File name:

MDE_File_Sample_dd86f9d881a4247c5f8beaf49199fbedb50bfc49 (1).zip

Full analysis: https://app.any.run/tasks/6e6018eb-ab96-4adf-b639-2fac36bb3661
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 30, 2025, 19:18:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
stealer
antivm
evasion
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

9B493F10784A9A83F4D64008E2B10B8E

SHA1:

BFB7995B470C78E8645BB036787AB28C3EA9EA09

SHA256:

C51A3CA3E927CDC5FA50BEDCB87D34375D1469CCC76A3753F4F6457439D90604

SSDEEP:

98304:l/zER7t6ERHd2MNjF6bAmK2L45fyA8pUv045HpdW7ulpelQPWsFso0e63jbSH2As:JVqeugc6hqQ/dQQWaenHXW9unkqpM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been detected (SURICATA)

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)

    • Registers / Runs the DLL via REGSVR32.EXE

      • uninstall.exe (PID: 1092)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)

    • Actions looks like stealing of personal data

      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowser.exe (PID: 7720)

    • Changes the autorun value in the registry

      • setup.exe (PID: 7608)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)

    • Steals credentials from Web Browsers

      • AvastBrowser.exe (PID: 7240)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • uninstall.exe (PID: 1092)

    • The process creates files with name similar to system file names

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • uninstall.exe (PID: 1092)

    • Executable content was dropped or overwritten

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • avast_secure_browser_setup.exe (PID: 1292)
      • uninstall.exe (PID: 1092)
      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)
      • setup.exe (PID: 7608)
      • AvastBrowserInstaller.exe (PID: 7908)
      • AvastBrowserInstaller.exe (PID: 5908)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • icarus.exe (PID: 6664)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 8896)
      • engsup.exe (PID: 9024)

    • Reads security settings of Internet Explorer

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 4784)
      • setup.exe (PID: 7608)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowserProtect.exe (PID: 2904)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7240)
      • chrmstp.exe (PID: 8632)

    • Application launched itself

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • setup.exe (PID: 7608)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 3404)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 8704)
      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7240)
      • chrmstp.exe (PID: 1152)
      • AvastBrowser.exe (PID: 796)
      • chrmstp.exe (PID: 8632)

    • Access to an unwanted program domain was detected

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)

    • There is functionality for taking screenshot (YARA)

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • avast_secure_browser_setup.exe (PID: 1292)
      • AvastBrowserInstaller.exe (PID: 5908)

    • The process verifies whether the antivirus software is installed

      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 4784)
      • AvastBrowserUpdate.exe (PID: 2548)
      • AvastBrowserUpdate.exe (PID: 1160)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 6052)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7736)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7720)
      • AvastBrowserUpdate.exe (PID: 6208)
      • AvastBrowserUpdate.exe (PID: 3296)
      • AvastBrowserUpdate.exe (PID: 6632)
      • AvastBrowserInstaller.exe (PID: 7908)
      • setup.exe (PID: 7600)
      • setup.exe (PID: 7608)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • vps_helper.exe (PID: 1252)
      • AvastBrowserCrashHandler.exe (PID: 8052)
      • AvastBrowserCrashHandler64.exe (PID: 8068)
      • AvastBrowser.exe (PID: 2336)
      • icarus.exe (PID: 6664)
      • AvastBrowser.exe (PID: 7272)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 7236)
      • elevation_service.exe (PID: 7348)
      • AvastBrowser.exe (PID: 1172)
      • AvastBrowser.exe (PID: 7300)
      • AvastBrowser.exe (PID: 7768)
      • AvastBrowser.exe (PID: 7204)
      • AvastBrowser.exe (PID: 7680)
      • AvastBrowser.exe (PID: 7724)
      • AvastBrowser.exe (PID: 7720)
      • elevation_service.exe (PID: 1236)
      • AvastBrowser.exe (PID: 8004)
      • AvastBrowser.exe (PID: 4616)
      • AvastBrowser.exe (PID: 2688)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 4572)
      • AvastBrowser.exe (PID: 2612)
      • AvastBrowser.exe (PID: 5576)
      • elevation_service.exe (PID: 1464)
      • AvastBrowser.exe (PID: 1276)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 8032)
      • AvastBrowser.exe (PID: 7660)
      • AvastBrowser.exe (PID: 1416)
      • AvastBrowser.exe (PID: 3532)
      • AvastBrowser.exe (PID: 6676)
      • AvastBrowser.exe (PID: 1092)
      • AvastBrowser.exe (PID: 6952)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 480)
      • AvastBrowser.exe (PID: 4080)
      • AvastBrowser.exe (PID: 1784)
      • AvastBrowser.exe (PID: 4724)
      • AvastBrowser.exe (PID: 3300)
      • AvastBrowser.exe (PID: 5348)
      • AvastBrowser.exe (PID: 7984)
      • AvastBrowser.exe (PID: 2904)
      • AvastBrowser.exe (PID: 2308)
      • AvastBrowser.exe (PID: 4560)
      • AvastBrowser.exe (PID: 7200)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 7592)
      • AvastBrowser.exe (PID: 356)
      • AvastBrowser.exe (PID: 4784)
      • AvastBrowser.exe (PID: 7928)
      • AvastBrowser.exe (PID: 592)
      • AvastBrowser.exe (PID: 6980)
      • AvastBrowser.exe (PID: 4624)
      • AvastBrowser.exe (PID: 5348)
      • AvastBrowserProtect.exe (PID: 2904)
      • AvastBrowser.exe (PID: 8056)
      • AvastBrowser.exe (PID: 5192)
      • AvastBrowser.exe (PID: 2976)
      • AvastBrowser.exe (PID: 5776)
      • AvastBrowser.exe (PID: 3404)
      • AvastBrowser.exe (PID: 5268)
      • AvastBrowser.exe (PID: 4808)
      • AvastBrowser.exe (PID: 5404)
      • AvastBrowser.exe (PID: 5184)
      • AvastBrowser.exe (PID: 6632)
      • AvastBrowser.exe (PID: 8032)
      • AvastBrowser.exe (PID: 1500)
      • AvastBrowser.exe (PID: 3336)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 1928)
      • AvastBrowser.exe (PID: 1924)
      • AvastBrowser.exe (PID: 8008)
      • AvastBrowser.exe (PID: 7276)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7832)
      • AvastBrowser.exe (PID: 5320)
      • AvastBrowser.exe (PID: 7768)
      • AvastBrowser.exe (PID: 7984)
      • elevation_service.exe (PID: 7968)
      • AvastBrowser.exe (PID: 2376)
      • AvastBrowser.exe (PID: 7604)
      • AvastBrowser.exe (PID: 6740)
      • AvastBrowser.exe (PID: 4760)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 8696)
      • AvastBrowser.exe (PID: 8736)
      • AvastBrowser.exe (PID: 8704)
      • AvastBrowser.exe (PID: 7804)
      • engsup.exe (PID: 9024)
      • AvastBrowser.exe (PID: 8848)
      • AvastBrowser.exe (PID: 8896)
      • AvastBrowser.exe (PID: 9172)
      • AvastBrowser.exe (PID: 9188)
      • AvastBrowser.exe (PID: 8532)
      • AvastBrowser.exe (PID: 9180)
      • setup.exe (PID: 8240)
      • AvastBrowser.exe (PID: 8244)
      • AvastBrowser.exe (PID: 7208)
      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 8868)
      • AvastBrowser.exe (PID: 8860)
      • AvastBrowser.exe (PID: 8940)
      • elevation_service.exe (PID: 8864)
      • AvastBrowser.exe (PID: 4056)
      • AvastBrowser.exe (PID: 2916)
      • AvastBrowser.exe (PID: 8160)
      • AvastBrowser.exe (PID: 7844)
      • AvastBrowser.exe (PID: 8964)
      • AvastBrowser.exe (PID: 3052)
      • AvastBrowser.exe (PID: 6128)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 564)
      • AvastBrowser.exe (PID: 8424)
      • AvastBrowser.exe (PID: 8560)
      • AvastBrowser.exe (PID: 8468)
      • AvastBrowser.exe (PID: 8372)
      • chrmstp.exe (PID: 7788)
      • AvastBrowser.exe (PID: 7836)
      • chrmstp.exe (PID: 8632)
      • AvastBrowser.exe (PID: 6756)
      • chrmstp.exe (PID: 1152)
      • AvastBrowser.exe (PID: 3272)
      • AvastBrowser.exe (PID: 1252)
      • AvastBrowser.exe (PID: 796)
      • chrmstp.exe (PID: 584)

    • Disables SEHOP

      • AvastBrowserUpdate.exe (PID: 4784)

    • Starts itself from another location

      • AvastBrowserUpdate.exe (PID: 4784)
      • icarus.exe (PID: 6664)

    • Creates/Modifies COM task schedule object

      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7720)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 6052)
      • AvastBrowserUpdate.exe (PID: 1160)
      • AvastBrowserUpdate.exe (PID: 4784)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7736)
      • regsvr32.exe (PID: 5628)

    • Non windows owned service launched

      • AvastBrowserUpdate.exe (PID: 6632)
      • elevation_service.exe (PID: 7348)
      • elevation_service.exe (PID: 1236)
      • elevation_service.exe (PID: 1464)
      • elevation_service.exe (PID: 7968)
      • elevation_service.exe (PID: 8864)

    • Executes as Windows Service

      • AvastBrowserUpdate.exe (PID: 6632)
      • elevation_service.exe (PID: 7348)
      • elevation_service.exe (PID: 1236)
      • elevation_service.exe (PID: 1464)
      • elevation_service.exe (PID: 7968)
      • elevation_service.exe (PID: 8864)

    • Potential Corporate Privacy Violation

      • AvastBrowserUpdate.exe (PID: 6632)

    • There is functionality for VM detection VirtualBox (YARA)

      • AvastBrowserInstaller.exe (PID: 5908)

    • There is functionality for VM detection antiVM strings (YARA)

      • AvastBrowserInstaller.exe (PID: 5908)

    • There is functionality for VM detection VMWare (YARA)

      • AvastBrowserInstaller.exe (PID: 5908)

    • Reads the date of Windows installation

      • setup.exe (PID: 7608)
      • SystemSettings.exe (PID: 7420)
      • AvastBrowser.exe (PID: 8244)
      • AvastBrowser.exe (PID: 7836)
      • AvastBrowser.exe (PID: 6756)
      • chrmstp.exe (PID: 8632)

    • Searches for installed software

      • setup.exe (PID: 7608)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)
      • icarus.exe (PID: 6664)
      • icarus.exe (PID: 6504)
      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7240)
      • chrmstp.exe (PID: 1152)
      • chrmstp.exe (PID: 8632)

    • Reads the BIOS version

      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7240)

    • Process drops legitimate windows executable

      • engsup.exe (PID: 9024)

    • Connects to unusual port

      • AvastBrowser.exe (PID: 7276)
      • AvastBrowser.exe (PID: 2612)
      • AvastBrowser.exe (PID: 8860)

    • The process drops C-runtime libraries

      • engsup.exe (PID: 9024)

    • Likely accesses (executes) a file from the Public directory

      • AvastBrowser.exe (PID: 7836)

    • Checks for external IP

      • AvastBrowser.exe (PID: 8860)

    • Reads Mozilla Firefox installation path

      • AvastBrowser.exe (PID: 7240)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 7468)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • avast_secure_browser_setup.exe (PID: 1292)
      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)
      • setup.exe (PID: 7608)
      • AvastBrowserInstaller.exe (PID: 7908)
      • icarus.exe (PID: 6664)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 8896)
      • engsup.exe (PID: 9024)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7468)

    • Manual execution by a user

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)

    • Checks supported languages

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • avast_secure_browser_setup.exe (PID: 1292)
      • uninstall.exe (PID: 1092)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)
      • AvastBrowserUpdate.exe (PID: 2548)
      • AvastBrowserUpdate.exe (PID: 1160)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7720)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 6052)
      • AvastBrowserUpdate.exe (PID: 6208)
      • AvastBrowserUpdateComRegisterShell64.exe (PID: 7736)
      • AvastBrowserUpdate.exe (PID: 6632)
      • AvastBrowserInstaller.exe (PID: 7908)
      • AvastBrowserUpdate.exe (PID: 3296)
      • setup.exe (PID: 7608)
      • setup.exe (PID: 7600)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • vps_helper.exe (PID: 1252)
      • AvastBrowserCrashHandler64.exe (PID: 8068)
      • AvastBrowserCrashHandler.exe (PID: 8052)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7272)
      • icarus.exe (PID: 6664)
      • AvastBrowser.exe (PID: 7236)
      • AvastBrowser.exe (PID: 1172)
      • elevation_service.exe (PID: 7348)
      • AvastBrowser.exe (PID: 7300)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 7768)
      • AvastBrowser.exe (PID: 7720)
      • AvastBrowser.exe (PID: 7204)
      • AvastBrowser.exe (PID: 7724)
      • AvastBrowser.exe (PID: 8004)
      • AvastBrowser.exe (PID: 4616)
      • AvastBrowser.exe (PID: 7680)
      • elevation_service.exe (PID: 1236)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 2688)
      • AvastBrowser.exe (PID: 2612)
      • AvastBrowser.exe (PID: 4572)
      • elevation_service.exe (PID: 1464)
      • AvastBrowser.exe (PID: 5576)
      • AvastBrowser.exe (PID: 1276)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 8032)
      • AvastBrowser.exe (PID: 7660)
      • AvastBrowser.exe (PID: 1416)
      • AvastBrowser.exe (PID: 3532)
      • AvastBrowser.exe (PID: 6676)
      • AvastBrowser.exe (PID: 1092)
      • AvastBrowser.exe (PID: 6952)
      • AvastBrowser.exe (PID: 480)
      • AvastBrowser.exe (PID: 4080)
      • AvastBrowser.exe (PID: 1784)
      • AvastBrowser.exe (PID: 4724)
      • AvastBrowser.exe (PID: 3300)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 5348)
      • AvastBrowser.exe (PID: 2904)
      • AvastBrowser.exe (PID: 4560)
      • AvastBrowser.exe (PID: 2308)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 4624)
      • AvastBrowser.exe (PID: 7592)
      • AvastBrowser.exe (PID: 7984)
      • AvastBrowser.exe (PID: 356)
      • AvastBrowser.exe (PID: 7200)
      • AvastBrowser.exe (PID: 4784)
      • AvastBrowser.exe (PID: 3404)
      • AvastBrowser.exe (PID: 6980)
      • AvastBrowser.exe (PID: 7928)
      • AvastBrowser.exe (PID: 592)
      • AvastBrowser.exe (PID: 5348)
      • AvastBrowser.exe (PID: 5268)
      • AvastBrowserProtect.exe (PID: 2904)
      • AvastBrowser.exe (PID: 5776)
      • AvastBrowser.exe (PID: 4808)
      • AvastBrowser.exe (PID: 8056)
      • AvastBrowser.exe (PID: 5404)
      • AvastBrowser.exe (PID: 5184)
      • AvastBrowser.exe (PID: 6632)
      • AvastBrowser.exe (PID: 2976)
      • AvastBrowser.exe (PID: 5192)
      • AvastBrowser.exe (PID: 8032)
      • AvastBrowser.exe (PID: 1500)
      • AvastBrowser.exe (PID: 3336)
      • AvastBrowser.exe (PID: 1928)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 1924)
      • AvastBrowser.exe (PID: 8008)
      • elevation_service.exe (PID: 7968)
      • AvastBrowser.exe (PID: 7984)
      • AvastBrowser.exe (PID: 7276)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7832)
      • AvastBrowser.exe (PID: 6740)
      • AvastBrowser.exe (PID: 5320)
      • AvastBrowser.exe (PID: 7768)
      • AvastBrowser.exe (PID: 7604)
      • AvastBrowser.exe (PID: 2376)
      • SystemSettings.exe (PID: 7420)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 4760)
      • AvastBrowser.exe (PID: 8736)
      • AvastBrowser.exe (PID: 8696)
      • AvastBrowser.exe (PID: 8704)
      • AvastBrowser.exe (PID: 7804)
      • AvastBrowser.exe (PID: 8896)
      • engsup.exe (PID: 9024)
      • AvastBrowser.exe (PID: 8848)
      • AvastBrowser.exe (PID: 9180)
      • AvastBrowser.exe (PID: 8532)
      • AvastBrowser.exe (PID: 9172)
      • AvastBrowser.exe (PID: 9188)
      • setup.exe (PID: 8240)
      • AvastBrowser.exe (PID: 8244)
      • AvastBrowser.exe (PID: 7208)
      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 8868)
      • AvastBrowser.exe (PID: 8860)
      • elevation_service.exe (PID: 8864)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 8940)
      • AvastBrowser.exe (PID: 2916)
      • AvastBrowser.exe (PID: 4056)
      • AvastBrowser.exe (PID: 7844)
      • AvastBrowser.exe (PID: 3052)
      • AvastBrowser.exe (PID: 6128)
      • AvastBrowser.exe (PID: 8160)
      • AvastBrowser.exe (PID: 564)
      • AvastBrowser.exe (PID: 8964)
      • AvastBrowser.exe (PID: 8424)
      • AvastBrowser.exe (PID: 8560)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 8468)
      • AvastBrowser.exe (PID: 8372)
      • chrmstp.exe (PID: 1152)
      • chrmstp.exe (PID: 7788)
      • chrmstp.exe (PID: 8632)
      • AvastBrowser.exe (PID: 6756)
      • AvastBrowser.exe (PID: 7836)
      • chrmstp.exe (PID: 584)
      • AvastBrowser.exe (PID: 1252)
      • AvastBrowser.exe (PID: 796)
      • AvastBrowser.exe (PID: 3272)

    • Reads the computer name

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • uninstall.exe (PID: 1092)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 4784)
      • AvastBrowserUpdate.exe (PID: 2548)
      • AvastBrowserUpdate.exe (PID: 1160)
      • AvastBrowserUpdate.exe (PID: 6208)
      • AvastBrowserUpdate.exe (PID: 3296)
      • AvastBrowserInstaller.exe (PID: 7908)
      • AvastBrowserUpdate.exe (PID: 6632)
      • setup.exe (PID: 7608)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • vps_helper.exe (PID: 1252)
      • AvastBrowser.exe (PID: 2336)
      • icarus.exe (PID: 6664)
      • elevation_service.exe (PID: 7348)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 7236)
      • AvastBrowser.exe (PID: 1172)
      • elevation_service.exe (PID: 1236)
      • AvastBrowser.exe (PID: 7720)
      • AvastBrowser.exe (PID: 7920)
      • elevation_service.exe (PID: 1464)
      • AvastBrowser.exe (PID: 4572)
      • AvastBrowser.exe (PID: 2612)
      • AvastBrowser.exe (PID: 3404)
      • AvastBrowserProtect.exe (PID: 2904)
      • AvastBrowser.exe (PID: 6980)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7276)
      • AvastBrowser.exe (PID: 7984)
      • elevation_service.exe (PID: 7968)
      • SystemSettings.exe (PID: 7420)
      • AvastBrowser.exe (PID: 8704)
      • AvastBrowser.exe (PID: 8696)
      • AvastBrowser.exe (PID: 9172)
      • AvastBrowser.exe (PID: 9180)
      • AvastBrowser.exe (PID: 8244)
      • AvastBrowser.exe (PID: 7240)
      • setup.exe (PID: 7884)
      • elevation_service.exe (PID: 8864)
      • AvastBrowser.exe (PID: 8860)
      • AvastBrowser.exe (PID: 8868)
      • AvastBrowser.exe (PID: 7836)
      • chrmstp.exe (PID: 1152)
      • AvastBrowser.exe (PID: 6756)
      • chrmstp.exe (PID: 8632)
      • AvastBrowser.exe (PID: 796)
      • AvastBrowser.exe (PID: 3272)

    • Create files in a temporary directory

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • avast_secure_browser_setup.exe (PID: 1292)
      • uninstall.exe (PID: 1092)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 6632)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7240)

    • Process checks computer location settings

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 4784)
      • setup.exe (PID: 7608)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7768)
      • AvastBrowser.exe (PID: 7680)
      • AvastBrowser.exe (PID: 7724)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 1276)
      • AvastBrowser.exe (PID: 4724)
      • AvastBrowser.exe (PID: 1784)
      • AvastBrowser.exe (PID: 1092)
      • AvastBrowser.exe (PID: 5192)
      • AvastBrowser.exe (PID: 6632)
      • AvastBrowser.exe (PID: 3336)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 1928)
      • AvastBrowser.exe (PID: 1500)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 5320)
      • AvastBrowser.exe (PID: 6740)
      • AvastBrowser.exe (PID: 7924)
      • AvastBrowser.exe (PID: 7604)
      • AvastBrowser.exe (PID: 2376)
      • AvastBrowser.exe (PID: 7768)
      • AvastBrowser.exe (PID: 4760)
      • AvastBrowser.exe (PID: 7804)
      • AvastBrowser.exe (PID: 8532)
      • AvastBrowser.exe (PID: 8244)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 2916)
      • AvastBrowser.exe (PID: 7844)
      • AvastBrowser.exe (PID: 8964)
      • AvastBrowser.exe (PID: 564)
      • AvastBrowser.exe (PID: 8160)
      • AvastBrowser.exe (PID: 6128)
      • AvastBrowser.exe (PID: 4056)
      • AvastBrowser.exe (PID: 3052)
      • AvastBrowser.exe (PID: 8424)
      • AvastBrowser.exe (PID: 8560)
      • AvastBrowser.exe (PID: 7836)
      • AvastBrowser.exe (PID: 2628)
      • AvastBrowser.exe (PID: 8468)
      • AvastBrowser.exe (PID: 6756)

    • FileZilla executable

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 8152)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)

    • Checks proxy server information

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 6208)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowserProtect.exe (PID: 2904)
      • AvastBrowser.exe (PID: 6272)
      • slui.exe (PID: 7840)
      • AvastBrowser.exe (PID: 7240)

    • Reads the machine GUID from the registry

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 4784)
      • AvastBrowserUpdate.exe (PID: 6632)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • icarus.exe (PID: 6664)
      • AvastBrowser.exe (PID: 2336)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)
      • SystemSettings.exe (PID: 7420)
      • AvastBrowser.exe (PID: 7240)

    • Reads the software policy settings

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowserUpdate.exe (PID: 6208)
      • AvastBrowserUpdate.exe (PID: 6632)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • SystemSettings.exe (PID: 7420)
      • slui.exe (PID: 7840)

