Analysis Overview
SHA256
cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db
Threat Level: Likely malicious
The file cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Checks for any installed AV software in registry
Unsigned PE
System Location Discovery: System Language Discovery
Embeds OpenSSL
Modifies system certificate store
Suspicious use of WriteProcessMemory
Modifies registry class
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 14:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 14:06
Reported
2024-10-31 14:09
Platform
win7-20241023-en
Max time kernel
141s
Max time network
132s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
Loads dropped DLL
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \Registry\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \Registry\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "76" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "42" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "68" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "75" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "73" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "28" | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "25" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "92" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "1" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "41" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "72" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "10" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "17" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "0" | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "99" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "91" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "27" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "72" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "4" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "100" | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "2" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "93" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "47" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "4" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "46" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "99" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "32" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "58" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "59" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "51" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "73" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: instup_x64_ais-997.vpx" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "77" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "83" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "91" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "55" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Replacing files" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "29" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-997.vpx" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-997.vpx" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "48" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "28" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "18" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "53" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "74" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "50" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "28" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "97" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: offertool_x64_ais-997.vpx" | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c543604000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 32 | N/A | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe
"C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe"
C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_998_999_000_m:dlid_FAV-ONLINE-HP /ga_clientid:fb5ba342-0447-4764-8b27-9edf30cc4939 /edat_dir:C:\Windows\Temp\asw.5f3b1ba922b2db93
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.83c2d23f0d7a4ab1 /edition:1 /prod:ais /stub_context:fa1b1898-e085-49ec-90fb-cedbd656d264:11072232 /guid:dcf5f137-b89c-4812-9ded-9d915ee581a2 /ga_clientid:fb5ba342-0447-4764-8b27-9edf30cc4939 /no_delayed_installation /cookie:mmm_ava_998_999_000_m:dlid_FAV-ONLINE-HP /ga_clientid:fb5ba342-0447-4764-8b27-9edf30cc4939 /edat_dir:C:\Windows\Temp\asw.5f3b1ba922b2db93
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.83c2d23f0d7a4ab1 /edition:1 /prod:ais /stub_context:fa1b1898-e085-49ec-90fb-cedbd656d264:11072232 /guid:dcf5f137-b89c-4812-9ded-9d915ee581a2 /ga_clientid:fb5ba342-0447-4764-8b27-9edf30cc4939 /no_delayed_installation /cookie:mmm_ava_998_999_000_m:dlid_FAV-ONLINE-HP /edat_dir:C:\Windows\Temp\asw.5f3b1ba922b2db93 /online_installer
