File name:

avg_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/9d60f041-83cd-4c2c-8124-c96f79a0ab9b
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 17, 2024, 18:18:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F1DEA1C6D714B450247B07A53288A68B

SHA1:

EBCA0136916A90FF0CDEDD25E42CB719CA818A86

SHA256:

6C351DAD98ADCF5702CBF22EA9B5F9268FB12D1804787296974F9A2C54259B6C

SSDEEP:

98304:dpeNmkANTySWS61t/ALLdWLqjbUrpe/A70ltz/ViyUShigPZ6ya4gNb9PiCmmKav:xLONit7Q3hfQw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 1368)

    • Steals credentials from Web Browsers

      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 668)

    • Changes the autorun value in the registry

      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)

    • Actions looks like stealing of personal data

      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

  • SUSPICIOUS

    • Searches for installed software

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • The process verifies whether the antivirus software is installed

      • avg_secure_browser_setup.exe (PID: 4052)
      • AVGBrowserUpdate.exe (PID: 2672)
      • AVGBrowserUpdate.exe (PID: 2292)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 2688)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3684)
      • setup.exe (PID: 2728)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserInstaller.exe (PID: 2724)
      • AVGBrowserCrashHandler.exe (PID: 2336)
      • AVGBrowser.exe (PID: 2040)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 1796)
      • elevation_service.exe (PID: 2052)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 4080)
      • AVGBrowser.exe (PID: 3100)
      • AVGBrowser.exe (PID: 3152)
      • AVGBrowser.exe (PID: 4084)
      • AVGBrowser.exe (PID: 1264)
      • AVGBrowser.exe (PID: 3644)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 3640)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 2948)
      • AVGBrowser.exe (PID: 1880)
      • elevation_service.exe (PID: 2940)
      • AVGBrowser.exe (PID: 3772)
      • AVGBrowser.exe (PID: 3660)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 3084)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 3968)
      • AVGBrowser.exe (PID: 996)
      • AVGBrowser.exe (PID: 2512)
      • AVGBrowser.exe (PID: 3604)
      • AVGBrowser.exe (PID: 2388)
      • AVGBrowser.exe (PID: 3544)
      • AVGBrowser.exe (PID: 680)
      • AVGBrowser.exe (PID: 2556)
      • AVGBrowser.exe (PID: 796)
      • AVGBrowser.exe (PID: 3508)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 3684)
      • AVGBrowser.exe (PID: 2176)
      • AVGBrowser.exe (PID: 2936)
      • AVGBrowser.exe (PID: 3380)
      • AVGBrowser.exe (PID: 1392)
      • AVGBrowser.exe (PID: 664)
      • AVGBrowser.exe (PID: 1380)
      • AVGBrowser.exe (PID: 2764)
      • AVGBrowser.exe (PID: 4092)
      • AVGBrowser.exe (PID: 584)
      • AVGBrowser.exe (PID: 3236)
      • AVGBrowser.exe (PID: 2380)
      • AVGBrowser.exe (PID: 3620)
      • AVGBrowser.exe (PID: 3608)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 924)
      • AVGBrowser.exe (PID: 3692)
      • AVGBrowser.exe (PID: 2468)
      • AVGBrowser.exe (PID: 2856)
      • AVGBrowser.exe (PID: 3068)
      • AVGBrowser.exe (PID: 2900)
      • AVGBrowser.exe (PID: 3824)
      • AVGBrowser.exe (PID: 2136)
      • AVGBrowser.exe (PID: 2244)
      • AVGBrowser.exe (PID: 3012)
      • AVGBrowser.exe (PID: 2592)
      • AVGBrowser.exe (PID: 1900)
      • AVGBrowser.exe (PID: 2112)
      • setup.exe (PID: 984)
      • AVGBrowser.exe (PID: 668)
      • AVGBrowser.exe (PID: 4028)
      • AVGBrowser.exe (PID: 3128)
      • AVGBrowser.exe (PID: 2988)
      • elevation_service.exe (PID: 2492)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 1608)
      • AVGBrowser.exe (PID: 3784)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 1776)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 2232)
      • AVGBrowser.exe (PID: 2124)
      • AVGBrowser.exe (PID: 2976)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 2104)
      • AVGBrowser.exe (PID: 3180)
      • AVGBrowser.exe (PID: 864)
      • AVGBrowser.exe (PID: 1352)
      • AVGBrowser.exe (PID: 3804)
      • AVGBrowser.exe (PID: 4044)
      • AVGBrowser.exe (PID: 3656)
      • AVGBrowser.exe (PID: 3080)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 3448)
      • AVGBrowser.exe (PID: 2620)
      • AVGBrowser.exe (PID: 2332)
      • AVGBrowser.exe (PID: 2380)