    • Creates files or folders in the user directory

      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • AvastBrowserInstaller.exe (PID: 5908)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 1172)
      • AvastBrowser.exe (PID: 2688)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 2612)
      • AvastBrowser.exe (PID: 3404)
      • AvastBrowser.exe (PID: 8008)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7276)
      • AvastBrowser.exe (PID: 8704)
      • setup.exe (PID: 7884)
      • AvastBrowser.exe (PID: 7240)
      • AvastBrowser.exe (PID: 7208)
      • AvastBrowser.exe (PID: 8860)
      • chrmstp.exe (PID: 8632)
      • AvastBrowser.exe (PID: 796)

    • Creates files in the program directory

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • filezilla_3.69.3_win64_sponsored2-setup.exe (PID: 7284)
      • AvastBrowserUpdate.exe (PID: 4784)
      • AvastBrowserUpdate.exe (PID: 6632)
      • AvastBrowserInstaller.exe (PID: 7908)
      • setup.exe (PID: 7608)
      • micro_av_vps_online_setup.exe (PID: 7780)
      • AvastBrowserInstaller.exe (PID: 5908)
      • icarus.exe (PID: 6664)
      • icarus.exe (PID: 6504)
      • engsup.exe (PID: 9024)
      • setup.exe (PID: 7884)

    • The sample compiled with german language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with czech language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with french language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with arabic language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with bulgarian language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with Indonesian language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with Italian language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with polish language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with korean language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with japanese language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with swedish language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with portuguese language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with russian language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with slovak language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with chinese language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • The sample compiled with turkish language support

      • AvastBrowserUpdateSetup.exe (PID: 7200)
      • AvastBrowserUpdate.exe (PID: 4784)

    • Launching a file from a Registry key

      • setup.exe (PID: 7608)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)

    • Creates a software uninstall entry

      • setup.exe (PID: 7608)
      • AvastBrowserInstaller.exe (PID: 5908)
      • elevation_service.exe (PID: 7348)
      • elevation_service.exe (PID: 1464)
      • elevation_service.exe (PID: 7968)
      • elevation_service.exe (PID: 8864)

    • Reads CPU info

      • icarus.exe (PID: 6664)
      • icarus.exe (PID: 6504)
      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)
      • engsup.exe (PID: 9024)
      • AvastBrowser.exe (PID: 7240)

    • Reads Environment values

      • AvastBrowser.exe (PID: 2336)
      • AvastBrowser.exe (PID: 7920)
      • AvastBrowser.exe (PID: 6272)
      • AvastBrowser.exe (PID: 7240)

    • Reads Microsoft Office registry keys

      • SystemSettings.exe (PID: 7420)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2025:10:30 19:17:58
ZipCRC: 0xc8851c58
ZipCompressedSize: 12853751
ZipUncompressedSize: 12879984
ZipFileName: filezilla_3.69.3_win64_sponsored2-setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
299
Monitored processes
151
Malicious processes
16
Suspicious processes
17

Behavior graph

Click at the process to see the details
start winrar.exe filezilla_3.69.3_win64_sponsored2-setup.exe #ADWARE filezilla_3.69.3_win64_sponsored2-setup.exe avast_secure_browser_setup.exe avastbrowserinstaller.exe uninstall.exe regsvr32.exe no specs avastbrowserupdatesetup.exe avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdatecomregistershell64.exe no specs avastbrowserupdate.exe avastbrowserupdate.exe no specs avastbrowserupdate.exe avastbrowserinstaller.exe setup.exe setup.exe no specs slui.exe micro_av_vps_online_setup.exe vps_helper.exe no specs avastbrowsercrashhandler.exe no specs avastbrowsercrashhandler64.exe no specs avastbrowser.exe avastbrowser.exe icarus.exe icarus.exe avastbrowser.exe no specs avastbrowser.exe elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs regsvr32.exe no specs avastbrowser.exe no specs avastbrowser.exe elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowserprotect.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs systemsettings.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe engsup.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs setup.exe no specs setup.exe no specs avastbrowser.exe no specs avastbrowser.exe avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe elevation_service.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs chrmstp.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs avastbrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
356"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --metrics-shmem-handle=5132,i,485453656665921113,11132018944783920047,524288 --field-trial-handle=2040,i,18230097179296502973,7971421985929460757,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\140.0.32350.210\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
480"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --force-high-res-timeticks=disabled --metrics-shmem-handle=4272,i,14570089293854178238,16864930380533086552,524288 --field-trial-handle=2040,i,18230097179296502973,7971421985929460757,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\140.0.32350.210\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
564"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=11 --metrics-shmem-handle=4332,i,16300895682622542697,1203814545158570952,2097152 --field-trial-handle=2092,i,2395096226475523364,6633902010923846672,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:2C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\140.0.32350.210\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
584"C:\Program Files\AVAST Software\Browser\Application\140.0.32350.210\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=140.0.32350.210 --initial-client-data=0x2a0,0x2a4,0x2a8,0x278,0x2ac,0x7ff617410748,0x7ff617410754,0x7ff617410760C:\Program Files\AVAST Software\Browser\Application\140.0.32350.210\Installer\chrmstp.exechrmstp.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Secure Browser Installer
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\140.0.32350.210\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
592"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --force-high-res-timeticks=disabled --metrics-shmem-handle=5136,i,6900834460746310897,539924031921695447,524288 --field-trial-handle=2040,i,18230097179296502973,7971421985929460757,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Secure Browser
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\140.0.32350.210\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
796"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --enable-protectC:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Secure Browser
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\140.0.32350.210\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1092"C:\Program Files\FileZilla FTP Client\uninstall.exe" /frominstall /keepstartmenudir _?=C:\Program Files\FileZilla FTP ClientC:\Program Files\FileZilla FTP Client\uninstall.exe
filezilla_3.69.3_win64_sponsored2-setup.exe
User:
admin
Company:
Tim Kosse
Integrity Level:
HIGH
Description:
FileZilla FTP Client
Exit code:
0
Version:
3.65.0
Modules
Images
c:\program files\filezilla ftp client\uninstall.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1092"C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=13 --metrics-shmem-handle=4444,i,9679012776630501953,11109190998409807524,2097152 --field-trial-handle=2040,i,18230097179296502973,7971421985929460757,262144 --variations-seed-version --mojo-platform-channel-handle=4596 /prefetch:2C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
Avast Secure Browser
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\avastbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\browser\application\140.0.32350.210\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1152"C:\Program Files\AVAST Software\Browser\Application\140.0.32350.210\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settingsC:\Program Files\AVAST Software\Browser\Application\140.0.32350.210\Installer\chrmstp.exeAvastBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
Avast Secure Browser Installer
Exit code:
0
Version:
140.0.32350.210
Modules
Images
c:\program files\avast software\browser\application\140.0.32350.210\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
1160"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regserverC:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeAvastBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
Avast Browser
Exit code:
0
Version:
1.8.1995.6
Modules
Images
c:\program files (x86)\avast software\browser\update\avastbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
43 323
Read events
41 994
Write events
1 218
Delete events
111

Modification events

(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MDE_File_Sample_dd86f9d881a4247c5f8beaf49199fbedb50bfc49 (1).zip
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7468) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
412
Suspicious files
2 270
Text files
1 489
Unknown types
16

Dropped files

PID
Process
Filename
Type
7284filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\AvastImage[1].bmpimage
MD5:1D3412FB6A97AF76D06C5A3A8155325B
SHA256:018BDCA28E7DA0D2B7CF8FFFE5833355D6BC653DAF4D5821C78AB68B1639CB9E
8152filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsw7D4.tmp\UserInfo.dllexecutable
MD5:E6F30908ABFC6F53B7C3C36DAEC4586D
SHA256:E0DC3112796DBAA37F25AB54B7FAC2FBF791CBC6E36A84FC61C6423B84A3677B
7284filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsmA06.tmp\System.dllbinary
MD5:9B38A1B07A0EBC5C7E59E63346ECC2DB
SHA256:C881253DAFCF1322A771139B1A429EC1E78C507CA81A218A20DC1A4B25ABBFE7
7468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb7468.6216\filezilla_3.69.3_win64_sponsored2-setup.exeexecutable
MD5:B50441B16022E354DDE581F26FB16D86
SHA256:9D4427F0840B8C3A0426AAEC545F2EFB3C8E8F2D5D7DB9A0CDC48E34B4097898
8152filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsw7D4.tmp\UAC.dllexecutable
MD5:ADB29E6B186DAA765DC750128649B63D
SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
7284filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsmA06.tmp\INetC.dllexecutable
MD5:640BFF73A5F8E37B202D911E4749B2E9
SHA256:C1E568E25EC111184DEB1B87CFDA4BFEC529B1ABEAB39B66539D998012F33502
1292avast_secure_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsz41A0.tmp\AvastBrowserInstaller.exeexecutable
MD5:476CA1C9CB1AD043499FE0A9368895FC
SHA256:918FC6D1CA0194DBC372FA436AD0F98657BDBDE889A4A3C9678E8D9474B78CB5
7284filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsa1FD3.tmpimage
MD5:3944AC469603D2D37D4D07D2A4461E03
SHA256:99F62EAB1E884811C056FD7441249C4D0A41B34386D8B8B03F20CA0113F9FA48
8152filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsw7D4.tmp\System.dllexecutable
MD5:9B38A1B07A0EBC5C7E59E63346ECC2DB
SHA256:C881253DAFCF1322A771139B1A429EC1E78C507CA81A218A20DC1A4B25ABBFE7
7284filezilla_3.69.3_win64_sponsored2-setup.exeC:\Users\admin\AppData\Local\Temp\nsmA06.tmp\UserInfo.dllexecutable
MD5:E6F30908ABFC6F53B7C3C36DAEC4586D
SHA256:E0DC3112796DBAA37F25AB54B7FAC2FBF791CBC6E36A84FC61C6423B84A3677B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
167
DNS requests
151
Threats
21

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3420
svchost.exe
GET
200
2.16.164.80:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4804
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
POST
200
13.226.244.16:80
http://api.playanext.com/httpapi
unknown
whitelisted
816
lsass.exe
GET
200
18.245.38.235:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
whitelisted
816
lsass.exe
GET
200
18.245.65.219:80
http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEApmLDZVoNqSy8s4lLHxtx8%3D
unknown
whitelisted
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
POST
200
13.226.244.16:80
http://api.playanext.com/httpapi
unknown
whitelisted
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
POST
200
13.226.244.16:80
http://api.playanext.com/httpapi
unknown
whitelisted
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
POST
200
13.226.244.16:80
http://api.playanext.com/httpapi
unknown
whitelisted
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
POST
200
13.226.244.16:80
http://api.playanext.com/httpapi
unknown
whitelisted
5220
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3420
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5596
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2784
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4804
svchost.exe
40.126.31.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4804
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3420
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3420
svchost.exe
2.16.164.80:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
3440
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 216.58.206.78
whitelisted
login.live.com
  • 40.126.31.130
  • 20.190.159.71
  • 40.126.31.129
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.0
  • 40.126.31.131
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 2.16.164.80
  • 2.16.164.24
  • 2.16.164.83
  • 2.16.164.18
  • 2.16.164.65
  • 2.16.164.129
  • 2.16.164.64
  • 2.16.164.89
  • 2.16.164.57
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
api.playanext.com
  • 13.226.244.16
  • 13.226.244.76
  • 13.226.244.105
  • 13.226.244.85
whitelisted
offers.playanext.com
  • 99.84.152.106
  • 99.84.152.119
  • 99.84.152.40
  • 99.84.152.82
unknown
ocsp.rootca1.amazontrust.com
  • 18.245.38.235
whitelisted
ocsp.r2m03.amazontrust.com
  • 18.245.65.219
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
7284
filezilla_3.69.3_win64_sponsored2-setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Process
Message
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:169) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:168) Jinx logging started
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:171) build date: Aug 27 2025 build number: 1766 build time: 11:24:54 build timestamp: Aug 27 2025 11:24:54 company: Gen Digital Inc. copyright: (C) 2017-2025 Gen Digital Inc. description: Secure Browser Installer file name: AvastBrowserInstaller.exe file version: 9.3.0.1766 git commit: e90ae09fb2bb01df6a16bb675ef4957cbc4e50d2 internal name: jinx-installer product name: Secure Browser Installer product version: 9.3.0.1766 target system: windows
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:167) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:190) Process owner: DESKTOP-JGLLJLD\admin (logon=true, admin=true)
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:184) Process is elevated.
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:106) Command line: "C:\Users\admin\AppData\Local\Temp\nsz41A0.tmp\AvastBrowserInstaller.exe" avast_secure_browser_setup.exe /s /run_source="avast_ads_playanext_filezilla" User dotfile was used: false Global dotfile was used: false Execution arguments: run-source : avast_ads_playanext_filezilla silent : true
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <1:Debug> (4bbd888238eee7c1\src\jinx\VmDetect.cpp:203) Starting VM Detection system
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <2:Info> (4bbd888238eee7c1\src\jinx\Logging.cpp:181) Operating system: Windows Enterprise x64 10.0.19045.4046 SP0
AvastBrowserInstaller.exe
2025-10-30T19:19:14 [installer] {00001714:000002b8} <1:Debug> (4bbd888238eee7c1\src\jinx\TagData.cpp:457) TagData: Extracting from "C:\Users\admin\AppData\Local\Temp\avast_secure_browser_setup.exe" using start marker '<##TAGDATA##>' and end marker '</##TAGDATA##>'
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MDE_File_Sample_dd86f9d881a4247c5f8beaf49199fbedb50bfc49 (1).zip