File name:

avg_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/9d60f041-83cd-4c2c-8124-c96f79a0ab9b
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 17, 2024, 18:18:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F1DEA1C6D714B450247B07A53288A68B

SHA1:

EBCA0136916A90FF0CDEDD25E42CB719CA818A86

SHA256:

6C351DAD98ADCF5702CBF22EA9B5F9268FB12D1804787296974F9A2C54259B6C

SSDEEP:

98304:dpeNmkANTySWS61t/ALLdWLqjbUrpe/A70ltz/ViyUShigPZ6ya4gNb9PiCmmKav:xLONit7Q3hfQw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 1368)

    • Actions looks like stealing of personal data

      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Steals credentials from Web Browsers

      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 668)

    • Changes the autorun value in the registry

      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)

  • SUSPICIOUS

    • The process verifies whether the antivirus software is installed

      • avg_secure_browser_setup.exe (PID: 4052)
      • AVGBrowserUpdate.exe (PID: 2292)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 2672)
      • AVGBrowserUpdate.exe (PID: 3684)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserCrashHandler.exe (PID: 2336)
      • setup.exe (PID: 2728)
      • AVGBrowserInstaller.exe (PID: 2724)
      • AVGBrowser.exe (PID: 2040)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 1584)
      • elevation_service.exe (PID: 2052)
      • AVGBrowser.exe (PID: 1796)
      • AVGBrowser.exe (PID: 3100)
      • AVGBrowser.exe (PID: 4080)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 3152)
      • AVGBrowser.exe (PID: 4084)
      • AVGBrowser.exe (PID: 1264)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 3640)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 1880)
      • elevation_service.exe (PID: 2940)
      • AVGBrowser.exe (PID: 2948)
      • AVGBrowser.exe (PID: 3772)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 3660)
      • AVGBrowser.exe (PID: 3084)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 2388)
      • AVGBrowser.exe (PID: 3968)
      • AVGBrowser.exe (PID: 3604)
      • AVGBrowser.exe (PID: 996)
      • AVGBrowser.exe (PID: 2512)
      • AVGBrowser.exe (PID: 2556)
      • AVGBrowser.exe (PID: 796)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 3508)
      • AVGBrowser.exe (PID: 2176)
      • AVGBrowser.exe (PID: 3684)
      • AVGBrowser.exe (PID: 2936)
      • AVGBrowser.exe (PID: 664)
      • AVGBrowser.exe (PID: 680)
      • AVGBrowser.exe (PID: 3544)
      • AVGBrowser.exe (PID: 1380)
      • AVGBrowser.exe (PID: 584)
      • AVGBrowser.exe (PID: 4092)
      • AVGBrowser.exe (PID: 3236)
      • AVGBrowser.exe (PID: 2380)
      • AVGBrowser.exe (PID: 3380)
      • AVGBrowser.exe (PID: 1392)
      • AVGBrowser.exe (PID: 2764)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 2468)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 924)
      • AVGBrowser.exe (PID: 3620)
      • AVGBrowser.exe (PID: 3608)
      • AVGBrowser.exe (PID: 2856)
      • AVGBrowser.exe (PID: 3068)
      • AVGBrowser.exe (PID: 3824)
      • AVGBrowser.exe (PID: 3692)
      • AVGBrowser.exe (PID: 3012)
      • AVGBrowser.exe (PID: 2900)
      • AVGBrowser.exe (PID: 1900)
      • AVGBrowser.exe (PID: 2112)
      • AVGBrowser.exe (PID: 2136)
      • AVGBrowser.exe (PID: 2244)
      • AVGBrowser.exe (PID: 2592)
      • AVGBrowser.exe (PID: 3128)
      • setup.exe (PID: 984)
      • AVGBrowser.exe (PID: 4028)
      • AVGBrowser.exe (PID: 2104)
      • AVGBrowser.exe (PID: 668)
      • elevation_service.exe (PID: 2492)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 1608)
      • AVGBrowser.exe (PID: 3784)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 1776)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 2124)
      • AVGBrowser.exe (PID: 2976)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 2232)
      • AVGBrowser.exe (PID: 1352)
      • AVGBrowser.exe (PID: 3804)
      • AVGBrowser.exe (PID: 4044)
      • AVGBrowser.exe (PID: 3180)
      • AVGBrowser.exe (PID: 864)
      • AVGBrowser.exe (PID: 3080)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 3448)
      • AVGBrowser.exe (PID: 2620)
      • AVGBrowser.exe (PID: 3656)
      • AVGBrowser.exe (PID: 2332)
      • AVGBrowser.exe (PID: 2380)

