General Info

URL

http://download.pdfforge.org/go/op/lsop.exe

Full analysis
https://app.any.run/tasks/60822f36-3223-40bf-a549-817ace07b9bd
Verdict
Malicious activity
Analysis date
9/11/2019, 09:35:37
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

pua

lavasoft

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • instup.exe (PID: 2944)
  • scc0hqpq.q4x.exe (PID: 3160)
  • avast_free_antivirus_setup_online.exe (PID: 2288)
  • instup.exe (PID: 2248)
  • scc0hqpq.q4x.exe (PID: 3692)
  • scc0hqpq.q4x.exe (PID: 3836)
  • lsop.exe (PID: 3932)
  • GenericSetup.exe (PID: 1008)
  • installer.exe (PID: 2784)
  • OfferInstaller.exe (PID: 3656)
Loads dropped or rewritten executable
  • instup.exe (PID: 2248)
  • OfferInstaller.exe (PID: 3656)
  • GenericSetup.exe (PID: 1008)
Downloads executable files from the Internet
  • OfferInstaller.exe (PID: 3656)
  • scc0hqpq.q4x.exe (PID: 3836)
Changes settings of System certificates
  • instup.exe (PID: 2248)
LAVASOFT was detected
  • installer.exe (PID: 2784)
Creates or modifies windows services
  • instup.exe (PID: 2944)
  • instup.exe (PID: 2248)
Low-level read access rights to disk partition
  • instup.exe (PID: 2944)
  • instup.exe (PID: 2248)
  • avast_free_antivirus_setup_online.exe (PID: 2288)
  • scc0hqpq.q4x.exe (PID: 3836)
Removes files from Windows directory
  • instup.exe (PID: 2944)
  • instup.exe (PID: 2248)
Creates files in the Windows directory
  • instup.exe (PID: 2944)
  • instup.exe (PID: 2248)
  • scc0hqpq.q4x.exe (PID: 3836)
  • avast_free_antivirus_setup_online.exe (PID: 2288)
Starts itself from another location
  • instup.exe (PID: 2248)
Adds / modifies Windows certificates
  • instup.exe (PID: 2248)
Executable content was dropped or overwritten
  • scc0hqpq.q4x.exe (PID: 3836)
  • instup.exe (PID: 2248)
  • avast_free_antivirus_setup_online.exe (PID: 2288)
  • chrome.exe (PID: 2900)
  • OfferInstaller.exe (PID: 3656)
  • chrome.exe (PID: 3584)
  • lsop.exe (PID: 3932)
Creates files in the program directory
  • instup.exe (PID: 2248)
  • avast_free_antivirus_setup_online.exe (PID: 2288)
Reads the Windows organization settings
  • OfferInstaller.exe (PID: 3656)
  • GenericSetup.exe (PID: 1008)
Starts CMD.EXE for commands execution
  • OfferInstaller.exe (PID: 3656)
Reads Environment values
  • GenericSetup.exe (PID: 1008)
  • OfferInstaller.exe (PID: 3656)
Reads Windows owner or organization settings
  • OfferInstaller.exe (PID: 3656)
  • GenericSetup.exe (PID: 1008)
Searches for installed software
  • GenericSetup.exe (PID: 1008)
Reads the hosts file
  • instup.exe (PID: 2944)
  • instup.exe (PID: 2248)
  • chrome.exe (PID: 3584)
  • chrome.exe (PID: 2900)
Reads Internet Cache Settings
  • chrome.exe (PID: 3584)
Reads settings of System Certificates
  • OfferInstaller.exe (PID: 3656)
Application launched itself
  • chrome.exe (PID: 3584)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
59
Monitored processes
21
Malicious processes
10
Suspicious processes
0

Behavior graph

+
drop and start start drop and start download and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs lsop.exe #LAVASOFT installer.exe genericsetup.exe chrome.exe no specs offerinstaller.exe cmd.exe no specs scc0hqpq.q4x.exe no specs scc0hqpq.q4x.exe no specs scc0hqpq.q4x.exe avast_free_antivirus_setup_online.exe instup.exe chrome.exe no specs instup.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3584
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://download.pdfforge.org/go/op/lsop.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\wship6.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\lsop.exe
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\credssp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll
c:\windows\system32\audioses.dll

