General Info

File name

avast_secure_browser_setup.exe

Full analysis
https://app.any.run/tasks/44cb8394-50c9-4e4b-84e0-1f5c4729d000
Verdict
Malicious activity
Analysis date
6/16/2019, 23:34:08
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

7556f320e0835af7110ea89f0c1439ff

SHA1

66e2b459f281c792128c9c3401215fbed376efd2

SHA256

b7288804c182f5c1e98292d2cd28320773c25d45e68fe643141726988104d49b

SSDEEP

49152:IIMYoueNvH4FJFSCALKpeiG10D46KiedX8MOEVglvQv6X2babamAMqw2sSCM6:UYcvH4F7AgeiG10DTK88gmvQiaHlqwxN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • aj47AE.exe (PID: 3344)
Loads dropped or rewritten executable
  • aj47AE.exe (PID: 3344)
  • avast_secure_browser_setup.exe (PID: 3948)
Changes settings of System certificates
  • aj47AE.exe (PID: 3344)
Executable content was dropped or overwritten
  • avast_secure_browser_setup.exe (PID: 3948)
  • aj47AE.exe (PID: 3344)
Low-level read access rights to disk partition
  • aj47AE.exe (PID: 3344)
Adds / modifies Windows certificates
  • aj47AE.exe (PID: 3344)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:08:01 02:33:59+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25600
InitializedDataSize:
141824
UninitializedDataSize:
2048
EntryPoint:
0x3489
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
6.2.0.1373
ProductVersionNumber:
6.2.0.1373
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Arabic
CharacterSet:
Windows, Arabic
BuildDate:
19700119T011535
BuildTimestamp:
1559735405
BuildVersion:
6.2.0.1373
FileDescription:
إعداد Avast Secure Browser
FileVersion:
6.2.0.1373
InstallerCommit:
b28c891c9afcd6d724c1b2b8f87e229c5faf4611
InstallerEdition:
null
InstallerKeyword:
avast-securebrowser
InternalName:
Avast Secure Browser
JsisCommit:
cdaa759d3adea0cb4de4eccd2b7c3fc5184906e7
LegalCopyright:
تعود حقوق الطبع والنشر (c) لعام 2019 إلى AVAST Software
ProductName:
إعداد Avast Secure Browser
ProductVersion:
6.2.0.1373
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
01-Aug-2017 00:33:59
Detected languages
Arabic - Saudi Arabia
Belarusian - Belarus
Bulgarian - Bulgaria
Catalan - Spain
Chinese - PRC
Chinese - Taiwan
Croatian - Croatia
Czech - Czech Republic
Danish - Denmark
Dutch - Netherlands
English - United States
Estonian - Estonia
Farsi - Iran
Finnish - Finland
French - France
German - Germany
Greek - Greece
Hebrew - Israel
Hindi - India
Hungarian - Hungary
Indonesian - Indonesia (Bahasa)
Italian - Italy
Japanese - Japan
Korean - Korea
Latvian - Latvia
Lithuanian - Lithuania
Malay - Malaysia
Norwegian - Norway (Bokmal)
Polish - Poland
Portuguese - Brazil
Portuguese - Portugal
Romanian - Romania
Russian - Russia
Serbian - Serbia (Latin)
Slovak - Slovakia
Slovenian - Slovenia
Spanish - Spain (Traditional sort)
Swedish - Sweden
Thai - Thailand
Turkish - Turkey
Ukrainian - Ukraine
Urdu - Pakistan
Vietnamese - Viet Nam
BuildDate:
19700119T011535
BuildTimestamp:
1559735405
BuildVersion:
6.2.0.1373
FileDescription:
Podešavanje programa Avast Secure Browser
FileVersion:
6.2.0.1373
InstallerCommit:
b28c891c9afcd6d724c1b2b8f87e229c5faf4611
InstallerEdition:
null
InstallerKeyword:
avast-securebrowser
InternalName:
Avast Secure Browser
JsisCommit:
cdaa759d3adea0cb4de4eccd2b7c3fc5184906e7
LegalCopyright:
(c) 2019 AVAST Software
ProductName:
Podešavanje programa Avast Secure Browser
ProductVersion:
6.2.0.1373
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
01-Aug-2017 00:33:59
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000063D1 0x00006400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.47945
.rdata 0x00008000 0x0000138E 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.14383
.data 0x0000A000 0x00020358 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.00074
.ndata 0x0002B000 0x0006B000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00096000 0x0001EFC0 0x0001F000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.42232
Resources
1

2

3

4

5

6

7

8

9

10

103

105

106

111

205

206

211

305

306

311

405

406

411

505

506

511

605

606

611

705

706

711

805

806

811

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
36
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start avast_secure_browser_setup.exe aj47ae.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3948
CMD
"C:\Users\admin\AppData\Local\Temp\avast_secure_browser_setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\avast_secure_browser_setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Avast Secure Browser Setup
Version
6.2.0.1373
Modules
Image
c:\users\admin\appdata\local\temp\avast_secure_browser_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nss45c8.tmp\jsis.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\nss45c8.tmp\system.dll
c:\users\admin\appdata\local\temp\nss45c8.tmp\nsjson.dll
c:\users\admin\appdata\local\temp\nss45c8.tmp\stack.dll
c:\users\admin\appdata\local\temp\nss45c8.tmp\ultimatesplash.dll
c:\windows\system32\winmm.dll
c:\users\admin\appdata\local\temp\nss45c8.tmp\stdutils.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll

PID
3344
CMD
"C:\Users\admin\AppData\Local\Temp\aj47AE.exe" /relaunch=9 /tagdata
Path
C:\Users\admin\AppData\Local\Temp\aj47AE.exe
Indicators
Parent process
avast_secure_browser_setup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Avast Secure Browser Setup
Version
6.2.0.1373
Modules
Image
c:\users\admin\appdata\local\temp\aj47ae.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\jsis.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\system.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\nsjson.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\stack.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\stdutils.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\midex.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\avastplugins.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msftedit.dll
c:\users\admin\appdata\local\temp\nsq4bc4.tmp\nsresize.dll

Registry activity

Total events
770
Read events
733
Write events
37
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3948
avast_secure_browser_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3948
avast_secure_browser_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser
installer_run_count
1
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser
machine_id
c4d7f90e0a504a19900b00177c354536
3344
aj47AE.exe
write
HKEY_CURRENT_USER\Software\AVAST Software\Browser
user_id
52c240bd10344fe5978be49a7e8d58f5
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASAPI32
EnableFileTracing
0
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASAPI32
EnableConsoleTracing
0
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASAPI32
FileTracingMask
4294901760
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASAPI32
ConsoleTracingMask
4294901760
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASAPI32
MaxFileSize
1048576
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASAPI32
FileDirectory
%windir%\tracing
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASMANCS
EnableFileTracing
0
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASMANCS
EnableConsoleTracing
0
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASMANCS
FileTracingMask
4294901760
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASMANCS
ConsoleTracingMask
4294901760
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASMANCS
MaxFileSize
1048576
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aj47AE_RASMANCS
FileDirectory
%windir%\tracing
3344
aj47AE.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3344
aj47AE.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3344
aj47AE.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3344
aj47AE.exe
write
HKEY_CURRENT_USER\Software\AVAST Software\Browser
user_date
20190616
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser
machine_date
20190616
3344
aj47AE.exe
write
HKEY_CURRENT_USER\Software\AVAST Software\Browser
user_timestamp
1560720871
3344
aj47AE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser
machine_timestamp
1560720871