    • Executable content was dropped or overwritten

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 1368)

    • Searches for installed software

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Reads security settings of Internet Explorer

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)

    • Reads the Internet Settings

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Reads settings of System Certificates

      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 668)

    • Starts itself from another location

      • AVGBrowserUpdate.exe (PID: 3940)

    • Disables SEHOP

      • AVGBrowserUpdate.exe (PID: 3940)

    • Checks Windows Trust Settings

      • ajFE58.exe (PID: 3932)

    • Creates/Modifies COM task schedule object

      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2672)

    • Executes as Windows Service

      • AVGBrowserUpdate.exe (PID: 3684)
      • elevation_service.exe (PID: 2052)
      • elevation_service.exe (PID: 2764)
      • elevation_service.exe (PID: 2940)
      • elevation_service.exe (PID: 2652)
      • elevation_service.exe (PID: 2492)
      • elevation_service.exe (PID: 4080)

    • Process requests binary or script from the Internet

      • AVGBrowserUpdate.exe (PID: 3684)

    • Adds/modifies Windows certificates

      • AVGBrowserUpdate.exe (PID: 2256)

    • Creates a software uninstall entry

      • setup.exe (PID: 1368)
      • ajFE58.exe (PID: 3932)
      • elevation_service.exe (PID: 2052)
      • elevation_service.exe (PID: 2940)
      • elevation_service.exe (PID: 2492)

    • Application launched itself

      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 668)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 1352)

    • Reads Mozilla Firefox installation path

      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 668)

    • Reads the date of Windows installation

      • setup.exe (PID: 1728)

  • INFO

    • Checks supported languages

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2672)
      • AVGBrowserUpdate.exe (PID: 2292)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 2728)
      • AVGBrowserCrashHandler.exe (PID: 2336)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 1796)
      • elevation_service.exe (PID: 2052)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 4080)
      • AVGBrowser.exe (PID: 3100)
      • AVGBrowser.exe (PID: 3152)
      • AVGBrowser.exe (PID: 4084)
      • AVGBrowser.exe (PID: 1264)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 3640)
      • AVGBrowser.exe (PID: 2980)
      • elevation_service.exe (PID: 2940)
      • AVGBrowser.exe (PID: 2948)
      • AVGBrowser.exe (PID: 1880)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 3660)
      • AVGBrowser.exe (PID: 3772)
      • AVGBrowser.exe (PID: 3084)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 2512)
      • AVGBrowser.exe (PID: 3968)
      • AVGBrowser.exe (PID: 3604)
      • AVGBrowser.exe (PID: 996)
      • AVGBrowser.exe (PID: 2388)
      • AVGBrowser.exe (PID: 680)
      • AVGBrowser.exe (PID: 2556)
      • AVGBrowser.exe (PID: 796)
      • AVGBrowser.exe (PID: 3508)
      • AVGBrowser.exe (PID: 2176)
      • AVGBrowser.exe (PID: 3684)
      • AVGBrowser.exe (PID: 844)
      • AVGBrowser.exe (PID: 664)
      • AVGBrowser.exe (PID: 2936)
      • AVGBrowser.exe (PID: 3544)
      • AVGBrowser.exe (PID: 1392)
      • AVGBrowser.exe (PID: 3380)
      • AVGBrowser.exe (PID: 1380)
      • AVGBrowser.exe (PID: 2764)
      • AVGBrowser.exe (PID: 4092)
      • AVGBrowser.exe (PID: 3236)
      • AVGBrowser.exe (PID: 2380)
      • AVGBrowser.exe (PID: 584)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 2468)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 924)
      • AVGBrowser.exe (PID: 3620)
      • AVGBrowser.exe (PID: 3608)
      • AVGBrowser.exe (PID: 2856)
      • AVGBrowser.exe (PID: 3068)
      • AVGBrowser.exe (PID: 2900)
      • AVGBrowser.exe (PID: 3824)
      • AVGBrowser.exe (PID: 2136)
      • AVGBrowser.exe (PID: 3692)
      • AVGBrowser.exe (PID: 3012)
      • AVGBrowser.exe (PID: 2112)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 2244)
      • AVGBrowser.exe (PID: 2592)
      • AVGBrowser.exe (PID: 1900)
      • AVGBrowser.exe (PID: 668)
      • AVGBrowser.exe (PID: 4028)
      • AVGBrowser.exe (PID: 3128)
      • setup.exe (PID: 984)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 2104)
      • elevation_service.exe (PID: 2492)
      • AVGBrowser.exe (PID: 2376)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 1776)
      • AVGBrowser.exe (PID: 1608)
      • AVGBrowser.exe (PID: 3784)
      • AVGBrowser.exe (PID: 2232)
      • AVGBrowser.exe (PID: 2124)
      • AVGBrowser.exe (PID: 2976)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 3180)
      • AVGBrowser.exe (PID: 864)
      • AVGBrowser.exe (PID: 1352)
      • AVGBrowser.exe (PID: 3804)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 3080)
      • AVGBrowser.exe (PID: 3448)
      • AVGBrowser.exe (PID: 2620)
      • AVGBrowser.exe (PID: 3656)
      • AVGBrowser.exe (PID: 4044)
      • AVGBrowser.exe (PID: 2332)
      • AVGBrowser.exe (PID: 2380)

