File name:

avast_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/88b32d21-35e9-4a29-a3b8-ec70f90be1f1
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 22, 2025, 21:56:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

863255EA32FD90031A16D890F820F3A8

SHA1:

ED633036FD126A0CCF6EBD97AC7BA3E1E8602581

SHA256:

AA48E1430ED33FAD11C20FB4E650A64FC56F6B4C63235BBD1355C7F90AE3A6F5

SSDEEP:

98304:aDe6X8WmnHEK1jJJaYG47S5gjdZrYypIW9z/wTwkKSavc8xVqpr3iP2egaKuzsoM:RE37bVOVMQ1ZLbg2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • avast_secure_browser_setup.exe (PID: 6732)

    • Steals credentials from Web Browsers

      • avast_secure_browser_setup.exe (PID: 6732)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 3540)

    • Executable content was dropped or overwritten

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)
      • AvastBrowserInstaller.exe (PID: 2076)

    • Application launched itself

      • avast_secure_browser_setup.exe (PID: 6444)
      • setup.exe (PID: 2460)

    • The process verifies whether the antivirus software is installed

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 3988)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 5740)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 3076)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 4876)
      • AvastBrowserUpdate.exe (PID: 5308)
      • AvastBrowserUpdate.exe (PID: 5720)
      • AvastBrowserUpdate.exe (PID: 5008)
      • AvastBrowserUpdate.exe (PID: 3540)
      • setup.exe (PID: 2460)
      • setup.exe (PID: 6724)
      • AvastBrowserInstaller.exe (PID: 2076)
      • AvastBrowserUpdate.exe (PID: 6168)

    • Reads the BIOS version

      • avast_secure_browser_setup.exe (PID: 6732)

    • Checks Windows Trust Settings

      • avast_secure_browser_setup.exe (PID: 6732)

    • There is functionality for taking screenshot (YARA)

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)

    • Searches for installed software

      • avast_secure_browser_setup.exe (PID: 6732)

    • Disables SEHOP

      • AvastBrowserUpdate.exe (PID: 3540)

    • Creates/Modifies COM task schedule object

      • AvastBrowserUpdate.exe (PID: 3988)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 5740)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 3076)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 4876)
      • AvastBrowserUpdate.exe (PID: 3540)

    • Starts itself from another location

      • AvastBrowserUpdate.exe (PID: 3540)

    • Executes as Windows Service

      • AvastBrowserUpdate.exe (PID: 6168)

    • Process requests binary or script from the Internet

      • AvastBrowserUpdate.exe (PID: 6168)

  • INFO

    • The sample compiled with arabic language support

      • avast_secure_browser_setup.exe (PID: 6444)
      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • Process checks computer location settings

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 3540)

    • Reads the computer name

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 3540)
      • AvastBrowserUpdate.exe (PID: 5308)
      • AvastBrowserUpdate.exe (PID: 3988)
      • AvastBrowserUpdate.exe (PID: 5008)
      • AvastBrowserUpdate.exe (PID: 6168)
      • AvastBrowserUpdate.exe (PID: 5720)
      • setup.exe (PID: 2460)
      • AvastBrowserInstaller.exe (PID: 2076)

    • Checks supported languages

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)
      • AvastBrowserUpdate.exe (PID: 3988)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 5740)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 3076)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 4876)
      • AvastBrowserUpdate.exe (PID: 5308)
      • AvastBrowserUpdate.exe (PID: 5720)
      • AvastBrowserUpdate.exe (PID: 5008)
      • AvastBrowserInstaller.exe (PID: 2076)
      • AvastBrowserUpdate.exe (PID: 6168)
      • setup.exe (PID: 2460)
      • setup.exe (PID: 6724)

    • Reads Environment values

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)

    • The sample compiled with english language support

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)
      • AvastBrowserInstaller.exe (PID: 2076)

    • Create files in a temporary directory

      • avast_secure_browser_setup.exe (PID: 6444)
      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 6168)

    • Reads the software policy settings

      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 6168)
      • AvastBrowserUpdate.exe (PID: 5008)

    • Reads the machine GUID from the registry

      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 3540)
      • AvastBrowserUpdate.exe (PID: 6168)

    • Creates files or folders in the user directory

      • avast_secure_browser_setup.exe (PID: 6732)

    • Checks proxy server information

      • avast_secure_browser_setup.exe (PID: 6732)
      • AvastBrowserUpdate.exe (PID: 5008)

    • The sample compiled with czech language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with bulgarian language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with german language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with french language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with turkish language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with japanese language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with polish language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with korean language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with slovak language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with portuguese language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with russian language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • Creates files in the program directory

      • AvastBrowserUpdate.exe (PID: 3540)
      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 6168)
      • setup.exe (PID: 2460)
      • AvastBrowserInstaller.exe (PID: 2076)

    • The sample compiled with swedish language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with chinese language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with Indonesian language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)

