CF.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win32 --annotation=prod=AVG --annotation=ver=109.0.24110.121 --initial-client-data=0x19c,0x1a0,0x1a4,0x170,0x1a8,0xd778e0,0xd778f0,0xd778fc

C:\Users\admin\AppData\Local\AVG\Browser\Update\Install\{BB9BED16-491F-4F26-80EE-93DCE9BE5B26}\CR_B02CF.tmp\setup.exe

—

setup.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

MEDIUM

Description:

AVG Secure Browser Installer

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\update\install\{bb9bed16-491f-4f26-80ee-93dce9be5b26}\cr_b02cf.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll

996

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:8

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1000

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win32 --annotation=prod=AVG --annotation=ver=109.0.24110.121 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x69158b48,0x69158b58,0x69158b64

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

MEDIUM

Description:

AVG Secure Browser

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1020

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:8

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1172

"C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1048,i,16532347211767358084,7707595139082869014,131072 /prefetch:8

C:\Users\admin\AppData\Local\AVG\Browser\Application\AVGBrowser.exe

—

AVGBrowser.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

LOW

Description:

AVG Secure Browser

Exit code:

Version:

109.0.24110.121

Modules

Images
c:\users\admin\appdata\local\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\avg\browser\application\109.0.24110.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

Add for printing

Total events

61 505

Read events

56 035

Write events

5 357

Delete events

113

Modification events


(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 1
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchLowDateTime
Value:
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 31099616
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateLowDateTime
Value:
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 31099616
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(3936) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1

Add for printing

Executable files

187

Suspicious files

537

Text files

503

Unknown types

385

Dropped files

PID	Process	Filename		Type
3092	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\avg_secure_browser_setup[1].htm		html
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506		compressed
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506		binary
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\Cab310D.tmp		compressed
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\Tar310E.tmp		cat
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\Cab311F.tmp		compressed
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\Tar3120.tmp		cat
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751		der
		MD5:—	SHA256:—
3092	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3092	iexplore.exe	GET	304	199.232.210.172:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3ebf5ce555ba18b	unknown	—	—	—
3092	iexplore.exe	GET	301	104.124.11.43:80	http://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9407	unknown	—	—	—
3092	iexplore.exe	GET	304	199.232.210.172:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?22f3adc483c3ba5b	unknown	—	—	—
3092	iexplore.exe	GET	200	199.232.210.172:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b2852a8256b664f1	unknown	—	—	—
3092	iexplore.exe	GET	200	2.19.245.44:80	http://x1.c.lencr.org/	unknown	—	—	—
3092	iexplore.exe	GET	200	2.19.245.44:80	http://x2.c.lencr.org/	unknown	—	—	—
3092	iexplore.exe	GET	200	199.232.210.172:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?84af4359b23290b9	unknown	—	—	—
3936	iexplore.exe	GET	304	199.232.210.172:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8a21c6ad756e8dd9	unknown	—	—	—
3936	iexplore.exe	GET	304	199.232.210.172:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?14c8dd88ad9169bd	unknown	—	—	—
2832	aj53CB.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	unknown	—	—	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	unknown
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3092	iexplore.exe	104.124.11.43:80	cdn-download.avgbrowser.com	Akamai International B.V.	DE	unknown
3092	iexplore.exe	172.67.41.145:443	download.avgbrowser.com	CLOUDFLARENET	US	unknown
3092	iexplore.exe	199.232.210.172:80	ctldl.windowsupdate.com	FASTLY	US	unknown
3092	iexplore.exe	2.19.245.44:80	x1.c.lencr.org	AKAMAI-AS	DE	unknown
3936	iexplore.exe	92.123.104.34:443	www.bing.com	Akamai International B.V.	DE	unknown
3936	iexplore.exe	199.232.210.172:80	ctldl.windowsupdate.com	FASTLY	US	unknown
3936	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	unknown

DNS requests

Domain	IP	Reputation
cdn-download.avgbrowser.com	104.124.11.43 104.124.11.56	unknown
download.avgbrowser.com	172.67.41.145 104.22.62.125 104.22.63.125	unknown
ctldl.windowsupdate.com	199.232.210.172 199.232.214.172	unknown
api.bing.com	13.107.5.80	unknown
www.bing.com	92.123.104.34 92.123.104.31 92.123.104.32	unknown
x1.c.lencr.org	2.19.245.44	unknown
x2.c.lencr.org	2.19.245.44	unknown
ocsp.digicert.com	192.229.221.95	unknown
stats.securebrowser.com	104.20.86.8 104.20.87.8	unknown
iecvlist.microsoft.com	152.199.19.161	unknown

Threats

PID	Process	Class	Message
—	—	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
—	—	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
—	—	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
—	—	Misc activity	ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
—	—	Misc activity	ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
—	—	Misc activity	ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
—	—	Misc activity	ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
—	—	Misc activity	ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
—	—	Misc activity	ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI

Add for printing

Process	Message
avg_secure_browser_setup.exe	2024-04-10T01:44:41 [libnsis] {00000864:00000db4} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe	2024-04-10T01:44:41 [libnsis] {00000864:00000db4} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe	2024-04-10T01:44:41 [libnsis] {00000864:00000db4} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
aj53CB.exe	2024-04-10T01:44:42 [libnsis] {00000b10:00000624} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
aj53CB.exe	2024-04-10T01:44:43 [libnsis] {00000b10:00000624} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsn5531.tmp\CR.History.tmp
aj53CB.exe	2024-04-10T01:44:43 [libnsis] {00000b10:00000624} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19793 AND vtime <= 19824 GROUP BY vtime
aj53CB.exe	2024-04-10T01:44:43 [libnsis] {00000b10:00000624} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsn5531.tmp\CR.History.tmp
aj53CB.exe	2024-04-10T01:44:43 [libnsis] {00000b10:00000624} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19793 AND vtime <= 19824 GROUP BY vtime
aj53CB.exe	2024-04-10T01:44:43 [libnsis] {00000b10:00000624} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 19793 AND vtime <= 19824 GROUP BY vtime
aj53CB.exe	2024-04-10T01:44:43 [libnsis] {00000b10:00000624} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsn5531.tmp\FF.places.tmp

General Info

cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9407

A77626FF077B7A00FA454361D02D08E7

9C2826666020078D6C1B72EDB68F99D9C7F1277F

67698FCF9E6CB53E42AD8397D47055A4DAF1EAA171DA3C3426C8755078ED2247

3:PK4np6SHXyK5tCS3iY4/+RPafRVS:PFnUaiK5jSY4/+RPaf+

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Steals credentials from Web Browsers

Changes the autorun value in the registry

Actions looks like stealing of personal data

SUSPICIOUS

Executable content was dropped or overwritten

The process verifies whether the antivirus software is installed

Searches for installed software

Reads settings of System Certificates

Reads security settings of Internet Explorer

Reads the Internet Settings

Checks Windows Trust Settings

Starts itself from another location

Creates/Modifies COM task schedule object

Process requests binary or script from the Internet

Application launched itself

Creates a software uninstall entry

Reads Mozilla Firefox installation path

Reads the date of Windows installation

INFO

Drops the executable file immediately after the start

Application launched itself

Executable content was dropped or overwritten

The process uses the downloaded file

Modifies the phishing filter of IE

Checks supported languages

Reads the computer name

Create files in a temporary directory

Process checks computer location settings

Reads Environment values

Reads the machine GUID from the registry

Checks proxy server information

Reads the software policy settings

Creates files or folders in the user directory

Process checks whether UAC notifications are on

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections