Analysis Overview
SHA256
f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646
Threat Level: Likely malicious
The file f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 13:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 13:45
Reported
2024-06-12 13:48
Platform
win10v2004-20240508-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe
"C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3416,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 13:45
Reported
2024-06-12 13:48
Platform
win7-20240611-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
Loads dropped DLL
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Volatile\InstupUpdatePending = "1" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \Registry\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Volatile | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "100" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "45" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "49" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "52" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "26" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "86" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "7" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "12" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-997.vpx" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "50" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "28" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "44" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.exe" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "54" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "59" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "66" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "5" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "57" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "62" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "55" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "66" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: sbr_x64_ais" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "9" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: instup_x64_ais-997.vpx" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "87" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instcont_x64_ais" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "93" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "79" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "18" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "4" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "97" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "16" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "30" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "46" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "95" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "81" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: sbr.exe" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "31" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "35" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "DNS resolving" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "64" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "99" | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "61" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais" | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 32 | N/A | C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe
"C:\Users\Admin\AppData\Local\Temp\f0e64826ffdc43bd3c961c86511c6588cc1d204a7390ed67739815444c1d1646.exe"
C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_fhp_dlp_006_480_a /ga_clientid:9e7135f0-0966-4364-a8de-5e728159b458 /edat_dir:C:\Windows\Temp\asw.6db26e89863f0e27
C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe
"C:\Windows\Temp\asw.e9281c4ae011d655\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.e9281c4ae011d655 /edition:1 /prod:ais /stub_context:8776907a-08cb-4584-a9dd-8d69054646a0:9897680 /guid:4398170a-0a66-4337-87cd-31b697a20507 /ga_clientid:9e7135f0-0966-4364-a8de-5e728159b458 /cookie:mmm_fhp_dlp_006_480_a /ga_clientid:9e7135f0-0966-4364-a8de-5e728159b458 /edat_dir:C:\Windows\Temp\asw.6db26e89863f0e27
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe
"C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.e9281c4ae011d655 /edition:1 /prod:ais /stub_context:8776907a-08cb-4584-a9dd-8d69054646a0:9897680 /guid:4398170a-0a66-4337-87cd-31b697a20507 /ga_clientid:9e7135f0-0966-4364-a8de-5e728159b458 /cookie:mmm_fhp_dlp_006_480_a /edat_dir:C:\Windows\Temp\asw.6db26e89863f0e27 /online_installer
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| SE | 184.31.15.81:443 | iavs9x.u.avast.com | tcp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| SE | 184.31.15.81:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | iavs9x.u.avast.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| SE | 184.31.15.81:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | y8002308.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | d3176133.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | d3176133.iavs9x.u.avast.com | udp |
| SE | 184.31.15.51:80 | r4427608.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | r4427608.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | d3176133.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | d3176133.vps18tiny.u.avcdn.net | udp |
| SE | 184.31.15.41:80 | r9319236.vps18tiny.u.avcdn.net | tcp |
| SE | 184.31.15.41:80 | r9319236.vps18tiny.u.avcdn.net | tcp |
| SE | 184.31.15.41:80 | r9319236.vps18tiny.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
Files
\Windows\Temp\asw.6db26e89863f0e27\avast_free_antivirus_setup_online_x64.exe
| MD5 | 54aaadc43b9a0a026a86db8d350a2cd3 |
| SHA1 | d1b767200495717f9abbd808c3b38079c64be877 |
| SHA256 | de1fa4badf89ecf4beedfd8f00f79e145e3f492be540e0964ef7468213a20844 |
| SHA512 | 1d75da2ad226d1a6e744854a49b05416db10d4ef68ddf0d7d2d93f01b30a28cb84ae2b1a9c9ddc1817781a98409ed9556c02822f57965ab6f8865e3c55c36f3a |
C:\Windows\Temp\asw.6db26e89863f0e27\ecoo.edat
| MD5 | 07ed55abf479d256d374f902cec50859 |
| SHA1 | 64b12046ca4237efa405b12ec54aae46107db3d2 |
| SHA256 | 22db945296999eef1084393ed04d26d2bc42679ff9d9261db1bc94a3afcab421 |
| SHA512 | b23104e352ca8096a37bee9a4c680358e005aef36c4041215a2b940a5003bb3024a05e27b2315b2f70aa5aad1c0d9919da7431e821a59162a289f4c1e8290eda |
C:\Windows\Temp\asw.e9281c4ae011d655\servers.def
| MD5 | e76e81467cf59e07920fa8350f262269 |
| SHA1 | e0ab1867d50c7d6cf2f35ca00aa94564cde1ef94 |
| SHA256 | cd4ca129df4cda34752225d61dc5b810e768bdeb60b0b8fb3fba3826820761c8 |
| SHA512 | 5b29f1f97e6ef1acc567beb1340d13a07c52d94cc6ae6284650c3e717f137af3db43b84a2904f26e772e524dc8e69cdb86eb8e98e9ec65323769171e0ee35070 |
\Windows\Temp\asw.e9281c4ae011d655\Instup.exe
| MD5 | 4aed041ad383def5407e438fd5597675 |
| SHA1 | 6a5d6ddeb83b4e6425cc77190b0539b6e5dffbc4 |
| SHA256 | 1cb887579ece5a1d11832d0543f0b02c338ac8581d54909bc641abe13e294abf |
| SHA512 | 4b2c07668565f4a01f4e7f124e1050bd12228dc2547a00add12921b2300a71588387d8c2d3c0de4303222c5ea2e65bfafe2ab342417d2c5ab8ac300c40d5c171 |
C:\Windows\Temp\asw.e9281c4ae011d655\Instup.dll
| MD5 | 3b6abc970f7227284d87acd2d95c7c5a |
| SHA1 | 02b1248aa23cb8aee91b06a9b8b044fa93b469b1 |
| SHA256 | ecf706e38e489c6840b68db5b6fdb4687a175ec6c325c8673f27f7cbf01234fa |
| SHA512 | bd06e9599fee8ac872ad6cb5e539a78137daf8b831eb7be3df8bc773d91f9eb4883d01404b7c6724997e6ec1526af213ed1988780c9e40ba98227649ee91a2b1 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | 66d2c908bfd5f6a36fed0eb0e122ded3 |
| SHA1 | 013e334624c6e404221b1ee37c3fc6159a7a82a1 |
| SHA256 | 58afdf4c61b4222dd528483bbf1670b25c227168b69c80a32ac2239e4b9ec584 |
| SHA512 | 1009e1e78f114091925fddfd5f51159bb4f7e717b834b20a463df49ec7cf546b9ef40a2295da485c9d23155da67d72a180da87e79a48a2b83bec29cebb8cc816 |
C:\Windows\Temp\asw.e9281c4ae011d655\config.def
| MD5 | da59c9092a31f572c882d563c600a34f |
| SHA1 | 0ec1cb7f7c16252d637d71e08e9363bfe96a5842 |
| SHA256 | 563c4f5827c6f7a2a52d4dfe22f03e296751b1667566fe9a5ec4a7981c0f1766 |
| SHA512 | ee9ad7259df259dd6d444b6b8b933f2c6d928a3ed1f0de42598d09fdcdb0af2ae3f64dab888d3d5f4443a8b918e596f0ee28ee874fc9dfeeac422c3a9e107924 |
C:\Windows\Temp\asw.e9281c4ae011d655\asw79419d689c81fe4e.ini
| MD5 | f0bf73e50b465135f51c3f37d8adc183 |
| SHA1 | 3868bd1872c3341534011453397a82a1b0b24f1d |
| SHA256 | 6f490ba4ab4361fd8ce6334a672816de6a7f3dc8e6b7bd923bddc9b5a3aa8007 |
| SHA512 | df5e43bfe74d54e4eb767db03a45b7e6d939b42ad89207d1d38d9f39c5a158e7e7c35e9e5c7e955805ab6afc07eeb70c00dc79cf89c1c9ec4099f704384a5c65 |
C:\Windows\Temp\asw.e9281c4ae011d655\config.def
| MD5 | 23dbd22d2f1d6fb20eb4bf5eeca2aac0 |
| SHA1 | 49a3401b21372ae4c40b5b3762c86ab507bf35b9 |
| SHA256 | 661212c83299197a8a53ca9b4e65e8cd9a8edf8cdd3f5a095b290e828533f803 |
| SHA512 | 20e8b21e90e6734fa574b64ba66d077085f1d861a55e93ad4b2fb472cd9f5298c921788203c339f2630d68e9d0044f859e9d6512f96bfde30fa195c33059a625 |
C:\Windows\Temp\asw.e9281c4ae011d655\config.ini
| MD5 | 06e337775bd1c84917f5eee4d8851c41 |
| SHA1 | b622d3fa3c357a7a773deda075d3193ec5a848fd |
| SHA256 | ca9b26f8330b289826c697ee5773511322a134517325f13a180543fffe3a36ac |
| SHA512 | 3de8268b4a1dbfeddd976d7645a584ea790472641fcb782938bbd74fb7e35437bce7eb03fbcef7bbf3ede2f9a3c990cd24c8dfbd2ad1007ee73f9b53ec3cd372 |
C:\Windows\Temp\asw.e9281c4ae011d655\HTMLayout.dll
| MD5 | 39a20f9d67d6d4bac0ff081c62b13996 |
| SHA1 | b5b6b70e943a96a8697f07759245702e026be7e7 |
| SHA256 | 825288012e4c15035b3d7fdfda396912b83992bf0683f9d2a5d55dfa1306b5a1 |
| SHA512 | 798f6616b4f07bc75c5833a906735c1cc44d2ac044ceed4119005601e6f0266327ffb4819a44bac49bc0cde8b2ac7a021d098a12da586689de1119914e2032b0 |
C:\Windows\Temp\asw.e9281c4ae011d655\servers.def.vpx
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Temp\asw.e9281c4ae011d655\servers.def.vpx
| MD5 | dc5709c442df025a33cb2ca0d22133af |
| SHA1 | 5007da1e31f4705932c1f272dd4975b14bef268d |
| SHA256 | 6530f71b39a09fec9fdf8f258a488640a2094dba5e4a32cf4aa4670fce805744 |
| SHA512 | c6938f9569e943bbc04fe39acdf8e7302b77124b7f1e2ccbb20ec01242238e81b6ab83730393fe61ce716cb1c4e7df064c65bc5ce84540371fcf6a50a615cb6b |
C:\Windows\Temp\asw.e9281c4ae011d655\prod-pgm.vpx
| MD5 | d4f72d1329501105ec7111178ac7c98f |
| SHA1 | 17bfc1e8299b43c46b18442b7e74f84953dc6193 |
| SHA256 | e2919168247b931b6f7c3274c10e4b68ea9b3a67eeab74347b2ac49bea9b0aa7 |
| SHA512 | 570ee9fb319cb6a291e57abe5cde166d74b82090f818d145d763ec05810184f4548275f2cc294c4bcf395da1cbe1d138b190292b71ea1ae836004eb391353329 |
C:\Windows\Temp\asw.e9281c4ae011d655\uat64.vpx
| MD5 | 11bb373887fe44e1edea08b70c638095 |
| SHA1 | e887149cb489a3aec8092636379ac4c64e389089 |
| SHA256 | a2f66db4a802a3aeb977d40a22e399382d8b82da216645defa5b5009602fa358 |
| SHA512 | d9933cb1b8258f13b21d3bf6a648ed81de1608663e1166a8eaf1baea60f4bc5017ac218f277beb4e65e6719ca57d2910cd6c268ee8a5f8766c13680e86fba879 |
\Windows\Temp\asw.e9281c4ae011d655\uat64.dll
| MD5 | c0719ef096798494a616f84f587282d7 |
| SHA1 | ee38158f887bc2189234330c4891f12f9d902d7a |
| SHA256 | ba4d8d0ba809d934004da646ec31a72650dc16e4288404badd761e4bed6a982a |
| SHA512 | 7b22ac9c0c2c881674333d325363aa1d378d3b3c75700a7713a7f33b6ee144c43cd209d9fe9ff31a93b329881dc14c873cb2338af4695d44724afd5ddda5d298 |
C:\Windows\Temp\asw.e9281c4ae011d655\part-setup_ais-15020997.vpx
| MD5 | 365b6ee6fbde00af486fc012251db2da |
| SHA1 | 8050ba5a9b6321f067fc694527011ba00767d4a2 |
| SHA256 | 01fbb98a20ed29cd83e42351aa1fc361d4513b9ade8d71f62383bc76d5f86830 |
| SHA512 | 949b877dc558a9215369fddce4bbeb3c0fbec09c1b92717a8d027001337743e300a1089ff46f3b49a33f4d6b4e7bb5a2d4cb6ea96c9114e308833c7e15d8b261 |
C:\Windows\Temp\asw.e9281c4ae011d655\prod-vps.vpx
| MD5 | 0066d9b938e4d92eed90d515c0da993f |
| SHA1 | 60f4f31c64671349b100505428a618c9a9033820 |
| SHA256 | bc659320e0681b00d3b5700251822db8e60e17daeeaae4b6cad83421aaf14209 |
| SHA512 | d28022752f3fe222d24eb30beb89dbecd25db7100dc362f79463afc45ace1166074ebca1a4c0931b457e1f5643a9644e268c1f0a65109a291ba3eb003f464e62 |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\aswf6c789ad5e247f35.tmp
| MD5 | ef035189604e7f5d68a62827b985ccbb |
| SHA1 | c094c6eef2640a71aee9f4b27123c2080d38136f |
| SHA256 | 64fd38d5697a9119cebc8fd5710a452645a09d076a4b2863a4383f94d3496740 |
| SHA512 | 32f2af9929598b5eaee6de3a95f755da27622c3a791e43dfde41c470dfb278b843e67327e0d0d2f7b49b61b94dc8e4a1e9eadd3a91664ff339d03448d0c881c9 |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\asw7decbc9181c541cc.tmp
| MD5 | 700b6740e6bfa7729f146572d8455348 |
| SHA1 | 19d80fb0251f417283ed36fc20c43079b3f6fbb8 |
| SHA256 | d3c0ba08fda4ed42c1389f6e34061b030b2b1017395308aac1d5b25eb3ad1f0e |
| SHA512 | 7786b63b8fc9c10030b5bca591378b13d05aeeac36072f52ddf24ce46cb12cfab88d9358000b15afdef0c59dbbe5fa22411b354fd0e24f3b1a3098eab3d79b65 |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\aswb8117280870a2509.tmp
| MD5 | b216fc28400c184a5108c0228fba86bc |
| SHA1 | 5d82203153963ebede19585b0054de8221c60509 |
| SHA256 | 7827bda61139b0758c125de5f31e38025ed650be86bb8997dce8c013ec89e5bd |
| SHA512 | 6af7877e46e820dcc5fe67ce94393575d0d4b39d0421679b34bc25e8a62254a3dbce29f9de69d2fa4506235748dd919a91c875c90ef950c9d3a6939bff7b3294 |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\asw26a0e5814712597a.tmp
| MD5 | 9ee6528abdad768fbfa28bd1bb80ebe9 |
| SHA1 | f5582697e068ba1d56825fc32bd5ab1a71bd4d38 |
| SHA256 | 61a7bff3d789aa29add514052a0ff1703079ce427705ead5ce7dd98a0df9ecd4 |
| SHA512 | de22b846a13390eda5940c7f7de7ed63af22b16b4add149363d3f3d1c4cad4c2bb99b6ecb9fcab08dc018d36fe4d8b457a5e7edba7a34e62e915ff6f2ecabfc9 |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\asw7e62627683ce8955.tmp
| MD5 | c5665f1f93d9aabbcb1dde533e2c46e6 |
| SHA1 | 732389de20c600d0222d61b4ee74b0be6412a45b |
| SHA256 | adf4276ef7f276d2178b85790a178c4e903d9776c0eb18dfe4c89a481694dc8a |
| SHA512 | 51a148db86a97fc13aa8db21540f8200dc2e9e325c7d2014cf55074d3ad6ce25d25a798551e3f0bb1e546a9f9536db512cbc9b14b51680d87848747a1fc465a0 |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\asw1f8ded3a3964b9b6.tmp
| MD5 | 13e9fbb02cb7497562b59a9ef8f1ee92 |
| SHA1 | 047936e9296e77939b5b23c1a2af3056eaa2ae99 |
| SHA256 | 40fdd6306bbd29d680af6e6931751b3a9a133d7786d9409a47b6f115b968565a |
| SHA512 | 0d5c6d3f2465fd9d1af19c1a02c4f4a3bedb02f0e049e97166ed100964ff1ff1be28ed02542a90c4ad3e1041bb3f3cf8b65d561c6ebc41fce1f935f277d606ba |
C:\Windows\Temp\asw.e9281c4ae011d655\New_15020997\asw309e31df16718181.tmp
| MD5 | d9be57d4e1a25264b8317278f8b93396 |
| SHA1 | d3c98696582fed570f38ae45bf22b8197253b325 |
| SHA256 | a90e4ffa0fcd535733b6306d701cbb975245b8253df54b277970d8b8c1cf09c3 |
| SHA512 | 2f13454c7e4360326f1dc417ad24e2d095b7178d89791f5b436d134c2fe26724bc48d6de1291208800b7c93dfe7082e8300b2d545c5db3e2590603dd3f8a5697 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | e0ad0ecf5cededca1f1975c5872b1d1f |
| SHA1 | 9c58216628d315cd6a4f9e4eb107d09416b369af |
| SHA256 | 8612501ad84b284d0ec8c5332f9d63e9abb4ba406f3d1687c7eba3d244f5bae0 |
| SHA512 | 6a27d04e686f60ada976e49883dd546446b25942c3b77e26f1961c07662cd0d97e9b96ddffbd8f6007d46c504284580ea856b88dea1e95e04a2e291900ee19f4 |
C:\Windows\Temp\asw.e9281c4ae011d655\part-prg_ais-15020997.vpx
| MD5 | b898fa20bf9b0321b50a8d4946aae799 |
| SHA1 | 4e173a99dc9a9ef507112857525ad53991f4d2a0 |
| SHA256 | 6a2b3de2d13269bc9b3d68b7fbffd9edcfa94dea83ffd3d5f7a03f05bda09a6c |