PID
2252
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fdea9d0,0x6fdea9e0,0x6fdea9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3432
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3588 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
2668
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6660624486099013222 --mojo-platform-channel-handle=1036 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2900
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=7768573124143193201 --mojo-platform-channel-handle=1520 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
2836
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8087370002665954888 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2060
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15627430827636798657 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2604
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15060534434513569724 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3932
CMD
"C:\Users\admin\Downloads\lsop.exe"
Path
C:\Users\admin\Downloads\lsop.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
pdfforge GmbH
Description
PDFCreator is the easy way of creating PDFs.
Version
2.5.2.6324
Modules
Image
c:\users\admin\downloads\lsop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\7zsc5fc95f6\installer.exe

PID
2784
CMD
.\installer.exe
Path
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\installer.exe
Indicators
Parent process
lsop.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
adaware
Description
PDFCreator is the easy way of creating PDFs.
Version
2.7.2.1576
Modules
Image
c:\users\admin\appdata\local\temp\7zsc5fc95f6\installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\users\admin\appdata\local\temp\7zsc5fc95f6\genericsetup.exe
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll

PID
1008
CMD
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\GenericSetup.exe
Path
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\GenericSetup.exe
Indicators
Parent process
installer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
adaware
Description
PDFCreator is the easy way of creating PDFs.
Version
2.7.2.1576
Modules
Image
c:\users\admin\appdata\local\temp\7zsc5fc95f6\genericsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\users\admin\appdata\local\temp\7zsc5fc95f6\devlib.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.security\8391072310ccd84eecefe797cfd4a4a5\system.security.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\e588691224a17737f3a164cc2d46c156\system.management.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.web\7c32e936a07e0c7d9cae3ac27497f613\system.web.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.web\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.web.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\users\admin\appdata\local\temp\7zsc5fc95f6\wizardpages.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\riched20.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\7zsc5fc95f6\offerinstaller.exe

PID
2780
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5061085106975884952 --mojo-platform-channel-handle=4216 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3656
CMD
"C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\OfferInstaller.exe"
Path
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\OfferInstaller.exe
Indicators
Parent process
GenericSetup.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
PDFCreator is the easy way of creating PDFs.
Version
1.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\7zsc5fc95f6\offerinstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\users\admin\appdata\local\temp\7zsc5fc95f6\devlib.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.web\7c32e936a07e0c7d9cae3ac27497f613\system.web.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.web\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.web.dll
c:\windows\system32\cryptsp.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\e588691224a17737f3a164cc2d46c156\system.management.ni.dll
c:\windows\system32\apphelp.dll

PID
3348
CMD
"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe" /silent /ws"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
OfferInstaller.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\scc0hqpq.q4x.exe
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll

PID
3160
CMD
"C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe" /silent /ws
Path
C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1279.0
Modules
Image
c:\users\admin\appdata\local\temp\scc0hqpq.q4x.exe
c:\systemroot\system32\ntdll.dll

PID
3692
CMD
"C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe" /silent /ws
Path
C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1279.0
Modules
Image
c:\users\admin\appdata\local\temp\scc0hqpq.q4x.exe
c:\systemroot\system32\ntdll.dll

PID
3836
CMD
"C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe" /silent /ws
Path
C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1279.0
Modules
Image
c:\users\admin\appdata\local\temp\scc0hqpq.q4x.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\temp\asw.33b0006786b69a7c\avast_free_antivirus_setup_online.exe
c:\windows\system32\apphelp.dll

PID
2288
CMD
"C:\Windows\Temp\asw.33b0006786b69a7c\avast_free_antivirus_setup_online.exe" /silent /ws /cookie:mmm_lvs_ppi_002_967_n /ga_clientid:d281d08d-9d01-4115-8913-df63820afa5b /edat_dir:C:\Windows\Temp\asw.33b0006786b69a7c
Path
C:\Windows\Temp\asw.33b0006786b69a7c\avast_free_antivirus_setup_online.exe
Indicators
Parent process
scc0hqpq.q4x.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.7.4674.0
Modules
Image
c:\windows\temp\asw.33b0006786b69a7c\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.33df43f168676700\instup.exe