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe" -checkGToolbar -elevated
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe" /check_secure_browser
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe" -checkChrome -elevated
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFA
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFA
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFA
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFA
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe
"C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\aswOfferTool.exe" -checkChrome -elevated
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avcdn.net | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| GB | 172.217.169.78:80 | www.google-analytics.com | tcp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.102:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | iavs9x.u.avcdn.net | udp |
| GB | 2.20.12.102:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.102:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.102:80 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| GB | 172.217.169.78:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | w5805295.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | h4444966.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4444966.iavs9x.u.avast.com | udp |
| GB | 2.20.12.98:80 | w5805295.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.98:80 | w5805295.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | h4305360.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | h4305360.vps18.u.avcdn.net | udp |
| GB | 2.20.12.97:80 | h4305360.vps18.u.avcdn.net | tcp |
| GB | 2.20.12.97:80 | h4305360.vps18.u.avcdn.net | tcp |
| GB | 2.20.12.97:80 | h4305360.vps18.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | alpha-license-dealer.ff.avast.com | udp |
| DE | 34.159.85.52:443 | alpha-license-dealer.ff.avast.com | tcp |
| US | 8.8.8.8:53 | alpha-iqs.ff.avast.com | udp |
| BE | 34.76.203.183:443 | alpha-iqs.ff.avast.com | tcp |
| BE | 34.76.203.183:443 | alpha-iqs.ff.avast.com | tcp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ipm-provider.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipm-provider.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipm-provider.ff.avast.com | udp |
| US | 34.111.24.1:443 | ipm-provider.ff.avast.com | tcp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| GB | 184.26.189.54:443 | ipmcdn.avast.com | tcp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB389.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
\Windows\Temp\asw.5f3b1ba922b2db93\avast_free_antivirus_setup_online_x64.exe
| MD5 | 285b70b3ac1698009e386ece00acee56 |
| SHA1 | dda4d5748970490ca1100d7e076045b3648008a3 |
| SHA256 | df8b438844b84bae4a78bd4a593fd28be2fd58a0fd431e4b942661eea9476dc0 |
| SHA512 | 5c4a1819cd444d576e81fa10a686dabce9e66fae197aa1668cc2d394289a2722eeed7f88f5d3b80b2c9526ede50cb03deba999ecbaeb30e212c91e84b540580f |
C:\Windows\Temp\asw.5f3b1ba922b2db93\ecoo.edat
| MD5 | 0c3fb92e76191db5caf5b0b3faa37ce5 |
| SHA1 | c3def7847d3ee4a5f6f6977d0b1b95aa2ef3ded9 |
| SHA256 | c0b918fff0c176e58cb694ad6b830eddb0f987f3558583fc339b49681d5d3b46 |
| SHA512 | 0d5935e4883ed4ad612c130e5542ff45e81431c2a52dbdb2319469b84927963f1cb138c612ed73e584f2222c4e53a5fc0ec29da8d5cbcd261bbf789356ab0e66 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\servers.def
| MD5 | b1960612149e68ce8d6f4827c5b39073 |
| SHA1 | 6259a3ebd659bb63ec59fab4c8e1aa79092692a4 |
| SHA256 | 847bd020bc930856d25c54d5fa03278b0e6b2434f2560f3c6b7c000332012173 |
| SHA512 | 81d2737ca459d8fb3aab6dede1c666efdb6c3a851f1018a8b2d5166060de05fff7abb8eaa9e24ee441137033bd0574ce107ef9d3abd93ddde4b86cda76625423 |
\Windows\Temp\asw.83c2d23f0d7a4ab1\Instup.exe
| MD5 | 6179a6bcb9d35753d2deb3c1594a9bad |
| SHA1 | d114563b01f474084efd2c4f7edef133cdc1018f |
| SHA256 | 0f1d9af4f5eee63bf1959ec61e459f9f304c77ba3af29cbd640910661ecbe2d2 |
| SHA512 | 2cd159f3de29a011d4b6c807e87c3b404e311f39d015b5760febab1f480cca9bb8472ec53e912d526eaba65f58659acea1530923caa6c2baa60cfd9f98786f69 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\Instup.dll
| MD5 | 0d09efc988c41b14c4fd0bd9c1457b87 |
| SHA1 | 7c8bb0b4760edfc009e8b122124aa2b70e1da93a |
| SHA256 | 49ae4e9a468593038c1ab7fd6f988ddc0eace7e8c3c407c53b130e2eba1506fb |
| SHA512 | b54c3ab104ce574690155d672146be30a1ae45abec71ddaad81ba16f9435f76deb4daccab628b006cbde0e9c9a85b99a3b8a33ad4dd3ebdc05a2dbb963062993 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | 3557f3a00ab5e0f7eb7d4e0caa5576c0 |
| SHA1 | d4960d16350ac8becbb6cb9d0cc3752bd828a511 |