| SHA512 | c34e5b9f04c2322ec0ce24f582be148554ebff9aee8b312ba272b94b54f077370d345ec24d284ea66db67bd7104b343fa9c2646100d64d3b6361ab7ffe7e2810 |
C:\Windows\Temp\asw.e9281c4ae011d655\setup.def
| MD5 | be793535c4acf02d4ad13b20d0c84deb |
| SHA1 | 65dd6b4891a75848042c10057808535298cee3e1 |
| SHA256 | 31f9f4cfff1900e8a4ece24ddb5da2736409779b970e29e4bf9fe00b985c65cd |
| SHA512 | 7f6c482103757d353b6cc50ccd6c618454f653d3e7eeef743e0bc74cae71c72f56ee0f1213deeeb4ad6e1cce244d7d017044e928c80a507de343cacd89238f62 |
C:\Windows\Temp\asw.e9281c4ae011d655\prod-vps.vpx
| MD5 | 51f6fac2009104d5f762fa96da0fb4df |
| SHA1 | 9798fc1805d71b77a6b8eec1ba8002cb12a462f8 |
| SHA256 | 5dc789130f9ceaa92c2530ade945ef95804f0f9519e4ecbabec0ab104b882ab7 |
| SHA512 | 2768756909dec027ea777aa95af5c2e2263814fafda58e029205cc879182128c16598b338d2e4dc0c3b80f72c9588954ed2be8fce513fbebcfd4092122c5f955 |
C:\Windows\Temp\asw.e9281c4ae011d655\part-jrog2-91.vpx
| MD5 | 50ed7b55b37c13655e12a753c7081199 |
| SHA1 | 990c0910191de72e53b0e3426d2f06c7124425a6 |
| SHA256 | 1b4d2809f2cdc781612b674461640b101b049b4a7df6d7be5b67e6c80909e55e |
| SHA512 | 67a9fc1a3feb3b47790c81aa4afb976ccf439f5c55384d0bc592776aabe4de797381aec3b8060f81fbbaa9b47004a0b1e219d2abe034f9ac496208a816a815c9 |
C:\Windows\Temp\asw.e9281c4ae011d655\part-vps_windows-24061201.vpx
| MD5 | 102a394e8bfebe0fb42bb05e59f7ecf1 |
| SHA1 | cc47fb78c38667e008ee4ed04da6c7b28f461f3d |
| SHA256 | 2e14f2273e3ce235b3ba2b387c0894c9d1a081a7527387ff717c28677389cac3 |
| SHA512 | 6419d924e80435a7063559f7753ab940aeaebdb279672654dd885c3ab0c211e80d59f63b237a3417ddf0dcbd8b836fc2c75350fbc9fef68599803ffba8174500 |
C:\Windows\Temp\asw.e9281c4ae011d655\asw82fe4ab504ed78fe.ini
| MD5 | b3a7f1048786a1afbc40dd1282730854 |
| SHA1 | f4beec793e6bdc81fa127521462496908bcf200f |
| SHA256 | fc278133237f88fc1352e4975399c1fa7fe67020178c07a7052bb42e5c3b8e87 |
| SHA512 | da9e5649a04709aadf48b44972d01aeb29b32339f51643386de5d35e3668b4110faa648237a82bb47558829dc3c17054ae62b10f1d4f467a960c7faec8a95ecf |
C:\Windows\Temp\asw.e9281c4ae011d655\asw82fe4ab504ed78fe.ini
| MD5 | 13706c607bc0829a66e4b4c80fdc9807 |
| SHA1 | 2e1753d2198d0fce91e38ac53df40ddeef2eb50e |
| SHA256 | 8d150eff7a78713e4857c91c2fb74f6895bb5a8437f945bbdac12253a1e4d934 |
| SHA512 | 8fa5620de3ed30dac39c9b42fafa7ed8ee2f27fbcc5f2db86162d644c3956f54736b93aebe1844beaf5f82f9e60ce4253381a780c330693dea313ca42ca8a2f7 |
C:\Windows\Temp\asw.e9281c4ae011d655\config.def
| MD5 | 55cf0786700f1e20245c4d07b0b577d7 |
| SHA1 | 2b826676cb1f9c0264092ef6406a2568b0728b6e |
| SHA256 | 498514bc2674201d572e1ecdea4d36a69cd4a812a789c5249c19260ca21af621 |
| SHA512 | e35d49a38905b99c847fc8bcf9a440cdd313893067e474b70991986ab4d18a0302a58a0ba3c3c8e2989ea0ccf88c63e08fd8951987443a34d009e16a390498ac |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
| MD5 | 0e615d5cbfaf4cf3bd279448af37243c |
| SHA1 | 5b94a8ee3adee6de0c8bdb6164a56befd9f8b23b |
| SHA256 | dfdef26d17595a0af5d2c6491f894d353904324b6fd95e9438287931c01818fd |
| SHA512 | 08ee098cd9a19b148096b706c7714087bb0ee311c933456005bc246a710dd3bdc75d9e8eed153ea4ea1d587f8044a53ed7a7c90f364fa87879941918d7785a7c |