PID
2248
CMD
"C:\Windows\Temp\asw.33df43f168676700\instup.exe" /edition:1 /ga_clientid:d281d08d-9d01-4115-8913-df63820afa5b /guid:ef8b7e5a-09c1-4bbd-95c9-c61462d2466e /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.33df43f168676700 /silent /ws /cookie:mmm_lvs_ppi_002_967_n /ga_clientid:d281d08d-9d01-4115-8913-df63820afa5b /edat_dir:C:\Windows\Temp\asw.33b0006786b69a7c
Path
C:\Windows\Temp\asw.33df43f168676700\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.7.4674.0
Modules
Image
c:\windows\temp\asw.33df43f168676700\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.33df43f168676700\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.33df43f168676700\uat_2248.dll
c:\windows\temp\asw.33df43f168676700\new_13070954\asw0044f6e724780e83.tmp
c:\windows\temp\asw.33df43f168676700\new_13070954\asw9e21c107e085565c.tmp
c:\windows\temp\asw.33df43f168676700\new_13070954\asw227d59d02af6809a.tmp
c:\windows\temp\asw.33df43f168676700\new_13070954\asw0d81d0c7fdfe7a9b.tmp
c:\windows\temp\asw.33df43f168676700\new_13070954\asw57d53111fcf30f28.tmp
c:\windows\temp\asw.33df43f168676700\new_13070954\asw276bb321dec29b65.tmp
c:\windows\temp\asw.33df43f168676700\new_13070954\asw3a51a8dff833b26b.tmp
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.33df43f168676700\new_13070954\instup.exe02af6809a.tmp

PID
3548
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,11811941344145020013,17336914047156979523,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=18386130516771164810 --mojo-platform-channel-handle=1380 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2944
CMD
"C:\Windows\Temp\asw.33df43f168676700\New_13070954\instup.exe" /cookie:mmm_lvs_ppi_002_967_n /edat_dir:C:\Windows\Temp\asw.33b0006786b69a7c /edition:1 /ga_clientid:d281d08d-9d01-4115-8913-df63820afa5b /guid:ef8b7e5a-09c1-4bbd-95c9-c61462d2466e /online_installer /prod:ais /sfx /sfxstorage:C:\Windows\Temp\asw.33df43f168676700 /silent /ws
Path
C:\Windows\Temp\asw.33df43f168676700\New_13070954\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.7.4674.0
Modules
Image
c:\windows\temp\asw.33df43f168676700\new_13070954\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.33df43f168676700\new_13070954\instup.dll7fdfe7a9b.tmp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.33df43f168676700\uat_2944.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

Registry activity

Total events
3150
Read events
2493
Write events
656
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
1008
GenericSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1008
GenericSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1008
GenericSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3432
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3584-13212660953006250
259
2900
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3584
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3584
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13212660954193750
3584
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307090003000B00070023003900AA0000000000
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307090003000B00070023003900AC0000000000
3656
OfferInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3656
OfferInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
EnableFileTracing
0
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
EnableConsoleTracing
0
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
FileTracingMask
4294901760
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
ConsoleTracingMask
4294901760
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
MaxFileSize
1048576
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
FileDirectory
%windir%\tracing
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
EnableFileTracing
0
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
EnableConsoleTracing
0
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
FileTracingMask
4294901760
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
ConsoleTracingMask
4294901760
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
MaxFileSize
1048576
3656
OfferInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
FileDirectory
%windir%\tracing
3656
OfferInstaller.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3348
cmd.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3348
cmd.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3836
scc0hqpq.q4x.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.33b0006786b69a7c
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
6
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
12
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
18
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
25
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
31
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
37
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
43
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
50
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
56
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
62
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
68
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
75
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
81
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
87
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
93
2288
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
100
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr
EnableCounterForIoctl
1
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
2248
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Blob
0F0000000100000020000000FDE5F2D9CE2026E1E10064C0A468C9F355B90ACF85BAF5CE6F52D4016837FD94090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B06010505070308060A2B0601040182370A030406082B0601050507030606082B0601050507030753000000010000002400000030223020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C062000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F3390B000000010000001800000045006E00740072007500730074002E006E006500740000001400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB1D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D340300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D42000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Blob
190000000100000010000000FA46CE7CBB85CFB4310075313A09EE050300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D41D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D341400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB0B000000010000001800000045006E00740072007500730074002E006E0065007400000062000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F33953000000010000002400000030223020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B06010505070308060A2B0601040182370A030406082B0601050507030606082B060105050703070F0000000100000020000000FDE5F2D9CE2026E1E10064C0A468C9F355B90ACF85BAF5CE6F52D4016837FD942000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Updating the product
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-954.vpx
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
14
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-954.vpx
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
28
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
42
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
57
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: offertool_ais-954.vpx
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
71
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: sbr_x86_ais-954.vpx
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: sbr_x86_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
85
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
100
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvBugReport.exe
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvDump.exe
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.exe
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.dll
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: aswOfferTool.exe
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: sbr.exe
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: HTMLayout.dll
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Replacing files
2248
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.33b0006786b69a7c
3548
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2944
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr
EnableCounterForIoctl
1
2944
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
2944
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
100
2944
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
0
2944
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
58
2944
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US