    • Executable content was dropped or overwritten

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 1368)

    • Reads security settings of Internet Explorer

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)

    • Reads the Internet Settings

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Reads settings of System Certificates

      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 668)

    • Checks Windows Trust Settings

      • ajFE58.exe (PID: 3932)

    • Starts itself from another location

      • AVGBrowserUpdate.exe (PID: 3940)

    • Disables SEHOP

      • AVGBrowserUpdate.exe (PID: 3940)

    • Creates/Modifies COM task schedule object

      • AVGBrowserUpdate.exe (PID: 2672)
      • AVGBrowserUpdate.exe (PID: 3940)

    • Executes as Windows Service

      • AVGBrowserUpdate.exe (PID: 3684)
      • elevation_service.exe (PID: 2052)
      • elevation_service.exe (PID: 2764)
      • elevation_service.exe (PID: 2940)
      • elevation_service.exe (PID: 2652)
      • elevation_service.exe (PID: 2492)
      • elevation_service.exe (PID: 4080)

    • Adds/modifies Windows certificates

      • AVGBrowserUpdate.exe (PID: 2256)

    • Application launched itself

      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 3268)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 668)
      • AVGBrowser.exe (PID: 1352)

    • Process requests binary or script from the Internet

      • AVGBrowserUpdate.exe (PID: 3684)

    • Creates a software uninstall entry

      • setup.exe (PID: 1368)
      • ajFE58.exe (PID: 3932)
      • elevation_service.exe (PID: 2052)
      • elevation_service.exe (PID: 2940)
      • elevation_service.exe (PID: 2492)

    • Reads Mozilla Firefox installation path

      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 668)

    • Reads the date of Windows installation

      • setup.exe (PID: 1728)

  • INFO

    • Create files in a temporary directory

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Checks supported languages

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2292)
      • AVGBrowserUpdate.exe (PID: 2672)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 2728)
      • setup.exe (PID: 1368)
      • AVGBrowserCrashHandler.exe (PID: 2336)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 1796)
      • elevation_service.exe (PID: 2052)
      • AVGBrowser.exe (PID: 4080)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 3100)
      • AVGBrowser.exe (PID: 3152)
      • AVGBrowser.exe (PID: 4084)
      • AVGBrowser.exe (PID: 1264)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 2948)
      • AVGBrowser.exe (PID: 1880)
      • elevation_service.exe (PID: 2940)
      • AVGBrowser.exe (PID: 3640)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 3660)
      • AVGBrowser.exe (PID: 3772)
      • AVGBrowser.exe (PID: 3084)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 2512)
      • AVGBrowser.exe (PID: 3968)
      • AVGBrowser.exe (PID: 2556)
      • AVGBrowser.exe (PID: 3604)
      • AVGBrowser.exe (PID: 996)
      • AVGBrowser.exe (PID: 2388)
      • AVGBrowser.exe (PID: 680)
      • AVGBrowser.exe (PID: 3544)
      • AVGBrowser.exe (PID: 2936)
      • AVGBrowser.exe (PID: 796)
      • AVGBrowser.exe (PID: 3508)
      • AVGBrowser.exe (PID: 3684)
      • AVGBrowser.exe (PID: 2176)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 664)
      • AVGBrowser.exe (PID: 1392)
      • AVGBrowser.exe (PID: 3380)
      • AVGBrowser.exe (PID: 2764)
      • AVGBrowser.exe (PID: 4092)
      • AVGBrowser.exe (PID: 584)
      • AVGBrowser.exe (PID: 3236)
      • AVGBrowser.exe (PID: 1380)
      • AVGBrowser.exe (PID: 3620)
      • AVGBrowser.exe (PID: 3608)
      • AVGBrowser.exe (PID: 2380)
      • AVGBrowser.exe (PID: 2468)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 924)
      • AVGBrowser.exe (PID: 3692)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 3068)
      • AVGBrowser.exe (PID: 2900)
      • AVGBrowser.exe (PID: 3824)
      • AVGBrowser.exe (PID: 2136)
      • AVGBrowser.exe (PID: 2244)
      • AVGBrowser.exe (PID: 3012)
      • AVGBrowser.exe (PID: 2856)
      • AVGBrowser.exe (PID: 2592)
      • AVGBrowser.exe (PID: 1900)
      • AVGBrowser.exe (PID: 2112)
      • setup.exe (PID: 1728)
      • setup.exe (PID: 984)
      • AVGBrowser.exe (PID: 668)
      • AVGBrowser.exe (PID: 4028)
      • AVGBrowser.exe (PID: 3128)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 2104)
      • elevation_service.exe (PID: 2492)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 1608)
      • AVGBrowser.exe (PID: 3784)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 1776)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 2232)
      • AVGBrowser.exe (PID: 2124)
      • AVGBrowser.exe (PID: 2976)
      • AVGBrowser.exe (PID: 3180)
      • AVGBrowser.exe (PID: 864)
      • AVGBrowser.exe (PID: 1352)
      • AVGBrowser.exe (PID: 3804)
      • AVGBrowser.exe (PID: 3448)
      • AVGBrowser.exe (PID: 3656)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 3080)
      • AVGBrowser.exe (PID: 2620)
      • AVGBrowser.exe (PID: 4044)
      • AVGBrowser.exe (PID: 2380)
      • AVGBrowser.exe (PID: 2332)

    • Reads the computer name

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2292)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • elevation_service.exe (PID: 2052)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 4064)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 3644)
      • elevation_service.exe (PID: 2940)
      • AVGBrowser.exe (PID: 2948)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 3084)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 2556)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 668)
      • elevation_service.exe (PID: 2492)
      • AVGBrowser.exe (PID: 3128)
      • AVGBrowser.exe (PID: 2988)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 2976)
      • AVGBrowser.exe (PID: 1352)
      • AVGBrowser.exe (PID: 4044)
      • AVGBrowser.exe (PID: 3104)

    • Process checks computer location settings

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3152)
      • AVGBrowser.exe (PID: 4080)
      • AVGBrowser.exe (PID: 3100)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 3660)
      • AVGBrowser.exe (PID: 3772)
      • AVGBrowser.exe (PID: 3380)
      • AVGBrowser.exe (PID: 3620)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 2856)
      • AVGBrowser.exe (PID: 3824)
      • AVGBrowser.exe (PID: 2112)
      • AVGBrowser.exe (PID: 668)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 1608)
      • AVGBrowser.exe (PID: 3784)
      • AVGBrowser.exe (PID: 1776)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 2124)
      • AVGBrowser.exe (PID: 2232)
      • AVGBrowser.exe (PID: 3180)
      • AVGBrowser.exe (PID: 3080)
      • AVGBrowser.exe (PID: 3448)
      • AVGBrowser.exe (PID: 3656)

    • Reads Environment values

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Reads the machine GUID from the registry

      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserUpdate.exe (PID: 2256)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • elevation_service.exe (PID: 2052)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 3644)
      • elevation_service.exe (PID: 2940)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 2556)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 668)
      • elevation_service.exe (PID: 2492)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 4044)

    • Checks proxy server information

      • ajFE58.exe (PID: 3932)

    • Reads the software policy settings

      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 3684)

    • Creates files or folders in the user directory

      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 3640)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 2512)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 4028)
      • AVGBrowser.exe (PID: 668)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 3804)

    • Creates files in the program directory

      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 3684)
      • setup.exe (PID: 1368)
      • AVGBrowserInstaller.exe (PID: 2724)
      • ajFE58.exe (PID: 3932)
      • setup.exe (PID: 1728)

    • Process checks whether UAC notifications are on

      • ajFE58.exe (PID: 3932)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.11.6.7313
ProductVersionNumber: 8.11.6.7313
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700120T180211
BuildTimestamp: 1706531249
BuildVersion: 8.11.6.7313
FileDescription: إعداد AVG Secure Browser
FileVersion: 8.11.6.7313
InstallerCommit: a485d5c491c307e7b2d577552c389367c6d50f95
InstallerEdition: main
InstallerKeyword: avg-securebrowser
InternalName: AVG Secure Browser
JsisCommit: 5b8cb9e927bd1c7a4a6578eaf22d9b969fc5fa37
LegalCopyright: حقوق الطبع والنشر (c) لعام 2024 محفوظة لشركة AVG Technologies
OmahaVersion: 1.8.1650.5
ProductName: إعداد AVG Secure Browser
ProductVersion: 8.11.6.7313
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
107
Malicious processes
106
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avg_secure_browser_setup.exe ajfe58.exe avgbrowserupdatesetup.exe avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserinstaller.exe setup.exe setup.exe no specs avgbrowsercrashhandler.exe no specs avgbrowser.exe avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs elevation_service.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs setup.exe no specs setup.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1140,i,3458534497895547077,14424741759416004259,131072 /prefetch:2C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
128"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
584"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
664"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
668AVGBrowser.exe --check-run=src=installerC:\Program Files\AVG\Browser\Application\AVGBrowser.exe
ajFE58.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
680"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
796"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3672 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
844"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win32 --annotation=prod=AVG --annotation=ver=109.0.19981.121 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x6bb68b48,0x6bb68b58,0x6bb68b64C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
AVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
1
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
844"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
864"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1296,i,8907407680752794185,17991123830262320198,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
42 018
Read events
39 076
Write events
2 857
Delete events
85

Modification events

(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3932) ajFE58.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(3932) ajFE58.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:writeName:machine_id
Value:
000044c3fd2cd9540ff4baf5d88ee93e
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\AVG\Browser
Operation:writeName:user_id
Value:
9f135702664a4729a46ba409bc8fc0d5
Executable files
185
Suspicious files
750
Text files
578
Unknown types
439

Dropped files

PID
Process
Filename
Type
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\StdUtils.dllexecutable
MD5:D083D47F54618D03A31CA07594823154
SHA256:4A9324AF88BD701FA0ED1DD7F833051D60E65A38EB6A4827EADB0F808348ED54
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\inetc.dllexecutable
MD5:DBF9C57BB8626144464922215853C741
SHA256:01D034E383BCAA21FB4D2C84FDDD438FA36FE0A73B9A638D7C6D2BF582B416D3
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\jsisdl.dllexecutable
MD5:1D41C7F088AC582DF1961BF864640B84
SHA256:F3DA0050540238EB1CA75A67F140C1D6544F59122C94DD811FF267D41AB1B332
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\ajFE58.exeexecutable
MD5:CD1DF93BD3E69C44D28A01C2E11D6ECB
SHA256:BB2338B04689EA1A48B1C0A7F2ABD1C4507F0E6E808F992B5DC42351EB1726CF
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\thirdparty.dllexecutable
MD5:2B09A28F02EDBD1FE30DF929B389D5D3
SHA256:CCA5A876DE7823DCEF9258474F5B1A8457ECD2BA8E9ADDBA588BC2F1A02B3FC3
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\sciterui.dllexecutable
MD5:DA1F3C1529AAA6C2C22FD89412A32C72
SHA256:972348E7066F614AF8DBCF3B8CBD37E97A53C184F4C2693C136C9FD0D349E501
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\FF.places.tmp
MD5:
SHA256:
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\AccessControl.dllexecutable
MD5:BD4FA45476E947E1826C51766730CDCA
SHA256:C146B6F8B7E99F327FE60990A95507DA49CD5A385C0E9870BE105CAE195DE5EE
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\Midex.dllexecutable
MD5:574AE869F6CA6EB51BB64F40B3DCBF8F
SHA256:6F2ECAF8F694C4B92FF1E729D7A4D93DD21A4249BCDC2985EB1C798370F63393
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\StdUtils.dllexecutable
MD5:D083D47F54618D03A31CA07594823154
SHA256:4A9324AF88BD701FA0ED1DD7F833051D60E65A38EB6A4827EADB0F808348ED54
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
85
DNS requests
89
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3932
ajFE58.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ae5c5c906448c0ab
unknown
3932
ajFE58.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
binary
471 b
2256
AVGBrowserUpdate.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a3e0399fd1bac44c
unknown
compressed
65.2 Kb
3684
AVGBrowserUpdate.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2db73a2422abb4b9
unknown
compressed
65.2 Kb
3684
AVGBrowserUpdate.exe
GET
200
72.247.154.136:80
http://browser-update.avg.com/browser-avg/win/x86/109.0.19981.121/AVGBrowserInstaller.exe
unknown
executable
98.2 Mb
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
6.12 Kb
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
10.4 Kb
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
9.86 Kb
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
9.59 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
4
System
192.168.100.255:138
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
3932
ajFE58.exe
104.20.159.62:443
stats.securebrowser.com
CLOUDFLARENET
unknown
3932
ajFE58.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
unknown
3932
ajFE58.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
2256
AVGBrowserUpdate.exe
172.67.41.145:443
update.avgbrowser.com
CLOUDFLARENET
US
unknown
2256
AVGBrowserUpdate.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
unknown
3684
AVGBrowserUpdate.exe
172.67.41.145:443
update.avgbrowser.com
CLOUDFLARENET
US
unknown
3684
AVGBrowserUpdate.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
unknown

DNS requests

Domain
IP
Reputation
stats.securebrowser.com
  • 104.20.159.62
  • 104.20.158.62
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
update.avgbrowser.com
  • 172.67.41.145
  • 104.22.63.125
  • 104.22.62.125
unknown
browser-update.avg.com
  • 72.247.154.136
  • 72.247.154.208
  • 2.22.242.137
  • 2.22.242.123
unknown
redirector.gvt1.com
  • 142.250.184.238
unknown
r4---sn-4g5edns7.gvt1.com
  • 173.194.188.9
unknown
engagement.avgbrowser.com
  • 172.67.41.145
  • 104.22.62.125
  • 104.22.63.125
unknown
s-install.avcdn.net
  • 95.101.197.12
unknown
shepherd.ff.avast.com
  • 34.160.176.28
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Process
Message
avg_secure_browser_setup.exe
2024-02-17T18:18:35 [libnsis] {00000fd4:00000870} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe
2024-02-17T18:18:35 [libnsis] {00000fd4:00000870} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe
2024-02-17T18:18:35 [libnsis] {00000fd4:00000870} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
ajFE58.exe
2024-02-17T18:18:37 [libnsis] {00000f5c:00000d84} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\CR.History.tmp
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19740 AND vtime <= 19771 GROUP BY vtime
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\CR.History.tmp
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19740 AND vtime <= 19771 GROUP BY vtime
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\FF.places.tmp
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 19740 AND vtime <= 19771 GROUP BY vtime
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
avg_secure_browser_setup.exe