File name:

avg_secure_browser_setup.exe

Full analysis: https://app.any.run/tasks/fc69b849-1c81-4ac5-8ad4-49caaea54845
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 13, 2025, 19:14:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

BF2982E2DFFD97A7E17F89EC7754AD0A

SHA1:

0D4F118D7927F28E5E823AC56D7A77382A86F691

SHA256:

B4214558900372D76DC24D6796DE2FC004A4E16A1911CDCFBF061300788F9C2E

SSDEEP:

98304:ZTrDmcoPlDcn3Rc/vTV08T19StKUCzVxejICvSPd8g9P2xL3fdkCwBkqEGzAmYZL:d08VQEEkZZ3BZgp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • avg_secure_browser_setup.exe (PID: 6560)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)
      • AVGBrowserInstaller.exe (PID: 6268)

    • Reads security settings of Internet Explorer

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The process verifies whether the antivirus software is installed

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)

    • Application launched itself

      • avg_secure_browser_setup.exe (PID: 1612)

    • There is functionality for taking screenshot (YARA)

      • avg_secure_browser_setup.exe (PID: 1612)

    • Reads the BIOS version

      • avg_secure_browser_setup.exe (PID: 6560)

    • Searches for installed software

      • avg_secure_browser_setup.exe (PID: 6560)

    • Checks Windows Trust Settings

      • avg_secure_browser_setup.exe (PID: 6560)

    • Starts itself from another location

      • AVGBrowserUpdate.exe (PID: 2136)

    • Disables SEHOP

      • AVGBrowserUpdate.exe (PID: 2136)

    • Creates/Modifies COM task schedule object

      • AVGBrowserUpdateComRegisterShell64.exe (PID: 1392)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 5748)
      • AVGBrowserUpdate.exe (PID: 4980)
      • AVGBrowserUpdate.exe (PID: 2136)

    • Executes as Windows Service

      • AVGBrowserUpdate.exe (PID: 3836)

    • Potential Corporate Privacy Violation

      • AVGBrowserUpdate.exe (PID: 3836)

    • Process requests binary or script from the Internet

      • AVGBrowserUpdate.exe (PID: 3836)

  • INFO

    • The sample compiled with english language support

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)
      • AVGBrowserUpdate.exe (PID: 3836)
      • AVGBrowserInstaller.exe (PID: 6268)

    • The sample compiled with arabic language support

      • avg_secure_browser_setup.exe (PID: 1612)
      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • Checks supported languages

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)
      • AVGBrowserUpdate.exe (PID: 4980)
      • AVGBrowserUpdate.exe (PID: 3876)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 1392)
      • AVGBrowserUpdateComRegisterShell64.exe (PID: 4384)
      • AVGBrowserUpdate.exe (PID: 4548)
      • AVGBrowserUpdate.exe (PID: 3836)

    • Reads the computer name

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdate.exe (PID: 3876)
      • AVGBrowserUpdate.exe (PID: 4980)
      • AVGBrowserUpdate.exe (PID: 4548)
      • AVGBrowserUpdate.exe (PID: 3836)

    • Reads Environment values

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)

    • Process checks computer location settings

      • avg_secure_browser_setup.exe (PID: 1612)
      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdate.exe (PID: 2136)

    • Create files in a temporary directory

      • avg_secure_browser_setup.exe (PID: 6560)

    • Reads the software policy settings

      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdate.exe (PID: 4548)

    • Checks proxy server information

      • avg_secure_browser_setup.exe (PID: 6560)

    • The sample compiled with german language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • Reads the machine GUID from the registry

      • avg_secure_browser_setup.exe (PID: 6560)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with bulgarian language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with czech language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with french language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with Italian language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with japanese language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with korean language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with russian language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with swedish language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with turkish language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with chinese language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with Indonesian language support

      • AVGBrowserUpdate.exe (PID: 2136)
      • AVGBrowserUpdateSetup.exe (PID: 7128)

    • The sample compiled with polish language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with portuguese language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)

    • The sample compiled with slovak language support

      • AVGBrowserUpdateSetup.exe (PID: 7128)
      • AVGBrowserUpdate.exe (PID: 2136)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.11.9.7512
ProductVersionNumber: 8.11.9.7512
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700120T212345
BuildTimestamp: 1718625656
BuildVersion: 8.11.9.7512
CompanyName: Gen Digital Inc.
FileDescription: إعداد AVG Secure Browser
FileVersion: 8.11.9.7512
InstallerCommit: 6abe2ae156386bdebece5cf23c59152082c14d11
InstallerEdition: web
InstallerKeyword: avg-securebrowser
InternalName: AVG Secure Browser
JsisCommit: 9787409e632740167533d24081ccbb49791a2fdf
LegalCopyright: حقوق النشر 2017-2024 لشركة Gen Digital Inc.
OmahaVersion: 1.8.1693.6
ProductName: إعداد AVG Secure Browser
ProductVersion: 8.11.9.7512
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
14
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start avg_secure_browser_setup.exe avg_secure_browser_setup.exe avgbrowserupdatesetup.exe avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdatecomregistershell64.exe no specs avgbrowserupdate.exe avgbrowserupdate.exe no specs avgbrowserupdate.exe avgbrowserinstaller.exe setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1392"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\avg\browser\update\1.8.1693.6\avgbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1612"C:\Users\admin\AppData\Local\Temp\avg_secure_browser_setup.exe" C:\Users\admin\AppData\Local\Temp\avg_secure_browser_setup.exe
explorer.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Secure Browser Setup
Version:
8.11.9.7512
Modules
Images
c:\users\admin\appdata\local\temp\avg_secure_browser_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2136"C:\Program Files (x86)\GUMD4A9.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=5103&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies"C:\Program Files (x86)\GUMD4A9.tmp\AVGBrowserUpdate.exe
AVGBrowserUpdateSetup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\gumd4a9.tmp\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2756"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=5103&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies" /installsource otherinstallcmd /sessionid "{CDB9A4C1-F877-44FD-84F2-4714C5714724}" /silentC:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser
Version:
1.8.1693.6
3836"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svcC:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
services.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
AVG Browser
Version:
1.8.1693.6
3876"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvcC:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser
Exit code:
0
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4384"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\avg\browser\update\1.8.1693.6\avgbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4548"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0NEQjlBNEMxLUY4NzctNDRGRC04NEYyLTQ3MTRDNTcxNDcyNH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins1Q0IzRkFDRS02OTFDLTRCQUMtODkzMy1BOEQwRkZCQjg0MTN9IiB1c2VyaWRfZGF0ZT0iMjAyNTAyMTMiIG1hY2hpbmVpZD0iezAwMDBCMEUxLTAwOUEtQkE1RS05NUY3LTIyN0U1NzQzNDg3NH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI1MDIxMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntDRTRDOEY2OS0zRjg0LTRCQkItQkU0MC0xODYxNjYwMzVGNkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjQiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iNTEwMyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTQ1NCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
AVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser
Exit code:
0
Version:
1.8.1693.6
4980"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserverC:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser
Exit code:
0
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5748"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exeAVGBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Browser Com Register Shell 64
Exit code:
0
Version:
1.8.1693.6
Modules
Images
c:\program files (x86)\avg\browser\update\1.8.1693.6\avgbrowserupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
7 933
Read events
6 828
Write events
1 063
Delete events
42