Files activity

Executable files
29
Suspicious files
34
Text files
154
Unknown types
0

Dropped files

PID
Process
Filename
Type
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\Microsoft.Win32.TaskScheduler.dll
executable
MD5: f40cb9329f8423e0cfb160e7381c0cfb
SHA256: 15e23235e7243a130bd882db900de009bc28e45c65f116901a1ca74c1180d9b0
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\fr\DevLib.resources.dll
executable
MD5: 76836a6a274dea608c6bbd802afb8fc9
SHA256: 64d095ef8249fc4a057f8b179134a3488f83174fc6144ec87303fdde78a67a0c
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\HTMLayout.dll
executable
MD5: 4a6545156dcc4cf9cec19b47b9eb1d27
SHA256: 6c2976244b338015429012a6a956d4c9b7e7a341845450ffb087f4956fc867d1
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\en\DevLib.resources.dll
executable
MD5: 4db59628d7caac7eab64256b3a0dc2c4
SHA256: 9f1a016bb1dbd6c2c02300d840ac8e95ada16f9ae509a54f4ed5dc936b663354
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\Instup.exe
executable
MD5: 4be41795b5798049e901d2462ee6d1f2
SHA256: 83afea28d38ac460606f6a7da9963a03e9c676dc09c5debca0aceae1f40fbcbb
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\es\DevLib.resources.dll
executable
MD5: aa3d496fe7c4f471ac303597a54fbf53
SHA256: cccff53d6f114214bdd786f59aec79269d530ba3fd1e8117cbb4ee30f1093ff9
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\avbugreport_ais-954.vpx
executable
MD5: a13cbab5a35f4777fca8269c4187bbb7
SHA256: f7d2477b08a9115f34eb40be2aaaa630aa9a0757671156d1d00859070ff2c8da
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\de\DevLib.resources.dll
executable
MD5: 17aa6f143be93d54b69ffc125d8b889a
SHA256: bed738bb32e82f845730e7925cccb9f6d49cc3c7bb8008566dc7c64252f5bba9
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\avdump_x86_ais-954.vpx
executable
MD5: 67eed14c8596cea146eb7b265b104db3
SHA256: da8e340477cda90461c62ff62615695da8384312907b7a7ad5edb4cb9736a285
3584
chrome.exe
C:\Users\admin\Downloads\lsop.exe
executable
MD5: 119bde97a29c1f21b5247e3e2a98fb5e
SHA256: aab1fca8ad2ee36c655b04cbc3473e01fb8ba18f70e9ffe10010779f5963ed0a
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\OfferInstaller.exe
executable
MD5: d27d773caeee68a277377f90c38c4304
SHA256: 62ab13e3c07a17cd60270e77005d5e2e0cd3db7297cec5646cdd7f164af32e51
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\instcont_ais-954.vpx
executable
MD5: 4be41795b5798049e901d2462ee6d1f2
SHA256: 83afea28d38ac460606f6a7da9963a03e9c676dc09c5debca0aceae1f40fbcbb
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\DevLib.dll
executable
MD5: 7da3a8def8c6ca416f445742ae40ea1a
SHA256: 87017430e95f41ea306304df13a93a1cecc30c4b1fe678275825ce74ebb52b7f
3584
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 795117.crdownload
executable
MD5: 119bde97a29c1f21b5247e3e2a98fb5e
SHA256: aab1fca8ad2ee36c655b04cbc3473e01fb8ba18f70e9ffe10010779f5963ed0a
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\installer.exe
executable
MD5: 541601f0f20415ae578e772ed26d0f94
SHA256: f267df19c7027a1f7a16dac28d37b36c1f64632c2651f6808e1ebd9e1c8f9319
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\instup_ais-954.vpx
executable
MD5: ca40d4bd292571e4201966f3520999f0
SHA256: 9b0e28a20636ce7d4161c03fd52bd48bd0f11c542fcda115e9a337f65b6ab581
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\GenericSetup.exe
executable
MD5: 715838cbdd0200e3355cc4592be1c080
SHA256: c0956e425b343cd0328ca7294570a42a903a14ceb2fbdb82bf58ac9089fd2e0e
2900
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
executable
MD5: 119bde97a29c1f21b5247e3e2a98fb5e
SHA256: aab1fca8ad2ee36c655b04cbc3473e01fb8ba18f70e9ffe10010779f5963ed0a
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\ru\DevLib.resources.dll
executable
MD5: ffd7bf2763a839058248a254b888d0e1
SHA256: e20dc192dbee314a87a999adf9daeafd50fd7d7e3155cb2457210308f3dd07c2
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\offertool_ais-954.vpx
executable
MD5: ad53324268336248350e40c407624b10
SHA256: 654925f1372e54b2f40d886802dc453f9c96559bf9633b51142f57dafd352acd
3836
scc0hqpq.q4x.exe
C:\Windows\Temp\asw.33b0006786b69a7c\avast_free_antivirus_setup_online.exe
executable
MD5: cd686815e64b1f89ebf91ad1be05141f
SHA256: cd79deb60b2943055db30ee0710cfa9db48455e3607bcc4b361ddf6fac4e114c
3584
chrome.exe
C:\Users\admin\Downloads\91632c05-04b2-45ba-a085-e448c6cb7ba1.tmp
executable
MD5: 7c6c648105ca820335bf6b80fd9d631b
SHA256: 6d6be3c0988f1b9982c90796e3ee0f2b4f1962d5925489060bdb6954795381bc
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\it\DevLib.resources.dll
executable
MD5: 8c626c1e344b4c1eeea0040b89f74e2e
SHA256: e7183e73c15be5d6ce8c8a62156cd4e56630ae12d149b97f9f1a77278ec81b98
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\pt\DevLib.resources.dll
executable
MD5: 243256900a4e4fbf1436ec8754d84f42
SHA256: 34a8097f8ff1c10d90ba38d2f611d6ddc7730d5cb5923aea6efe3de21320c3b4
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\WizardPages.dll
executable
MD5: 6d0299f0840769c3aac917b049c34e31
SHA256: d98b95e48a1af41d27e1085e032b80605ad17e08d33b27bacd9558e9f7e302e8
3656
OfferInstaller.exe
C:\Users\admin\AppData\Local\Temp\scc0hqpq.q4x.exe
executable
MD5: f30075695b2ae625e534546f8146ae5f
SHA256: dc965fea1bc9ecce8379484933fd55108cf49990692301ae5894408ca64d1bab
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\Instup.dll
executable
MD5: ca40d4bd292571e4201966f3520999f0
SHA256: 9b0e28a20636ce7d4161c03fd52bd48bd0f11c542fcda115e9a337f65b6ab581
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\config.def
text
MD5: c401268ff73ebfee051f0fab747da259
SHA256: 165bfae929e86e778a190e8d5668b84dbef9c9fc56a1e5fb8e2ceafd801d7270
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\config.def.ini
text
MD5: 503efd3b80545dd629bd89b03b4eed2a
SHA256: 3c3c4aade60cc27f94205f18b4b2e951e23f652cb6bc4ced99602254ab683399
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\avast5.ini
text
MD5: 41b19920bca1dc14360db9241bcc22a6
SHA256: 31a088c88571ed7ff9c888d7ab246e5796b18a23a2130b44f9cf6613d4c0284e
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\config.def.new
––
MD5:  ––
SHA256:  ––
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\part-jrog2-85.vpx
binary
MD5: 81a3484da9e40976e3cc1337e3834c58
SHA256: aad58d52d431cada0a0f4b80e14ebb45c37bad7265e16cef7e5ee554b327c069
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\instup_ais-954.vpx
––
MD5:  ––
SHA256:  ––
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\setup.def
text
MD5: ca5bb5a4f52eb301b8f40c8be23aace1
SHA256: e520c59eb18dd9ad369f45bec706731fd478c1750e3e3037c1775adbc7f57f4d
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\setgui_ais-954.vpx
binary
MD5: ff693445fea2e4f8e5738a93de567683
SHA256: a07fe5ffa51ec3c7c891528fd2d87008ab8212fb314d6771b3581d473b9b1cfb
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\instcont_ais-954.vpx
binary
MD5: 7e8a14ff96519e441a02848e7e6c3996
SHA256: c4568d815a449f80a044b6cd67d5913185f59c49e22cc0ca4f86b562444af674
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\uata64.vpx
binary
MD5: cce28f2809609b0441720d5fe7cfe113
SHA256: 23c87f71c1448ee70494949ae17f695fc545dd0f877ac5392503db9ba24d6d33
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\program.def
text
MD5: ca5bb5a4f52eb301b8f40c8be23aace1
SHA256: e520c59eb18dd9ad369f45bec706731fd478c1750e3e3037c1775adbc7f57f4d
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\uat64.vpx
binary
MD5: 4a85505952a17f779e27d7d841047328
SHA256: 6e03f3f5dd4f3210bebaecca1719d20442b81d9c1d1eb935956493b7d293e51a
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\uat.vpx
binary
MD5: 04909f17e407ab1a4ab67fd35763faf3
SHA256: 8f8482122844f5f59533d470d7098897a638966ad29e6f70ad1c05170e8d0ca6
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\servers.def.vpx
binary
MD5: 7eae1fa681ab95d4d84aaecef04da987
SHA256: b413a4900f70a8dc71c2d492944e14c1c3902a9b0705e6d73245c1d8645f5be4
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\prod-pgm.vpx
binary
MD5: 72b6487256fb53a1e2a01ea1c00d96ae
SHA256: 42f3d9b7fd4dd5bc4a7b74acb0f873d151a04f1f52f3dd6a64d7cba6bee79136
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\servers.def
text
MD5: c66eff1e07edd34ae3465b8fb23020f1
SHA256: 8eb05c4d9b307cf69ed5f13dac4b18c912ea11b2230e62d9891ef1c138380a42
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\prod-vps.vpx
binary
MD5: 68bce3a63f8636b9d45f65ead04e7091
SHA256: f79bce2418f19b2c0a5bfdff73cc6d58d33bed531c43f51a0a650b79822b2b27
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\part-vps_windows-19081500.vpx
binary
MD5: c689f8568048774dc3e1443058512a54
SHA256: 4080611b382901b8bd945db826c33ee9273f19e57cc3fca3ee4437be75348649
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\part-prg_ais-13070954.vpx
binary
MD5: a4a459dd96c4730fb97d2063efce85a8
SHA256: 50598eb4e2d23a1b9763332652cada6457275b55a3c039dc64ffaa31e33523ff
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\config.def
text
MD5: c482d6e3f5630edc95e9fd7b35539bb4
SHA256: 1fe99c885d1c512f9efe189b74d206008e70f275675716a75060f313695b7414
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\config.def.vpx
binary
MD5: 03185785409416a102ce6f3dd38feb4c
SHA256: ca7ea134a54c593e74e954d349b189d1b9d92536cf2f2a3bb7c7f5a668aa482e
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\part-setup_ais-13070954.vpx
binary
MD5: ab063a649268d1d25548dbef62666cd1
SHA256: 9074aec0b919c5fc2f85d9fbd0601fee9c42ded027fb428f8e7c05b74b7a170f
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\part-jrog2-45a.vpx
binary
MD5: 0f943473873af25048caf3593d570701
SHA256: fedf6c3da14f66cad88851403097d8b24356c7d101b95349d29734abd447fe0a
2288
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.33df43f168676700\cookie.bin
text
MD5: 755c1279d67d01096c0e5796ad90bd56
SHA256: f640cb849d78052c5adbaa2d91764288a5bc4ba02d938eb5ddca970d3e99bed4
2288
avast_free_antivirus_setup_online.exe
Setup.log
––
MD5:  ––
SHA256:  ––
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\uat_2944.dll
––
MD5:  ––
SHA256:  ––
3836
scc0hqpq.q4x.exe
C:\windows\temp\asw.33b0006786b69a7c\ecoo.edat
text
MD5: 755c1279d67d01096c0e5796ad90bd56
SHA256: f640cb849d78052c5adbaa2d91764288a5bc4ba02d938eb5ddca970d3e99bed4
3656
OfferInstaller.exe
C:\Users\admin\AppData\Local\Temp\pdfforge-OfferInstaller.log
text
MD5: 6f918179b0551642e80649c9487ef245
SHA256: 20b12eb7661def8c5f18b2ef8336c7d6b718d838cad721bd38d8a51af08eb2c5
3656
OfferInstaller.exe
C:\Users\admin\AppData\Local\Temp\pdfforge-OfferInstaller.log
text
MD5: cd896e9b22cfa00f1e79cf3acb0d0c13
SHA256: 281f71f72c16e5c3096c7ee7cdd9205f62a5cd2dc7bd2cc9e09bb5002a828387
2784
installer.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\2019.09.11_08.36.06.857812_installer_pid=2784.txt
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF17276d.TMP
text
MD5: be8955ced8f48a36ffd8944aa6452cdd
SHA256: 23f5e2aa34a9b2f7f988105150d283a4dd8c5be68e6c6be324b65d9c9eb80438
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: be8955ced8f48a36ffd8944aa6452cdd
SHA256: 23f5e2aa34a9b2f7f988105150d283a4dd8c5be68e6c6be324b65d9c9eb80438
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4e274cd4-3159-4eb1-8cb8-05785e1f2cdd.tmp
––
MD5:  ––
SHA256:  ––
3656
OfferInstaller.exe
C:\Users\admin\AppData\Local\Temp\pdfforge-OfferInstaller.log
text
MD5: ae0fc3245addd52311bdad6bd5303b4f
SHA256: 017123646258b3c5e740300db9636539c7d57f3458729331c4a2c1cc72c8fa96
3656
OfferInstaller.exe
C:\Users\admin\AppData\Local\Temp\pdfforge-OfferInstaller.log
text
MD5: 1180a1013b8d0b7336bd17daf36d9063
SHA256: 8f3b2f54b034e9e52bda249aa5540f1d4aab35d9c58de3c4a5b65d993a28bb55
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\prod-pgm.vpx
binary
MD5: 72b6487256fb53a1e2a01ea1c00d96ae
SHA256: 42f3d9b7fd4dd5bc4a7b74acb0f873d151a04f1f52f3dd6a64d7cba6bee79136
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 0210b75b910668160c7c598e1f04b313
SHA256: 891e5e2dd88a8d8aa24bc20e3933ec2e7ca6ef142253b6ea72dd3192e7080777
3656
OfferInstaller.exe
C:\Users\admin\AppData\Local\Temp\pdfforge-OfferInstaller.log
text
MD5: 3d4ad0dfe1538cff577902581819671f
SHA256: 182a31adf6f433128c5a9bf31518fa7c2389b28b49a2445decfde32c97e637ac
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: d6ce2e2ed377c65d380b08087f79dfa0
SHA256: c48dde4e086b2c99bd28a142f48c7421b42bb6ec85a9c7e303f93f9366458e0e
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 946c52b2358f3f05cd5d1dcc9ffb6b94
SHA256: b19740e201361e778e74fd6fee92c2c666e68bbcaafd64093a1690eeb309758d
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 0fdb471117c992e8aaf6efe28bd47b61
SHA256: 6e8ec2d584833d28d2b0d68659160b5b5f215058ce438be36674b2fc96e8493f
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: f8adcbf17bfcf35cf5ad963138c1e4d0
SHA256: 57ac7dfa66bffbadb23edc0ad4b8cb370dbe8fc04d5c10efad15ca8f04bd1839
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 28460eadb7c6bf1d3fbb23df1a0fb713
SHA256: 66da44a89c77516d2f568dc2784eb0eb8ab1c4c81fdd97052cf08bdd32307122
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 2dc4139bcbe87f09109a7fbd707b65d5
SHA256: aac9041738bb7592b4566598e3fe3becef7760639e3f878876a99b82ea1cd261
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 4ef73765adfc5a85e9adf595e2e3ff12
SHA256: 2eeca618c3696eb7d2629c51d3433c11ab938a7f74c854d8b252779b2310975b
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 45f1845c05351b55c3b4238402efb62f
SHA256: 5eaf06d477cdb1ce8b2114bbc9922da9f4e32a4b109111ab788d7fca75995191
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 5ef2baf441dfe9a89838d9e8f3c8bb92
SHA256: 889e1d837ea2304ff5703864604fda4c36d39f634170b7409b0b21128cf391cf
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF16fca4.TMP
text
MD5: 5ef2baf441dfe9a89838d9e8f3c8bb92
SHA256: 889e1d837ea2304ff5703864604fda4c36d39f634170b7409b0b21128cf391cf
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1e03cd43-4cc0-4821-8c07-7228e0c5a23d.tmp
––
MD5:  ––
SHA256:  ––
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 7925beada804eac09f3849c98fc95f40
SHA256: 790865759ae80686a54550ad9ed7eb20a35e7641d63545c377a2b8b6c6d708df
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 341e2ea7fcd72bf415f1c68cc1b3f50e
SHA256: d98622ad247b7107b86bfe1e9e026dbebc6ed4ed9b0588098c326da371cff29d
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 5073ac4324ae6237b2f51a62837853fd
SHA256: dff95e94227a93636ee15215decad7a1589a8cfc8702bb2299c8c585f40a5040
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 6390c4d840a56d13e1af19472203e20d
SHA256: 33e070425421df0d9b136709cd894bd2898a5ded934b12d422bed721dec1a711
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 0773419739a2b02f359b33f4f4820325
SHA256: 1f4ffce0473529f43bb685aa07d3e2de3c23418ea2450c88713a763512212a6f