    • Reads the computer name

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2292)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • elevation_service.exe (PID: 2052)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 128)
      • AVGBrowser.exe (PID: 4064)
      • AVGBrowser.exe (PID: 3644)
      • elevation_service.exe (PID: 2764)
      • elevation_service.exe (PID: 2940)
      • AVGBrowser.exe (PID: 2948)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 3084)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 3268)
      • AVGBrowser.exe (PID: 2556)
      • AVGBrowser.exe (PID: 668)
      • setup.exe (PID: 1728)
      • elevation_service.exe (PID: 2492)
      • AVGBrowser.exe (PID: 3128)
      • AVGBrowser.exe (PID: 2988)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 2976)
      • AVGBrowser.exe (PID: 1352)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 4044)

    • Create files in a temporary directory

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 2256)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Reads Environment values

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 668)

    • Process checks computer location settings

      • avg_secure_browser_setup.exe (PID: 4052)
      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 3100)
      • AVGBrowser.exe (PID: 4080)
      • AVGBrowser.exe (PID: 3152)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 3660)
      • AVGBrowser.exe (PID: 3772)
      • AVGBrowser.exe (PID: 3380)
      • AVGBrowser.exe (PID: 3620)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 3824)
      • AVGBrowser.exe (PID: 2856)
      • AVGBrowser.exe (PID: 2112)
      • AVGBrowser.exe (PID: 668)
      • AVGBrowser.exe (PID: 2376)
      • AVGBrowser.exe (PID: 1608)
      • AVGBrowser.exe (PID: 2232)
      • AVGBrowser.exe (PID: 3784)
      • AVGBrowser.exe (PID: 1776)
      • AVGBrowser.exe (PID: 1780)
      • AVGBrowser.exe (PID: 2124)
      • AVGBrowser.exe (PID: 3180)
      • AVGBrowser.exe (PID: 3656)
      • AVGBrowser.exe (PID: 3080)
      • AVGBrowser.exe (PID: 3448)

    • Reads the machine GUID from the registry

      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdate.exe (PID: 2688)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserUpdate.exe (PID: 2256)
      • setup.exe (PID: 1368)
      • AVGBrowser.exe (PID: 2040)
      • elevation_service.exe (PID: 2052)
      • elevation_service.exe (PID: 2764)
      • AVGBrowser.exe (PID: 3644)
      • elevation_service.exe (PID: 2940)
      • elevation_service.exe (PID: 2652)
      • AVGBrowser.exe (PID: 2556)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 668)
      • elevation_service.exe (PID: 2492)
      • elevation_service.exe (PID: 4080)
      • AVGBrowser.exe (PID: 3104)
      • AVGBrowser.exe (PID: 4044)

    • Checks proxy server information

      • ajFE58.exe (PID: 3932)

    • Creates files or folders in the user directory

      • ajFE58.exe (PID: 3932)
      • AVGBrowser.exe (PID: 2040)
      • AVGBrowser.exe (PID: 1584)
      • AVGBrowser.exe (PID: 3640)
      • AVGBrowser.exe (PID: 3644)
      • AVGBrowser.exe (PID: 2512)
      • AVGBrowser.exe (PID: 2980)
      • AVGBrowser.exe (PID: 668)
      • setup.exe (PID: 1728)
      • AVGBrowser.exe (PID: 4028)
      • AVGBrowser.exe (PID: 2988)
      • AVGBrowser.exe (PID: 3804)