| SHA256 | 5670445d39f304013f4c4e885aedf91927ad87d60fed18e101ff14d76b7e2c28 |
| SHA512 | decd075153afc00c2f7c706bfd17ca831e064161f0aad6ad8ad72056666167a7647d4fcfb8c5afd966224bcfcf04caf5da4fe12de015e25259aa42477d2f48ca |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\config.def
| MD5 | 5a0f70dfbf66819ca9c50d6ac6f3702a |
| SHA1 | ab4d2eac9985dba69422cf8cd6bc36846eda1855 |
| SHA256 | 31acc29e2df1d0841bbe81db1c28e145d44aa5805c3fd3a1615b6768a08514c2 |
| SHA512 | 13b24f45680e1607dc6fd2560b697918d11c4d8fec1ef561961e5846887f37623470782e36daa16005bf52142de3bd2ff15860c015a798e4729d6625c335c0ad |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\config.def
| MD5 | bba0ccf7de498eb42cec81d162c3d7e4 |
| SHA1 | 1d91872dde9781fbe7fc2492615df8f7c592d8f5 |
| SHA256 | 30d04a63e4a0f2b63b3f7b68a8336384b4b154cef135b6065edd3568ea81fce1 |
| SHA512 | 2fc4a1ea285d430fb59520c5e354eb5e6db37889a6b880a705602912f70e6e96c00d95932c59c8ec0c4377d346305ca8e409a4b629ab2e4e4505ec85aa1bdc7b |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\HTMLayout.dll
| MD5 | b0e91293160024bfc0302bbdadd0bb9c |
| SHA1 | 005fbe3c47213d4b791c05f2a8a6932dc70357e9 |
| SHA256 | 3db7c1fc402a689bb160ed2d0bc12edb6765307c725ad02e7b27510008b4f8ca |
| SHA512 | f7239b26fedc2a90c2b267467781ff26512890b879772bcc0809409a368fefd74a8930d8d4958559381dd57f7bdc769668c5ec638b5ad82e4a20a1e0217e9304 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\servers.def.vpx
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\servers.def.vpx
| MD5 | eab5eaa228b24e2a0c3313fc200caa97 |
| SHA1 | 407dd379fd78df5b31585931fc567a1f9a3da40c |
| SHA256 | 5d784971dcc44fd271dccb4351ebabb16b3170ff680ccfa64dc848a4125651fa |
| SHA512 | 126b2bf2a5fe7a4d78eb766f95e4e7fc15095876ffc25f0955f1d073f351281b3d7a8f1cc3c8b8cfad7157e705a0d8019b28a82ce72c15f02cd31029b801bb0a |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\uat64.vpx
| MD5 | 63e7a59b7d1f9405ba1a0e685ca98af7 |
| SHA1 | c90d503b31b8027a0fbbe1f0008021e27ce42609 |
| SHA256 | 03cee410775634e7570b80077ca95e47cbafbdf982c19ac2e222726d28b9a584 |
| SHA512 | 9b70322f966accc16435bd3869106be18ac7e21962846938e64c7001c663cbd1ea7a7662e0d85af97af05820192ceb0bb01d65cff3d7bbe8467b873a872d644f |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\prod-pgm.vpx
| MD5 | db09685c045dc0df0552427c752a1aa7 |
| SHA1 | eb0e8e1e9839e7517efb7fedfa7edabc5d57587a |
| SHA256 | 9219680462bef7060264ac63d21f3332daf0fca5090cae295427710895be0002 |
| SHA512 | d0b4b1c23557aa18a5ca9299c7269cd2221ec8b155b9ec9c045f6ddb612f1979a9d3e78ae395dc6e515338ee8bdf13225a1cafc903bc800a22b9b9e3489a462b |
\Windows\Temp\asw.83c2d23f0d7a4ab1\uat64.dll
| MD5 | b49ac1e7007e1e445c45fc906e96687e |
| SHA1 | b33adeb3d8ad516a3fe826cc3f48f9c6e67030cb |
| SHA256 | da17cf39c773ab3048e767aff993458e284837287e8c4af0d139ad71f3459ff8 |
| SHA512 | e3ef8ef9423552281dc12e25eeef69b954e50bc844442d7e0de9c7e066c53e62dc84a43e44428caff1e18b06470c17d25e65825c07f5f85535d97ace23f05ba2 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\part-setup_ais-15020997.vpx
| MD5 | 365b6ee6fbde00af486fc012251db2da |
| SHA1 | 8050ba5a9b6321f067fc694527011ba00767d4a2 |
| SHA256 | 01fbb98a20ed29cd83e42351aa1fc361d4513b9ade8d71f62383bc76d5f86830 |
| SHA512 | 949b877dc558a9215369fddce4bbeb3c0fbec09c1b92717a8d027001337743e300a1089ff46f3b49a33f4d6b4e7bb5a2d4cb6ea96c9114e308833c7e15d8b261 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\prod-vps.vpx
| MD5 | 8499e8596ec1c873e132662092da0a85 |
| SHA1 | dd27c53c9fb86cbcc367182fccf8bd0af6ebb763 |
| SHA256 | 26d22504cae4bb0e7de6e10317a97aa4be15a0a3fa9bf2d735d89213696e0712 |
| SHA512 | f06bcf0f8239a15c78b8113d27c60b32bcdc1be25d913ef3356ca5a58349e12b14b6673838e83972d81e90e338d948781626d5ff6db3a6fea303b8aead98824d |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw5922e718182ea3c1.tmp
| MD5 | ef035189604e7f5d68a62827b985ccbb |
| SHA1 | c094c6eef2640a71aee9f4b27123c2080d38136f |
| SHA256 | 64fd38d5697a9119cebc8fd5710a452645a09d076a4b2863a4383f94d3496740 |
| SHA512 | 32f2af9929598b5eaee6de3a95f755da27622c3a791e43dfde41c470dfb278b843e67327e0d0d2f7b49b61b94dc8e4a1e9eadd3a91664ff339d03448d0c881c9 |
\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw6d284b8c3b0c86c9.tmp
| MD5 | 700b6740e6bfa7729f146572d8455348 |
| SHA1 | 19d80fb0251f417283ed36fc20c43079b3f6fbb8 |
| SHA256 | d3c0ba08fda4ed42c1389f6e34061b030b2b1017395308aac1d5b25eb3ad1f0e |
| SHA512 | 7786b63b8fc9c10030b5bca591378b13d05aeeac36072f52ddf24ce46cb12cfab88d9358000b15afdef0c59dbbe5fa22411b354fd0e24f3b1a3098eab3d79b65 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw65a77a99f2ccf184.tmp
| MD5 | b216fc28400c184a5108c0228fba86bc |
| SHA1 | 5d82203153963ebede19585b0054de8221c60509 |
| SHA256 | 7827bda61139b0758c125de5f31e38025ed650be86bb8997dce8c013ec89e5bd |
| SHA512 | 6af7877e46e820dcc5fe67ce94393575d0d4b39d0421679b34bc25e8a62254a3dbce29f9de69d2fa4506235748dd919a91c875c90ef950c9d3a6939bff7b3294 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw46763ea0c873b956.tmp
| MD5 | 9ee6528abdad768fbfa28bd1bb80ebe9 |
| SHA1 | f5582697e068ba1d56825fc32bd5ab1a71bd4d38 |
| SHA256 | 61a7bff3d789aa29add514052a0ff1703079ce427705ead5ce7dd98a0df9ecd4 |
| SHA512 | de22b846a13390eda5940c7f7de7ed63af22b16b4add149363d3f3d1c4cad4c2bb99b6ecb9fcab08dc018d36fe4d8b457a5e7edba7a34e62e915ff6f2ecabfc9 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw5e8c469a025a795d.tmp
| MD5 | c5665f1f93d9aabbcb1dde533e2c46e6 |
| SHA1 | 732389de20c600d0222d61b4ee74b0be6412a45b |
| SHA256 | adf4276ef7f276d2178b85790a178c4e903d9776c0eb18dfe4c89a481694dc8a |
| SHA512 | 51a148db86a97fc13aa8db21540f8200dc2e9e325c7d2014cf55074d3ad6ce25d25a798551e3f0bb1e546a9f9536db512cbc9b14b51680d87848747a1fc465a0 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw6b9f4e612652a128.tmp
| MD5 | d9be57d4e1a25264b8317278f8b93396 |
| SHA1 | d3c98696582fed570f38ae45bf22b8197253b325 |
| SHA256 | a90e4ffa0fcd535733b6306d701cbb975245b8253df54b277970d8b8c1cf09c3 |
| SHA512 | 2f13454c7e4360326f1dc417ad24e2d095b7178d89791f5b436d134c2fe26724bc48d6de1291208800b7c93dfe7082e8300b2d545c5db3e2590603dd3f8a5697 |
\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\asw0b2467ddcec09183.tmp
| MD5 | 13e9fbb02cb7497562b59a9ef8f1ee92 |
| SHA1 | 047936e9296e77939b5b23c1a2af3056eaa2ae99 |
| SHA256 | 40fdd6306bbd29d680af6e6931751b3a9a133d7786d9409a47b6f115b968565a |
| SHA512 | 0d5c6d3f2465fd9d1af19c1a02c4f4a3bedb02f0e049e97166ed100964ff1ff1be28ed02542a90c4ad3e1041bb3f3cf8b65d561c6ebc41fce1f935f277d606ba |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | a84d2fc712c28e4ce89ccfd7f4af885d |
| SHA1 | 3e97e10a0e7e9f61bd9312be6cf740d85fe9895f |
| SHA256 | 440b9adaaa3783d55d7dde92b93c4ba8682d535f66b97ce2317cd2f5c4f61a24 |
| SHA512 | 0d8c5fbfe1fb27172446b2ec17e451ec7c032daee793d5b22cb69b0b1359d534fcf900edf1f9d36d1fcd62425d16db76bdb5e48f7fe2b0ced032c407c9ef935c |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\part-prg_ais-15020997.vpx
| MD5 | b898fa20bf9b0321b50a8d4946aae799 |
| SHA1 | 4e173a99dc9a9ef507112857525ad53991f4d2a0 |
| SHA256 | 6a2b3de2d13269bc9b3d68b7fbffd9edcfa94dea83ffd3d5f7a03f05bda09a6c |
| SHA512 | c34e5b9f04c2322ec0ce24f582be148554ebff9aee8b312ba272b94b54f077370d345ec24d284ea66db67bd7104b343fa9c2646100d64d3b6361ab7ffe7e2810 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\setup.def
| MD5 | be793535c4acf02d4ad13b20d0c84deb |
| SHA1 | 65dd6b4891a75848042c10057808535298cee3e1 |
| SHA256 | 31f9f4cfff1900e8a4ece24ddb5da2736409779b970e29e4bf9fe00b985c65cd |
| SHA512 | 7f6c482103757d353b6cc50ccd6c618454f653d3e7eeef743e0bc74cae71c72f56ee0f1213deeeb4ad6e1cce244d7d017044e928c80a507de343cacd89238f62 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\prod-vps.vpx
| MD5 | fa7efdecc2537c953bb8a49f6ac54224 |
| SHA1 | 68821ae21e5c476b5f451bd5a0a6fb6650a421f1 |
| SHA256 | 16ee2337d70bd3241362fd815d6ccf948836e3c5bfa1eb7921592ac909c0cba9 |
| SHA512 | 3f4e9d2e016b3d47fa2492dd0c7788bd2d320fcc39dca850ffa94d1ceaf212573f76c3e8305817ee282811f7533284a1619987ceaaee6858c8702d5cf412f538 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\part-jrog2-1643.vpx
| MD5 | 0487afba722c75421dab5ad76c907b64 |
| SHA1 | 2af01aae124736188c6879265bc8e5b8aaf5f633 |
| SHA256 | 756380ea118c2bc721918c7fe94300032667b3f5a143b6374246e80339833019 |
| SHA512 | 23047f15ca793efd76614034455653960540b7831b726234501f8bb3d057ac48ce7fef0370cb4adbffe1f1c37d4199176a701479c8824afbe3ae55ca5714ac1d |
memory/580-333-0x000007FEF3600000-0x000007FEF492B000-memory.dmp
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\part-vps_windows-24103102.vpx
| MD5 | fbaf91e11247fcacda8bbba7e78e5aae |
| SHA1 | 88d882c06b0f3c30d69fe1aa018d921f1264a8bc |
| SHA256 | d5b2609e3056fb970c1ff0dd020add9fb95208c520058308595ea9a550f40317 |
| SHA512 | b5e647dfe1bfa9a81235ab91719548ac473b32f31a0c0515bf79191c23e35bc48d1654c31258df35150e27357f5e9f615b4c63450e77d081396a6c7425aaa99b |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\config.ini
| MD5 | 76512dd194c58c77d7d2d6d70703b4d9 |
| SHA1 | 50eb316213cc79b5d2a08e5b28ec899de68a43e3 |
| SHA256 | 61989bdc094bf380befbafb7b57d2e6e86e506ffa2b3cc69adf93c9c40d0c97d |
| SHA512 | e8a0607126462d824759da08621f49c0bb0e0958cfb67469c900154f778eef88e9c8c7868da12aaf8b86be11c49f333f5e2c2d514fa62a7b227559a310df30d6 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
| MD5 | 88a96d69b09f6e7de31876b8776ffbe7 |
| SHA1 | f253fe10026188b347ed8d32e83809fe590afc63 |
| SHA256 | 890e8e240212dc7466b360355694405a0acb240b860e9625c46e5c50d22301bc |
| SHA512 | be100bafc94341953e9ccf82fccdb3f6d2c97203b45b4541f090bf588f46d6a1ef97d3e4b8a9669cf1ad66ac094a9c906fb8ecee4f045c3fdd04dad3c82bfb46 |