Files activity

Executable files
34
Suspicious files
0
Text files
18
Unknown types
0

Dropped files

PID
Process
Filename
Type
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\jsis.dll
executable
MD5: 1f6fbf3c06d462b50f7b894ff6767acd
SHA256: a0040fa4ae75e1b0859bcdd35318715d52d4e44acd5b26f57561dca5e0af19cc
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\ultimateSplash.dll
executable
MD5: d9225d857ce2b1589105e8070ec40b44
SHA256: 4c47f5b7df8e99f35694d551c0eb44031552ce3e38fae7c03d2e75928454b196
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsisdl.dll
executable
MD5: 386892b74d74a8d4a1f66f2e7c9a8ef4
SHA256: c4543d72451eb9d85f2dd5a39098f0c23d63b75e02f3176d3896c8a70856e21a
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\AvastPlugins.dll
executable
MD5: 75aecd16ed7817e0e317cde60d4338bd
SHA256: 8ed38dd69c909378beee8b26259a93c6012fc219e4402507a1c8bc78ea56d367
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\reboot.dll
executable
MD5: 839700ce5f47b6c8e0af16898836ba7e
SHA256: 0fa3efe6028c73cf71932ddee655a8cdaeddbadfc9f9f77b34f51833182a4ad4
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\Midex.dll
executable
MD5: 1b6b78d51fd7b1256edf2ec74e02958a
SHA256: b5770e0607ec55584cad9dff7b7dfa0699e089507573cca4ec1a7d9985aa02a8
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis.dll
executable
MD5: 1f6fbf3c06d462b50f7b894ff6767acd
SHA256: a0040fa4ae75e1b0859bcdd35318715d52d4e44acd5b26f57561dca5e0af19cc
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\nsProcess.dll
executable
MD5: f0438a894f3a7e01a4aae8d1b5dd0289
SHA256: 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\NotifyIcon.dll
executable
MD5: 1fed4d775bfb4a51d38698e6ec3747fe
SHA256: 26479d3fad510626d333ffbcfb036e2f184ae8d70ab4216b2f91784c14aeba92
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\StdUtils.dll
executable
MD5: d5254c62af8ed3eeed9d4823a11149e7
SHA256: 977ffed6800a7891cf9457a263b4df995771a89e2297fc0f2036e1298f2601e1
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\inetc.dll
executable
MD5: 0964862bcaabb25318775699be65fca3
SHA256: 6d2ac8a854622537d2e260a63bed4f30e6d23b8396d9561a77563db9cef5ab51
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\StdUtils.dll
executable
MD5: d5254c62af8ed3eeed9d4823a11149e7
SHA256: 977ffed6800a7891cf9457a263b4df995771a89e2297fc0f2036e1298f2601e1
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\AvastPlugins.dll
executable
MD5: 75aecd16ed7817e0e317cde60d4338bd
SHA256: 8ed38dd69c909378beee8b26259a93c6012fc219e4402507a1c8bc78ea56d367
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\nsJSON.dll
executable
MD5: eeb23a2fac131cf05267636848d3b861
SHA256: 396f06c4130889aea9b6fda1654bd4c66cc943c296054e3b359ff02321fd6162
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\nsResize.dll
executable
MD5: a8655e0ca9e079edc631838273afc087
SHA256: eeb2705599c3075e652762e74c88d3cb482e01ad8cae65f02022f91aebf13cb5
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\Midex.dll
executable
MD5: 1b6b78d51fd7b1256edf2ec74e02958a
SHA256: b5770e0607ec55584cad9dff7b7dfa0699e089507573cca4ec1a7d9985aa02a8
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\nsResize.dll
executable
MD5: a8655e0ca9e079edc631838273afc087
SHA256: eeb2705599c3075e652762e74c88d3cb482e01ad8cae65f02022f91aebf13cb5
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\stack.dll
executable
MD5: e53bdae0bf539264dab742f04ba0884e