    • Reads the software policy settings

      • ajFE58.exe (PID: 3932)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserUpdate.exe (PID: 2256)

    • Creates files in the program directory

      • AVGBrowserUpdate.exe (PID: 3940)
      • AVGBrowserUpdateSetup.exe (PID: 3960)
      • AVGBrowserUpdate.exe (PID: 3684)
      • AVGBrowserInstaller.exe (PID: 2724)
      • ajFE58.exe (PID: 3932)
      • setup.exe (PID: 1368)
      • setup.exe (PID: 1728)

    • Process checks whether UAC notifications are on

      • ajFE58.exe (PID: 3932)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.11.6.7313
ProductVersionNumber: 8.11.6.7313
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700120T180211
BuildTimestamp: 1706531249
BuildVersion: 8.11.6.7313
FileDescription: إعداد AVG Secure Browser
FileVersion: 8.11.6.7313
InstallerCommit: a485d5c491c307e7b2d577552c389367c6d50f95
InstallerEdition: main
InstallerKeyword: avg-securebrowser
InternalName: AVG Secure Browser
JsisCommit: 5b8cb9e927bd1c7a4a6578eaf22d9b969fc5fa37
LegalCopyright: حقوق الطبع والنشر (c) لعام 2024 محفوظة لشركة AVG Technologies
OmahaVersion: 1.8.1650.5
ProductName: إعداد AVG Secure Browser
ProductVersion: 8.11.6.7313
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
107
Malicious processes
106
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avg_secure_browser_setup.exe ajfe58.exe avgbrowserupdatesetup.exe avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserinstaller.exe setup.exe setup.exe no specs avgbrowsercrashhandler.exe no specs avgbrowser.exe avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs elevation_service.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs setup.exe no specs setup.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe avgbrowser.exe no specs avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs elevation_service.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs avgbrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1140,i,3458534497895547077,14424741759416004259,131072 /prefetch:2C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
128"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
584"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
664"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
668AVGBrowser.exe --check-run=src=installerC:\Program Files\AVG\Browser\Application\AVGBrowser.exe
ajFE58.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
680"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
796"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3672 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
844"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win32 --annotation=prod=AVG --annotation=ver=109.0.19981.121 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x6bb68b48,0x6bb68b58,0x6bb68b64C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
AVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
MEDIUM
Description:
AVG Secure Browser
Exit code:
1
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
844"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1164,i,13198148217505820399,3873719375103168349,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
864"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1296,i,8907407680752794185,17991123830262320198,131072 /prefetch:8C:\Program Files\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe
User:
admin
Company:
AVG Technologies
Integrity Level:
LOW
Description:
AVG Secure Browser
Exit code:
0
Version:
109.0.19981.121
Modules
Images
c:\program files\avg\browser\application\avgbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avg\browser\application\109.0.19981.121\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
42 018
Read events
39 076
Write events
2 857
Delete events
85

Modification events

(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4052) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3932) ajFE58.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(3932) ajFE58.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:writeName:machine_id
Value:
000044c3fd2cd9540ff4baf5d88ee93e
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3932) ajFE58.exeKey:HKEY_CURRENT_USER\Software\AVG\Browser
Operation:writeName:user_id
Value:
9f135702664a4729a46ba409bc8fc0d5
Executable files
185
Suspicious files
750
Text files
578
Unknown types
439