    • The sample compiled with Italian language support

      • AvastBrowserUpdateSetup.exe (PID: 2440)
      • AvastBrowserUpdate.exe (PID: 3540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.11.9.7511
ProductVersionNumber: 8.11.9.7511
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700120T212345
BuildTimestamp: 1718625677
BuildVersion: 8.11.9.7511
CompanyName: Gen Digital Inc.
FileDescription: إعداد Avast Secure Browser
FileVersion: 8.11.9.7511
InstallerCommit: 6abe2ae156386bdebece5cf23c59152082c14d11
InstallerEdition: web
InstallerKeyword: avast-securebrowser
InternalName: Avast Secure Browser
JsisCommit: 9787409e632740167533d24081ccbb49791a2fdf
LegalCopyright: حقوق النشر 2017-2024 لشركة Gen Digital Inc.
OmahaVersion: 1.8.1697.6
ProductName: إعداد Avast Secure Browser
ProductVersion: 8.11.9.7511
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
15
Malicious processes
15
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avast_secure_browser_setup.exe avast_secure_browser_setup.exe avastbrowserupdatesetup.exe avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe avastbrowserinstaller.exe setup.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2076"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{5CA34AA2-6042-4730-A161-48F9581F774B}\AvastBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --system-levelC:\Program Files (x86)\AVAST Software\Browser\Update\Install\{5CA34AA2-6042-4730-A161-48F9581F774B}\AvastBrowserInstaller.exe
AvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Secure Browser Installer
Version:
131.0.27894.265
Modules
Images
c:\program files (x86)\avast software\browser\update\install\{5ca34aa2-6042-4730-a161-48f9581f774b}\avastbrowserinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
2440AvastBrowserUpdateSetup.exe /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=2103&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies"C:\Users\admin\AppData\Local\Temp\nsj7AC3.tmp\AvastBrowserUpdateSetup.exe
avast_secure_browser_setup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser Setup
Version:
1.8.1697.6
Modules
Images
c:\users\admin\appdata\local\temp\nsj7ac3.tmp\avastbrowserupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2460"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{5CA34AA2-6042-4730-A161-48F9581F774B}\CR_73D37.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{5CA34AA2-6042-4730-A161-48F9581F774B}\CR_73D37.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --system-levelC:\Program Files (x86)\AVAST Software\Browser\Update\Install\{5CA34AA2-6042-4730-A161-48F9581F774B}\CR_73D37.tmp\setup.exeAvastBrowserInstaller.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Secure Browser Installer
Version:
131.0.27894.265
Modules
Images
c:\program files (x86)\avast software\browser\update\install\{5ca34aa2-6042-4730-a161-48f9581f774b}\cr_73d37.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
3076"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\AvastBrowserUpdateComRegisterShell64.exe" C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\AvastBrowserUpdateComRegisterShell64.exeAvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\avast software\browser\update\1.8.1697.6\avastbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3540"C:\Program Files (x86)\GUMC278.tmp\AvastBrowserUpdate.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=2103&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies"C:\Program Files (x86)\GUMC278.tmp\AvastBrowserUpdate.exe
AvastBrowserUpdateSetup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\gumc278.tmp\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3988"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regserverC:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeAvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser
Exit code:
0
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4876"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\AvastBrowserUpdateComRegisterShell64.exe" C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\AvastBrowserUpdateComRegisterShell64.exeAvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\avast software\browser\update\1.8.1697.6\avastbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5008"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5Ny42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5Ny42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezVDQ0ZGQTg3LUM2NEYtNEQ4NS04MjI4LUJGMEQ2Q0Q5MEUxNX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins3QTY5Q0ZGMi1CNEQ1LTRGNzYtOUIwMC0xMkI3QzBFNURBQjh9IiB1c2VyaWRfZGF0ZT0iMjAyNTAyMjIiIG1hY2hpbmVpZD0iezAwMDBCMEUxLTAwOUEtQkE1RS05NUY3LTIyN0U1NzQzNDg3NH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI1MDIyMiIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntBMDAzMTFGOS04MUYwLTRDQ0QtOEU2My1DMDE1QjE3Q0U1RDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjQiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjk3LjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iMjEwMyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTQwNiIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
AvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser
Exit code:
0
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5308"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regsvcC:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeAvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser
Exit code:
0
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5720"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /handoff "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=2103&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies" /installsource otherinstallcmd /sessionid "{5CCFFA87-C64F-4D85-8228-BF0D6CD90E15}" /silentC:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeAvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser
Version:
1.8.1697.6
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
8 023
Read events
6 906
Write events
1 075
Delete events
42