SHA256: 2c83553a77dabb11d13079a43d4b825e156ea47bc77c2952b9b885091755e01e
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\ultimateSplash.dll
executable
MD5: d9225d857ce2b1589105e8070ec40b44
SHA256: 4c47f5b7df8e99f35694d551c0eb44031552ce3e38fae7c03d2e75928454b196
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\metered.dll
executable
MD5: 11a130233da463fb9f1ed94b3ef839ba
SHA256: 6f4360d97e2bc6b45f9e30b42a815f1132fbf608d102ea5fa301aa9c74b7ddd2
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\AccessControl.dll
executable
MD5: 9e7d36edcc188e166dee9552017ac94f
SHA256: d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\nsDialogs.dll
executable
MD5: d2e45dd852a659e11897df573832f381
SHA256: 86c8ee210e6611383a634dcb8c60455063ddae3d7adccbeacf3adf7bf2a46676
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\System.dll
executable
MD5: 9625d5b1754bc4ff29281d415d27a0fd
SHA256: c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\stack.dll
executable
MD5: e53bdae0bf539264dab742f04ba0884e
SHA256: 2c83553a77dabb11d13079a43d4b825e156ea47bc77c2952b9b885091755e01e
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\aj47AE.exe
executable
MD5: 8be72c4e8f205a238edc032742778f48
SHA256: 7d7061163c512154af23357a0c42726dcfdf6705f191878428398896aa2fda20
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\System.dll
executable
MD5: 9625d5b1754bc4ff29281d415d27a0fd
SHA256: c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\AccessControl.dll
executable
MD5: 9e7d36edcc188e166dee9552017ac94f
SHA256: d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\nsJSON.dll
executable
MD5: eeb23a2fac131cf05267636848d3b861
SHA256: 396f06c4130889aea9b6fda1654bd4c66cc943c296054e3b359ff02321fd6162
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\jsisdl.dll
executable
MD5: 386892b74d74a8d4a1f66f2e7c9a8ef4
SHA256: c4543d72451eb9d85f2dd5a39098f0c23d63b75e02f3176d3896c8a70856e21a
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\NotifyIcon.dll
executable
MD5: 1fed4d775bfb4a51d38698e6ec3747fe
SHA256: 26479d3fad510626d333ffbcfb036e2f184ae8d70ab4216b2f91784c14aeba92
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\reboot.dll
executable
MD5: 839700ce5f47b6c8e0af16898836ba7e
SHA256: 0fa3efe6028c73cf71932ddee655a8cdaeddbadfc9f9f77b34f51833182a4ad4
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\inetc.dll
executable
MD5: 0964862bcaabb25318775699be65fca3
SHA256: 6d2ac8a854622537d2e260a63bed4f30e6d23b8396d9561a77563db9cef5ab51
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\metered.dll
executable
MD5: 11a130233da463fb9f1ed94b3ef839ba
SHA256: 6f4360d97e2bc6b45f9e30b42a815f1132fbf608d102ea5fa301aa9c74b7ddd2
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\nsProcess.dll
executable
MD5: f0438a894f3a7e01a4aae8d1b5dd0289
SHA256: 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\CR.History.tmp
––
MD5:  ––
SHA256:  ––
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\logo-125.bmp
image
MD5: aef64bb1eaa566f1fbbc04fedd2fe97b
SHA256: 77bad91fd31028660c407a71af325327677a8b699ccdfbfc6721f15c25b12869
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\FF.places.tmp
––
MD5:  ––
SHA256:  ––
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\avast-securebrowser--tags
text
MD5: c0d0b75a219cb90a7396c272820110d4
SHA256: 2e94f3550282ff225ffd675ea3800cd7f8f74e56fe32bc5ddf7201befe81493a
3948
avast_secure_browser_setup.exe