C:\Windows\Temp\asw.83c2d23f0d7a4ab1\config.def
| MD5 | 0c6f9081ca534bb92af1625a9f3a085e |
| SHA1 | f92ee67b0d3a8993f5dff2f70f7fbf228471a8f7 |
| SHA256 | 59f869984f8370005bba78e7501deeb8baebf57e015d690eab8af2d9f04dc763 |
| SHA512 | 98ad5c128d6be6601efba6d03fc442575292590367f25ef604271f41e414feadd6a786564b4212b18ca006e4b1aa464f15c02c89882ab24c78f406f8b1d05303 |
\Windows\Temp\asw.83c2d23f0d7a4ab1\New_15020997\gcapi_17303836882720.dll
| MD5 | 2973af8515effd0a3bfc7a43b03b3fcc |
| SHA1 | 4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee |
| SHA256 | d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0 |
| SHA512 | b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e |
memory/580-394-0x000007FEF3220000-0x000007FEF35FA000-memory.dmp
memory/580-393-0x000007FEF3600000-0x000007FEF492B000-memory.dmp
memory/580-396-0x000007FEF3220000-0x000007FEF35FA000-memory.dmp
memory/580-395-0x000007FEF3600000-0x000007FEF492B000-memory.dmp
memory/580-405-0x000007FEF3600000-0x000007FEF492B000-memory.dmp
memory/580-407-0x000007FEF3600000-0x000007FEF492B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-31 14:06
Reported
2024-10-31 14:09
Platform
win10v2004-20241007-en
Max time kernel
134s
Max time network
145s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \Registry\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "0" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "64" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x64_ais-a4e.vpx" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "24" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "42" | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "76" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "79" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "22" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "50" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "20" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "63" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "69" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "19" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: instcont_x64_ais-a4e.vpx" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-a4e.vpx" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "14" | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instcont_x64_ais" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "37" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x64_ais" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "31" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "14" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "100" | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "57" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "8" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "51" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "71" | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "67" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions" | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "35" | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "18" | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "98" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "12" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "16" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "80" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "0" | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "26" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "36" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "39" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "86" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "28" | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94" | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 32 | N/A | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe
"C:\Users\Admin\AppData\Local\Temp\cc029d3b1ed56707aab21a94a11bedb98d905b8c80b63cc7592228672ee2c0db.exe"
C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_998_999_000_m:dlid_FAV-ONLINE-HP /ga_clientid:26de97e8-593c-4f0e-987c-3910bb0ffda4 /edat_dir:C:\Windows\Temp\asw.f1918a7871385379
C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe
"C:\Windows\Temp\asw.b1428497ccbf48a4\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b1428497ccbf48a4 /edition:1 /prod:ais /stub_context:6649afe1-717f-4057-846a-fa6c0d9b2c32:11072232 /guid:307a7d68-94b8-4726-8253-b515b245f880 /ga_clientid:26de97e8-593c-4f0e-987c-3910bb0ffda4 /no_delayed_installation /cookie:mmm_ava_998_999_000_m:dlid_FAV-ONLINE-HP /ga_clientid:26de97e8-593c-4f0e-987c-3910bb0ffda4 /edat_dir:C:\Windows\Temp\asw.f1918a7871385379
C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe
"C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.b1428497ccbf48a4 /edition:1 /prod:ais /stub_context:6649afe1-717f-4057-846a-fa6c0d9b2c32:11072232 /guid:307a7d68-94b8-4726-8253-b515b245f880 /ga_clientid:26de97e8-593c-4f0e-987c-3910bb0ffda4 /no_delayed_installation /cookie:mmm_ava_998_999_000_m:dlid_FAV-ONLINE-HP /edat_dir:C:\Windows\Temp\asw.f1918a7871385379 /online_installer
C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe" -checkGToolbar -elevated
C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe" /check_secure_browser
C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\aswOfferTool.exe" -checkChrome -elevated
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avcdn.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| GB | 172.217.169.78:80 | www.google-analytics.com | tcp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | iavs9x.u.avcdn.net | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 2.20.12.98:80 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| GB | 172.217.169.78:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r4427608.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | r4427608.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r4427608.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r4427608.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r4427608.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| GB | 2.20.12.98:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | 102.12.20.2.in-addr.arpa | udp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | g1928587.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | l4691727.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l4691727.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l7814800.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r6726306.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | t1024579.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l4691727.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l4691727.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l7814800.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r6726306.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | t1024579.iavs9x.u.avast.com | udp |
| GB | 2.20.12.98:80 | t1024579.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | c3978047.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | c3978047.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | n8283613.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | s-vps18.avcdn.net | udp |
| US | 8.8.8.8:53 | s1843811.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | t1024579.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | c3978047.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | c3978047.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | n8283613.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | s-vps18.avcdn.net | udp |
| US | 8.8.8.8:53 | s1843811.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | t1024579.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.vps18.u.avcdn.net | udp |
| GB | 2.20.12.90:80 | y8002308.vps18.u.avcdn.net | tcp |
| GB | 2.20.12.90:80 | y8002308.vps18.u.avcdn.net | tcp |
| GB | 2.20.12.90:80 | y8002308.vps18.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | 90.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.4.4:53 | v7event.stats.avast.com | udp |
| US | 8.8.4.4:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 34.111.24.1:443 | ipm.avcdn.net | tcp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| GB | 184.26.189.54:443 | ipmcdn.avast.com | tcp |
| US | 8.8.8.8:53 | 1.24.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.189.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Windows\Temp\asw.f1918a7871385379\avast_free_antivirus_setup_online_x64.exe
| MD5 | 285b70b3ac1698009e386ece00acee56 |
| SHA1 | dda4d5748970490ca1100d7e076045b3648008a3 |
| SHA256 | df8b438844b84bae4a78bd4a593fd28be2fd58a0fd431e4b942661eea9476dc0 |
| SHA512 | 5c4a1819cd444d576e81fa10a686dabce9e66fae197aa1668cc2d394289a2722eeed7f88f5d3b80b2c9526ede50cb03deba999ecbaeb30e212c91e84b540580f |
C:\Windows\Temp\asw.f1918a7871385379\ecoo.edat
| MD5 | 0c3fb92e76191db5caf5b0b3faa37ce5 |
| SHA1 | c3def7847d3ee4a5f6f6977d0b1b95aa2ef3ded9 |
| SHA256 | c0b918fff0c176e58cb694ad6b830eddb0f987f3558583fc339b49681d5d3b46 |
| SHA512 | 0d5935e4883ed4ad612c130e5542ff45e81431c2a52dbdb2319469b84927963f1cb138c612ed73e584f2222c4e53a5fc0ec29da8d5cbcd261bbf789356ab0e66 |
C:\Windows\Temp\asw.b1428497ccbf48a4\servers.def
| MD5 | b1960612149e68ce8d6f4827c5b39073 |
| SHA1 | 6259a3ebd659bb63ec59fab4c8e1aa79092692a4 |
| SHA256 | 847bd020bc930856d25c54d5fa03278b0e6b2434f2560f3c6b7c000332012173 |
| SHA512 | 81d2737ca459d8fb3aab6dede1c666efdb6c3a851f1018a8b2d5166060de05fff7abb8eaa9e24ee441137033bd0574ce107ef9d3abd93ddde4b86cda76625423 |
C:\Windows\Temp\asw.b1428497ccbf48a4\Instup.exe
| MD5 | 6179a6bcb9d35753d2deb3c1594a9bad |
| SHA1 | d114563b01f474084efd2c4f7edef133cdc1018f |
| SHA256 | 0f1d9af4f5eee63bf1959ec61e459f9f304c77ba3af29cbd640910661ecbe2d2 |
| SHA512 | 2cd159f3de29a011d4b6c807e87c3b404e311f39d015b5760febab1f480cca9bb8472ec53e912d526eaba65f58659acea1530923caa6c2baa60cfd9f98786f69 |
C:\Windows\Temp\asw.b1428497ccbf48a4\Instup.dll
| MD5 | 0d09efc988c41b14c4fd0bd9c1457b87 |
| SHA1 | 7c8bb0b4760edfc009e8b122124aa2b70e1da93a |
| SHA256 | 49ae4e9a468593038c1ab7fd6f988ddc0eace7e8c3c407c53b130e2eba1506fb |
| SHA512 | b54c3ab104ce574690155d672146be30a1ae45abec71ddaad81ba16f9435f76deb4daccab628b006cbde0e9c9a85b99a3b8a33ad4dd3ebdc05a2dbb963062993 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | ce79ab094e0bb6b0d37fcd50911820e9 |
| SHA1 | 15879f130c513200c7d8d03ea668dd483d8e0c01 |
| SHA256 | a14e9c1cf5ce52bfdf7530a52d0c22666878b3c9acef6f26e3e58b648be70dfa |
| SHA512 | 3bf24db688457613bbe5ddbb1c45384877b2739578fc6cd29127b68f9a882bb8d3e9d1125d3f2d49c1be71ed96d7afa1c6204ba7f4b931345855ef8207285816 |
C:\Windows\Temp\asw.b1428497ccbf48a4\config.def
| MD5 | 5a0f70dfbf66819ca9c50d6ac6f3702a |
| SHA1 | ab4d2eac9985dba69422cf8cd6bc36846eda1855 |
| SHA256 | 31acc29e2df1d0841bbe81db1c28e145d44aa5805c3fd3a1615b6768a08514c2 |
| SHA512 | 13b24f45680e1607dc6fd2560b697918d11c4d8fec1ef561961e5846887f37623470782e36daa16005bf52142de3bd2ff15860c015a798e4729d6625c335c0ad |
C:\Windows\Temp\asw.b1428497ccbf48a4\config.def
| MD5 | 6bb612d4b85a2bcd95c90c25d8ae0282 |
| SHA1 | 65b219604c108c704ebc393b6ddb085bbc36f62e |
| SHA256 | 36a1e5c2002398eb0f8bc2961f236d8257598e4416894e89593362da4364b213 |
| SHA512 | d4626731a1d9de5de03159b9f3380dc5c419f03129f431df42bb4e19b3cbdcdf41784e974340b014b6d832b6a0f0cf94eb285c4ebdcedb9976b33fa6d7ad5892 |
C:\Windows\Temp\asw.b1428497ccbf48a4\config.ini
| MD5 | 10c22051959a25924a421be3bd411a83 |
| SHA1 | 7b35798862a0c56908ba4c42a75ef4b765fb135f |
| SHA256 | dcbd531e80363c3c010912e28505d0c8f9779bc9c9adf24673db014d8d708ee0 |
| SHA512 | 50502ff14236a3479ecc5f078195259acb36c5ea2db7c6b8229d7e919f587551743a8b006421d3412212343cae6e414201460d678406da019616830192264de6 |
C:\Windows\Temp\asw.b1428497ccbf48a4\HTMLayout.dll
| MD5 | b0e91293160024bfc0302bbdadd0bb9c |
| SHA1 | 005fbe3c47213d4b791c05f2a8a6932dc70357e9 |
| SHA256 | 3db7c1fc402a689bb160ed2d0bc12edb6765307c725ad02e7b27510008b4f8ca |
| SHA512 | f7239b26fedc2a90c2b267467781ff26512890b879772bcc0809409a368fefd74a8930d8d4958559381dd57f7bdc769668c5ec638b5ad82e4a20a1e0217e9304 |
C:\Windows\Temp\asw.b1428497ccbf48a4\servers.def.vpx
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Temp\asw.b1428497ccbf48a4\servers.def.vpx
| MD5 | eab5eaa228b24e2a0c3313fc200caa97 |
| SHA1 | 407dd379fd78df5b31585931fc567a1f9a3da40c |
| SHA256 | 5d784971dcc44fd271dccb4351ebabb16b3170ff680ccfa64dc848a4125651fa |
| SHA512 | 126b2bf2a5fe7a4d78eb766f95e4e7fc15095876ffc25f0955f1d073f351281b3d7a8f1cc3c8b8cfad7157e705a0d8019b28a82ce72c15f02cd31029b801bb0a |
C:\Windows\Temp\asw.b1428497ccbf48a4\uat64.vpx
| MD5 | 63e7a59b7d1f9405ba1a0e685ca98af7 |
| SHA1 | c90d503b31b8027a0fbbe1f0008021e27ce42609 |
| SHA256 | 03cee410775634e7570b80077ca95e47cbafbdf982c19ac2e222726d28b9a584 |
| SHA512 | 9b70322f966accc16435bd3869106be18ac7e21962846938e64c7001c663cbd1ea7a7662e0d85af97af05820192ceb0bb01d65cff3d7bbe8467b873a872d644f |
C:\Windows\Temp\asw.b1428497ccbf48a4\prod-pgm.vpx
| MD5 | db09685c045dc0df0552427c752a1aa7 |
| SHA1 | eb0e8e1e9839e7517efb7fedfa7edabc5d57587a |
| SHA256 | 9219680462bef7060264ac63d21f3332daf0fca5090cae295427710895be0002 |
| SHA512 | d0b4b1c23557aa18a5ca9299c7269cd2221ec8b155b9ec9c045f6ddb612f1979a9d3e78ae395dc6e515338ee8bdf13225a1cafc903bc800a22b9b9e3489a462b |
C:\Windows\Temp\asw.b1428497ccbf48a4\uat64.dll
| MD5 | b49ac1e7007e1e445c45fc906e96687e |
| SHA1 | b33adeb3d8ad516a3fe826cc3f48f9c6e67030cb |
| SHA256 | da17cf39c773ab3048e767aff993458e284837287e8c4af0d139ad71f3459ff8 |
| SHA512 | e3ef8ef9423552281dc12e25eeef69b954e50bc844442d7e0de9c7e066c53e62dc84a43e44428caff1e18b06470c17d25e65825c07f5f85535d97ace23f05ba2 |
C:\Windows\Temp\asw.b1428497ccbf48a4\part-setup_ais-180a17f5.vpx
| MD5 | 9e51873b5404f36f66233ab303691c3c |
| SHA1 | 829708f060b08fac4fc0474d2eddc76ba8a0d560 |
| SHA256 | bece96f0fdacad51d9b490a4ecf7e129ef8feace87795d9ba9cb7901536d3f58 |
| SHA512 | 0d9b13ae03de4c94f0863a576a986810ba0d0d0cab1a8676f160628a66e26d76f673ca51f7e7ac48dd507b358a41220a94bb5dbbc96ed9dd95c29dc4c1288e6c |
C:\Windows\Temp\asw.b1428497ccbf48a4\prod-vps.vpx
| MD5 | 8499e8596ec1c873e132662092da0a85 |
| SHA1 | dd27c53c9fb86cbcc367182fccf8bd0af6ebb763 |
| SHA256 | 26d22504cae4bb0e7de6e10317a97aa4be15a0a3fa9bf2d735d89213696e0712 |
| SHA512 | f06bcf0f8239a15c78b8113d27c60b32bcdc1be25d913ef3356ca5a58349e12b14b6673838e83972d81e90e338d948781626d5ff6db3a6fea303b8aead98824d |