Modification events

(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser
Operation:writeName:user_id
Value:
5cb3face691c4bac8933a8d0ffbb8413
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\AVG\Browser
Operation:writeName:user_date
Value:
20250213
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Browser
Operation:writeName:machine_date
Value:
20250213
(PID) Process:(6560) avg_secure_browser_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Browser
Operation:writeName:machine_timestamp
Value:
1739474069
Executable files
171
Suspicious files
13
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\inetc.dllexecutable
MD5:650E0E39808140A1DA5ABD3D27880C7E
SHA256:AAB155DCAAAFEBE4B84A9AEEC6FFBCE9B484A99B316657EE9B7A98B346F9538B
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\Midex.dllexecutable
MD5:2597A829E06EB9616AF49FCD8052B8BD
SHA256:7359CA1BEFDB83D480FC1149AC0E8E90354B5224DB7420B14B2D96D87CD20A87
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\nsJSON.dllexecutable
MD5:F840A9DDD319EE8C3DA5190257ABDE5B
SHA256:DDB6C9F8DE72DDD589F009E732040250B2124BCA6195AA147AA7AAC43FC2C73A
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\sciterui.dllexecutable
MD5:F40C5626532C77B9B4A6BB384DB48BBE
SHA256:E6D594047DEECB0F3D49898475084D286072B6E3E4A30EB9D0D03E9B3228D60F
6560avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsp96B7.tmp\FF.places.tmp
MD5:
SHA256:
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\jsisdl.dllexecutable
MD5:5121C566AC9315A53E558BF62600F9B6
SHA256:D88E38DF30887C722FB837278EE3782914574414C741CDFD3BD6126799FA3167
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\reboot.dllexecutable
MD5:C845234DD1E1CDF6F63EC1B025B75742
SHA256:CA418CE0992368C09827A76B0CCA14070B9C518BADC95085C7D71034784FCE5E
6560avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsp96B7.tmp\nsJSON.dllexecutable
MD5:F840A9DDD319EE8C3DA5190257ABDE5B
SHA256:DDB6C9F8DE72DDD589F009E732040250B2124BCA6195AA147AA7AAC43FC2C73A
6560avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsp96B7.tmp\jsis.dllexecutable
MD5:2027121C3CDEB1A1F8A5F539D1FE2E28
SHA256:1DAE8B6DE29F2CFC0745D9F2A245B9ECB77F2B272A5B43DE1BA5971C43BF73A1
1612avg_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsg73BE.tmp\thirdparty.dllexecutable
MD5:7B4BD3B8AD6E913952F8ED1CEEF40CD4
SHA256:A49D3E455D7AECA2032C30FC099BFAD1B1424A2F55EC7BB0F6ACBBF636214754
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
32
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6560
avg_secure_browser_setup.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6560
avg_secure_browser_setup.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6560
avg_secure_browser_setup.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6560
avg_secure_browser_setup.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAQ1YD96iIrhbAWwDxU8xvw%3D
unknown
whitelisted
7136
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7136
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3836
AVGBrowserUpdate.exe
GET
200
2.19.11.100:80
http://browser-update.avg.com/browser-avg/win/x64/131.0.27894.265/AVGBrowserInstaller.exe
unknown
whitelisted
6244
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
92.123.104.44:443
Akamai International B.V.
DE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
6560
avg_secure_browser_setup.exe
104.20.86.8:443
stats.securebrowser.com
CLOUDFLARENET
unknown
204
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 51.124.78.146
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.3
  • 40.126.32.134
  • 40.126.32.133
  • 20.190.160.20
  • 20.190.160.66
  • 20.190.160.65
  • 20.190.160.131
whitelisted
ocsp.digicert.com
  • 23.54.109.203
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
stats.securebrowser.com
  • 104.20.86.8
  • 104.20.87.8
unknown
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
update.avgbrowser.com
  • 104.22.63.125
  • 104.22.62.125
  • 172.67.41.145
unknown
browser-update.avg.com
  • 2.19.11.100
  • 2.19.11.114
whitelisted

Threats

PID
Process
Class
Message
3836
AVGBrowserUpdate.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Process
Message
avg_secure_browser_setup.exe
2025-02-13T19:14:19 [libnsis] {0000064c:00000c14} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe
2025-02-13T19:14:19 [libnsis] {0000064c:00000c14} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe
2025-02-13T19:14:19 [libnsis] {0000064c:00000c14} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
avg_secure_browser_setup.exe
2025-02-13T19:14:23 [libnsis] {000019a0:000019a4} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe
2025-02-13T19:14:23 [libnsis] {000019a0:000019a4} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe
2025-02-13T19:14:23 [libnsis] {000019a0:000019a4} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
avg_secure_browser_setup.exe
2025-02-13T19:14:24 [libnsis] {000019a0:000019a4} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsp96B7.tmp\CR.History.tmp
avg_secure_browser_setup.exe
2025-02-13T19:14:24 [libnsis] {000019a0:000019a4} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 20102 AND vtime <= 20133 GROUP BY vtime
avg_secure_browser_setup.exe
2025-02-13T19:14:24 [libnsis] {000019a0:000019a4} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 20102 AND vtime <= 20133 GROUP BY vtime
avg_secure_browser_setup.exe
2025-02-13T19:14:24 [libnsis] {000019a0:000019a4} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsp96B7.tmp\CR.History.tmp
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avg_secure_browser_setup.exe