C:\Users\admin\AppData\Local\Temp\nss45C8.tmp\splash.gif
image
MD5: de05d59d75a8fab3a2482461fb3daffc
SHA256: a0a8aff8253361e13f2808a136eaf9b7fd9a21f2ba2f5ac979d28df911eabc79
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nss5143.tmp
text
MD5: deaca0bbc0813caedeaeeb3cd7ce6afe
SHA256: f7d3e470dfe22a57d7605f2b812043fb641db6e954d15635debc8e2fb15108e1
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\remoteResponse.json
––
MD5:  ––
SHA256:  ––
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\modern-header.bmp
image
MD5: 8cc11db2f371eb69adb24e3ceb81c612
SHA256: f951423f1eb25af8b2c64ee6d142a0a3c9a729fb83cd25b392a2998cb91a631b
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\page_icon-100.bmp
image
MD5: 1a38bca1d484e48d800d249eb2671b74
SHA256: add8c77cc743b6bc6eb3b173f50773c02300bddc12d0c45e9ff21a160a664002
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\page_icon-125.bmp
image
MD5: ca3c089214906c02f1bd3683e43754d6
SHA256: 3db48a675fab72c00748994c3cbdd1b6d72b8303a0fd83cf1192e34d2cbabc5a
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\logo-175.bmp
image
MD5: 583bd474090e34243bda21d9983c1111
SHA256: 6acc6c84bf833e4cf2b3157cdedece77f62f2c4e4a5689de9f85f15f51d5997e
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\logo-150.bmp
image
MD5: eb537a541239dcb9b24ed56a1ee990d3
SHA256: ac85d3a49b94e3cb6e61858ab8d7a09235d62bf59ec80ad9b99dbe111ae5a9f0
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\page_icon-175.bmp
image
MD5: 3fc57933cd190c59a5097922002327c9
SHA256: d9dbad9e91bdd188aaca75981fa14543ad22db15071b1a0369372ef83b7a5777
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\page_icon-150.bmp
image
MD5: 75d50fd93fb3700afa148388f769cf05
SHA256: 735f3be3085771fa3813e94a1e3996376acac1e1c91559f7441aaea9755e4514
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\logo-100.bmp
image
MD5: f1950526a9f0be2b7863bedc80c69866
SHA256: 9ffa147a88a0224613ec8c8be881118aa36b1ea06b9de580c27424a6b9a1ffa8
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\page_icon-200.bmp
image
MD5: 8f872ec3afcdb186d33bc132508a57b9
SHA256: ff155d64a416e67804cfd1804e59208a1cf3c17394d81b06bce5aace0d064531
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\icon.ico
image
MD5: 1183899ed9fc440b9ccf67845e985470
SHA256: 39170a7c9ad23edf5f946012490c1be5ed2a1897b8090313a1987bf3cec2914e
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\szb_icon.bmp
image
MD5: a581f7a28e163f3b87430b69967bee3d
SHA256: 580729addbadef5a961aafb7cac7a5eebfd112adc6811079df2594172abb4ce7
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\button.bmp
image
MD5: b9d5f344087c8be09fd9dcbd7e747a52
SHA256: 70351cd8ea78df913299100cc2d909c68e80edc8cd20aaff4e3d8f6a5cd60364
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\jsis_{FED220A5-7C0F-4CA2-8431-D33ED88225A6}\logo-200.bmp
image
MD5: a4d42c25bff9677f22550b2de4d1c212
SHA256: 3541f3f24c8cce87dd49327327e5b37719abe91c30dbe7ad10916183b10d4ecf
3344
aj47AE.exe
C:\Users\admin\AppData\Local\Temp\nsq4BC4.tmp\nsh5C7F.tmp
text
MD5: a4ccedb5f3836cdfe780b652fe7f55e1
SHA256: c6e84291dccd23bc08e1b781ee4473cd8c1c2baa85308424a1bf1f3b7d64483d

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
–– –– 54.84.70.87:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
beta-stats.avastbrowser.com 54.84.70.87
3.214.197.253
unknown

Threats

No threats detected.

Debug output strings

No debug info.