C:\Windows\Temp\asw.b1428497ccbf48a4\avbugreport_x64_ais-a4e.vpx
| MD5 | 842ce0dd7cb9f7da03deeaca914d2601 |
| SHA1 | 4fb1155f24c0a21ce05422acef92315b28cd00b0 |
| SHA256 | 8611887d7a6d0e09154624ae8842101b75cebb9fbfed3ea5b75757dbf27f9c2b |
| SHA512 | afc099e544c225ee59ea322b9e8214eaa52e38f87c3ef1e9c1342381ed6297edf0f2305e110e0161a8bc285282277e8f71d97c6975be2692694b252b7fc14227 |
C:\Windows\Temp\asw.b1428497ccbf48a4\avdump_x64_ais-a4e.vpx
| MD5 | 1015a45d5a55cc49d7c9c7b738059b42 |
| SHA1 | 378b0613fdb97f20c4fa7ada4d6ff477235ed714 |
| SHA256 | 540d3f4ac06e02499b99a63e385fad6b9da3a0ddddd0f53c471fa337b29f6c9c |
| SHA512 | 0ea22eee2e4888a14ec99f288e115e94787dc98e4e23431fcecc19a7b54f5f7511b01317709a1fc5df667f97b7eda25d0cdb54b15b1e26c8d14921462a43089e |
C:\Windows\Temp\asw.b1428497ccbf48a4\offertool_x64_ais-a4e.vpx
| MD5 | 6f6329510f25a07190dcb390f64aafb0 |
| SHA1 | bb01be426c6b48ffd4de21bbc8b57d5ac98dcd3b |
| SHA256 | d494b12aeb973291ed85ff0ff94f734a827f14f52f9b2888824caad56a8192f1 |
| SHA512 | 5a140f6748348159ea00a686e555aa514d356a4855f75560110ac7745b172cf7e69861599d74596300252a0249f7671637d49b1cd2a63f2f43aaf818dca198f6 |
C:\Windows\Temp\asw.b1428497ccbf48a4\New_180a17f5\asw12e658d29b45eebd.tmp
| MD5 | aa4483fee9197dcc99ad3e6fd1ed976a |
| SHA1 | a7a70cc9d0cab661aa276a718eea9f5b4b417674 |
| SHA256 | c782bd3a455f7236c1f99d3f85805ebb8b79ff622d1a989d148b1c7db5ee2b31 |
| SHA512 | 69b127b1516b447786d7cf0604fb75db1fff95f6d755c9f698a3164c8685a87dd3b288bcc70566b1e6c3aed444ee5db0321c19830e95750b79233952ba8188e8 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | 7f5a33c735b0f1a4cb0983dc30769ff6 |
| SHA1 | 32e9b7ac8f8c48bfcd2246484ad48fb02730ac8b |
| SHA256 | 9e3e4036ee212784e97bbb4c3284cf2f38c074c209ca166ec714109c24e1a27b |
| SHA512 | d70340256cbca41b2a0919711cc761f9f6ea9acbadd630d2e7e3e75e118523ab1238052cc99021ad9740963b188234652ee44cfb007f74a2efcccf36680b512f |
C:\Windows\Temp\asw.b1428497ccbf48a4\part-prg_ais-180a17f5.vpx
| MD5 | 7e65c81832ebfd31aaa0971528adfe72 |
| SHA1 | 59394751b3e14f516152747902e6d8f1c0799b54 |
| SHA256 | bf4f0f44ab05c6585ab85b1d2b3ad7b36ca229dc39205069bda05674d6a6e034 |
| SHA512 | 9c6a2885b8a8dab5181052205ae9b4a53731242d5ab0e3e23e3d0be53c28c1e6800b6d9c5451a5f28a50b617f71dd457db109de32e852ac9b268962b8d997916 |
C:\Windows\Temp\asw.b1428497ccbf48a4\setup.def
| MD5 | 2968b90417f9078ef3ec90887589bcbc |
| SHA1 | 36ce6e67601513bd6efa46085a5570dfe0946f03 |
| SHA256 | f2de3592da42e4d30ffbfe8215539e08b0d9d7a4812b48a7a0ffe2da4f10db5b |
| SHA512 | f84b09bfd16d8564b265e9616501a09fd60b702a3871efa083ed2bbe950c52de3123829b295c360f36a6f8e0a6feb29430d7d22059e64931459cc056eec2e779 |
C:\Windows\Temp\asw.b1428497ccbf48a4\prod-vps.vpx
| MD5 | fa7efdecc2537c953bb8a49f6ac54224 |
| SHA1 | 68821ae21e5c476b5f451bd5a0a6fb6650a421f1 |
| SHA256 | 16ee2337d70bd3241362fd815d6ccf948836e3c5bfa1eb7921592ac909c0cba9 |
| SHA512 | 3f4e9d2e016b3d47fa2492dd0c7788bd2d320fcc39dca850ffa94d1ceaf212573f76c3e8305817ee282811f7533284a1619987ceaaee6858c8702d5cf412f538 |
C:\Windows\Temp\asw.b1428497ccbf48a4\part-jrog2-1643.vpx
| MD5 | 0487afba722c75421dab5ad76c907b64 |
| SHA1 | 2af01aae124736188c6879265bc8e5b8aaf5f633 |
| SHA256 | 756380ea118c2bc721918c7fe94300032667b3f5a143b6374246e80339833019 |
| SHA512 | 23047f15ca793efd76614034455653960540b7831b726234501f8bb3d057ac48ce7fef0370cb4adbffe1f1c37d4199176a701479c8824afbe3ae55ca5714ac1d |
C:\Windows\Temp\asw.b1428497ccbf48a4\part-vps_windows-24103102.vpx
| MD5 | fbaf91e11247fcacda8bbba7e78e5aae |
| SHA1 | 88d882c06b0f3c30d69fe1aa018d921f1264a8bc |
| SHA256 | d5b2609e3056fb970c1ff0dd020add9fb95208c520058308595ea9a550f40317 |
| SHA512 | b5e647dfe1bfa9a81235ab91719548ac473b32f31a0c0515bf79191c23e35bc48d1654c31258df35150e27357f5e9f615b4c63450e77d081396a6c7425aaa99b |
C:\Windows\Temp\asw.b1428497ccbf48a4\config.def
| MD5 | 732d079159f66306531fc0f05df7ece6 |
| SHA1 | da3114747531fe838458f7f9e44101d1c1ab9453 |
| SHA256 | 5f817eb4dc9aeaaf0ecf739026a95c50ab1f45c56a83042a0791fb0c87efc105 |
| SHA512 | 644ecce145ff60c9e77b0340d0ebd076ab1671cd3a59a36495d0cc6309b3e50caf7884539c9dd48d14838f7fd2dd2beacda2d613756873d411b352ab167183dc |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
| MD5 | a1c558319f2a2ee45bd8f1410be5e7eb |
| SHA1 | 7757189ef470dfcbf1694d28e1a64eeac9668e11 |
| SHA256 | 440d18de1597690530ef8ed4323b615dc30dba6df69d4348d9b4918a40cd4872 |
| SHA512 | fa4a8fc5cd313faeeadc672607713fb795fb200ad008ba0fb9a918626f30deea3e6aaab7692d7d2532803bdaea0b463ed85fc564d851e7fae582dd0983f7f781 |
C:\Users\Public\Documents\gcapi.dll
| MD5 | 3ead47f44293e18d66fb32259904197a |
| SHA1 | e61e88bd81c05d4678aeb2d62c75dee35a25d16b |
| SHA256 | e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905 |
| SHA512 | 927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0 |