Modification events

(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_id
Value:
7a69cff2b4d54f769b0012b7c0e5dab8
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_date
Value:
20250222
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Browser
Operation:writeName:machine_date
Value:
20250222
(PID) Process:(6732) avast_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser
Operation:writeName:user_timestamp
Value:
1740261430
Executable files
171
Suspicious files
14
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\jsisdl.dllexecutable
MD5:98C5A091BD03517498A38092556EA538
SHA256:BBB0DF205D75BEBBB381A104B37D592D683C240C21A6008D8BDF5759379EFB7D
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\jsis.dllexecutable
MD5:C519039F6F19FA9C92D885C1C50081F4
SHA256:42DEA14E5201A15B4240CD2B4C17AFB747FA16331116E1FFFD9AD9354A7539C7
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\Midex.dllexecutable
MD5:44DBC5820850A84877FB9BD55EE3D1BD
SHA256:7FF005181D3D69A6CE9C9CF474744CE46B46924E69A7737A2500844920516571
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\StdUtils.dllexecutable
MD5:E8B709747027D79A1E8B734319A3BF0D
SHA256:041BAAA619C1A1D1115531D792503441308976CD43EF8AC8AC1F5522F3487D6E
6732avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsj7AC3.tmp\FF.places.tmp
MD5:
SHA256:
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\thirdparty.dllexecutable
MD5:DE45A0C6F651A4E49AB1919FBA8D30D8
SHA256:78ECA5256C9AF6C1B99D79A478598FCA267A907AAB99B4A8F171E922B1E8C433
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\nsJSON.dllexecutable
MD5:A5F04E90D1733F71257ACBC5B9697C55
SHA256:1E42FA8E5B6F46755DCA6E595B8994E10064898EFA771437EFCA820421408565
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\AccessControl.dllexecutable
MD5:95E41B3C52661D8DD4E4045A3C93AF34
SHA256:E195F7E7A7927D5BFA23A5526D70977BE2B52CCF2E21F1202F8D32BFD79B3FF1
6444avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsq66FC.tmp\JsisPlugins.dllexecutable
MD5:2CC408A77060B0A5208F7C16CA572309
SHA256:957A320332B97875ECC425A34F3E53FF83E63943EC28B1BDDDC895505C885135
6732avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsj7AC3.tmp\JsisPlugins.dllexecutable
MD5:2CC408A77060B0A5208F7C16CA572309
SHA256:957A320332B97875ECC425A34F3E53FF83E63943EC28B1BDDDC895505C885135
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
37
DNS requests
24
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6732
avast_secure_browser_setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
6732
avast_secure_browser_setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6732
avast_secure_browser_setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6732
avast_secure_browser_setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAkCs2syUcMoCD93fKCEKP8%3D
unknown
whitelisted
4320
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4320
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
184.86.251.14:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
444
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.177
  • 23.48.23.183
  • 23.48.23.139
  • 23.48.23.194
  • 23.48.23.137
  • 23.48.23.180
  • 23.48.23.167
  • 23.48.23.190
  • 23.48.23.169
whitelisted
google.com
  • 142.250.185.78
whitelisted
www.bing.com
  • 184.86.251.14
  • 184.86.251.27
  • 184.86.251.4
  • 184.86.251.24
  • 184.86.251.21
  • 184.86.251.9
  • 184.86.251.7
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
  • 2.23.77.188
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.132
  • 20.190.160.65
  • 20.190.160.20
  • 20.190.160.4
  • 20.190.160.2
  • 20.190.160.64
  • 20.190.160.3
whitelisted
stats.securebrowser.com
  • 104.20.86.8
  • 104.20.87.8
unknown
go.microsoft.com
  • 2.19.106.8
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Process
Message
avast_secure_browser_setup.exe
2025-02-22T21:57:01 [libnsis] {0000192c:00001930} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avast_secure_browser_setup.exe
2025-02-22T21:57:01 [libnsis] {0000192c:00001930} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avast_secure_browser_setup.exe
2025-02-22T21:57:01 [libnsis] {0000192c:00001930} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
avast_secure_browser_setup.exe
2025-02-22T21:57:04 [libnsis] {00001a4c:00001a50} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avast_secure_browser_setup.exe
2025-02-22T21:57:04 [libnsis] {00001a4c:00001a50} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avast_secure_browser_setup.exe
2025-02-22T21:57:04 [libnsis] {00001a4c:00001a50} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
avast_secure_browser_setup.exe
2025-02-22T21:57:07 [libnsis] {00001a4c:00001a50} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsj7AC3.tmp\CR.History.tmp
avast_secure_browser_setup.exe
2025-02-22T21:57:07 [libnsis] {00001a4c:00001a50} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 20111 AND vtime <= 20142 GROUP BY vtime
avast_secure_browser_setup.exe
2025-02-22T21:57:07 [libnsis] {00001a4c:00001a50} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsj7AC3.tmp\CR.History.tmp
avast_secure_browser_setup.exe
2025-02-22T21:57:07 [libnsis] {00001a4c:00001a50} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 20111 AND vtime <= 20142 GROUP BY vtime
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avast_secure_browser_setup.exe