Dropped files

PID
Process
Filename
Type
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\jsis.dllexecutable
MD5:CCBC3DE08E58798C5FC41965280DD033
SHA256:E0E17AE38C849C647E42811B039B5772918451B4BDA37317EB5E94A7EA4DE653
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\sciterui.dllexecutable
MD5:DA1F3C1529AAA6C2C22FD89412A32C72
SHA256:972348E7066F614AF8DBCF3B8CBD37E97A53C184F4C2693C136C9FD0D349E501
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\thirdparty.dllexecutable
MD5:2B09A28F02EDBD1FE30DF929B389D5D3
SHA256:CCA5A876DE7823DCEF9258474F5B1A8457ECD2BA8E9ADDBA588BC2F1A02B3FC3
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\nsJSON.dllexecutable
MD5:E382A03F418CC476E4E83F1BA9626359
SHA256:DBBBFCCCF7C766CDBCBBBEB74EE41693D7C7395B282FA036CA6AAD4E1165700C
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\StdUtils.dllexecutable
MD5:D083D47F54618D03A31CA07594823154
SHA256:4A9324AF88BD701FA0ED1DD7F833051D60E65A38EB6A4827EADB0F808348ED54
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\avg-securebrowser-main-tagsbinary
MD5:E6F18D0E440F95963D71BED502D86970
SHA256:6305B0734B659DBDA965B9ACA5B559735B28F8D032622FE81F30F84AB4D11FFF
3932ajFE58.exeC:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\FF.places.tmp
MD5:
SHA256:
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\ajFE58.exeexecutable
MD5:CD1DF93BD3E69C44D28A01C2E11D6ECB
SHA256:BB2338B04689EA1A48B1C0A7F2ABD1C4507F0E6E808F992B5DC42351EB1726CF
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\AccessControl.dllexecutable
MD5:BD4FA45476E947E1826C51766730CDCA
SHA256:C146B6F8B7E99F327FE60990A95507DA49CD5A385C0E9870BE105CAE195DE5EE
4052avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsdF09B.tmp\JsisPlugins.dllexecutable
MD5:F316A9B59505FEDAF38CECEAE57132F0
SHA256:51B0F48DDFECE0714D5A4B54F82E025CD3BD6A4B7A1FF6729102233DBC3849CC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
85
DNS requests
89
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
1.21 Mb
unknown
3932
ajFE58.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ae5c5c906448c0ab
unknown
unknown
3932
ajFE58.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
binary
471 b
unknown
3684
AVGBrowserUpdate.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2db73a2422abb4b9
unknown
compressed
65.2 Kb
unknown
2256
AVGBrowserUpdate.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a3e0399fd1bac44c
unknown
compressed
65.2 Kb
unknown
3684
AVGBrowserUpdate.exe
GET
200
72.247.154.136:80
http://browser-update.avg.com/browser-avg/win/x86/109.0.19981.121/AVGBrowserInstaller.exe
unknown
executable
98.2 Mb
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
6.12 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
10.4 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
unknown
binary
9.86 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3932
ajFE58.exe
104.20.159.62:443
stats.securebrowser.com
CLOUDFLARENET
unknown
3932
ajFE58.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3932
ajFE58.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2256
AVGBrowserUpdate.exe
172.67.41.145:443
update.avgbrowser.com
CLOUDFLARENET
US
unknown
2256
AVGBrowserUpdate.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3684
AVGBrowserUpdate.exe
172.67.41.145:443
update.avgbrowser.com
CLOUDFLARENET
US
unknown
3684
AVGBrowserUpdate.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
stats.securebrowser.com
  • 104.20.159.62
  • 104.20.158.62
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
update.avgbrowser.com
  • 172.67.41.145
  • 104.22.63.125
  • 104.22.62.125
unknown
browser-update.avg.com
  • 72.247.154.136
  • 72.247.154.208
  • 2.22.242.137
  • 2.22.242.123
whitelisted
redirector.gvt1.com
  • 142.250.184.238
whitelisted
r4---sn-4g5edns7.gvt1.com
  • 173.194.188.9
whitelisted
engagement.avgbrowser.com
  • 172.67.41.145
  • 104.22.62.125
  • 104.22.63.125
whitelisted
s-install.avcdn.net
  • 95.101.197.12
unknown
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted

Threats

PID
Process
Class
Message
3684
AVGBrowserUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2988
AVGBrowser.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2988
AVGBrowser.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2988
AVGBrowser.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
2988
AVGBrowser.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2988
AVGBrowser.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2988
AVGBrowser.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Process
Message
avg_secure_browser_setup.exe
2024-02-17T18:18:35 [libnsis] {00000fd4:00000870} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe
2024-02-17T18:18:35 [libnsis] {00000fd4:00000870} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe
2024-02-17T18:18:35 [libnsis] {00000fd4:00000870} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
ajFE58.exe
2024-02-17T18:18:37 [libnsis] {00000f5c:00000d84} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\CR.History.tmp
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19740 AND vtime <= 19771 GROUP BY vtime
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\CR.History.tmp
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19740 AND vtime <= 19771 GROUP BY vtime
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsa1D2.tmp\FF.places.tmp
ajFE58.exe
2024-02-17T18:18:38 [libnsis] {00000f5c:00000d84} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 19740 AND vtime <= 19771 GROUP BY vtime
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avg_secure_browser_setup.exe