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 81445bae87722bea26a51a4d0f2bbcb6
SHA256: d2a0f4663ef3955bfb84ae75fe0148f82b9aab1d03844f746db27134be3af955
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF16e9d8.TMP
text
MD5: 81445bae87722bea26a51a4d0f2bbcb6
SHA256: d2a0f4663ef3955bfb84ae75fe0148f82b9aab1d03844f746db27134be3af955
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a5b83971-4c07-4706-9dab-8f40afd4ee03.tmp
––
MD5:  ––
SHA256:  ––
1008
GenericSetup.exe
C:\Users\admin\AppData\Local\Temp\pdfforge.log
text
MD5: 38a770c6c7f569629ac336bc64ad2307
SHA256: f26cd79b60f3cfdc59bf986ddc2782a97dfed57c1a5e9df217ed82a26752f3a8
2784
installer.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\GenericSetup.exe.config
xml
MD5: 959769da57d82922880326860426c29f
SHA256: 5d4b18f85f7f78cf76231f296416be36dae5183e24146214aa5f40a96e3062bc
2252
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\avast5.ini
text
MD5: f16232b0d51cb175ba3e6bb12e6648f3
SHA256: 8900a8a5f3b0b0c34c54a8f0354a5955bc780f4e4b664ddd2760dfcea7dbd826
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\config.def
text
MD5: 740370dcde486f88b583a38a7a00b42e
SHA256: 7ab0f8cfabb8b8a23a6f1b0f38dc3db05b199ad0b76af85163ec26ae2f938614
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\config.def.new
––
MD5:  ––
SHA256:  ––
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\vps.def
text
MD5: 4e4bd7b4f918747979744e94caa6b1bf
SHA256: 1249368215a4691621203935e7200619c536cd69e53a358e705fed1d779e1bd6
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\part-vps_windows-19091001.vpx
binary
MD5: bbafeb8b062c56c3d69efb05f09f0bd9
SHA256: 138c2829501ad7b33b6d1d0b4a8211f62f374ad4f7083c7281f931652a1b180f
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 5f1e79cfc0f6fd64df92154e98f0cacb
SHA256: 70e0aa2ea8e01e730b6187afc6593cc87477056895544707ac9fe3506c503868
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF175beb.TMP
text
MD5: 5f1e79cfc0f6fd64df92154e98f0cacb
SHA256: 70e0aa2ea8e01e730b6187afc6593cc87477056895544707ac9fe3506c503868
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\7f00c2a4-e175-43a2-8af3-671093d3be70.tmp
––
MD5:  ––
SHA256:  ––
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\avbugreport_ais-954.vpx
binary
MD5: 0a58ba66d2a1b0e3dd43f6ea5a52c83e
SHA256: 3cdd69d11e81c6a364a027e1bce23538b30e3122573eb610ac69094962c7e173
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\setup.def
text
MD5: ca5bb5a4f52eb301b8f40c8be23aace1
SHA256: e520c59eb18dd9ad369f45bec706731fd478c1750e3e3037c1775adbc7f57f4d
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\uat_2248.dll
––
MD5:  ––
SHA256:  ––
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\prod-pgm.vpx
binary
MD5: 72b6487256fb53a1e2a01ea1c00d96ae
SHA256: 42f3d9b7fd4dd5bc4a7b74acb0f873d151a04f1f52f3dd6a64d7cba6bee79136
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\OfferInstaller.exe.config
xml
MD5: dd39824adeb4ff5bcda330f48a1777b9
SHA256: d31388110ffdef2ac150bdf02e69ebf81895d2b0ec8400558601a9e498e05dfc
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\BundleConfig.xml
text
MD5: a9459260c491e4c839d99ff0d1127090
SHA256: 584c7fa76102acc01fc890ed259f6ecb1c09345bff4ae6e1d539e29319791851
3932
lsop.exe
C:\Users\admin\AppData\Local\Temp\7zSC5FC95F6\GenericSetup.exe.config
xml
MD5: 959769da57d82922880326860426c29f
SHA256: 5d4b18f85f7f78cf76231f296416be36dae5183e24146214aa5f40a96e3062bc
2900
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF16c25a.TMP
text
MD5: f55f54a120fee15d9acbb04fb19e774a
SHA256: d9bec24d1cd12e9d90db8a4ba44c0a5b54b6d1d8a9bfcc94621dc9e1ce36c208
2900
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: f55f54a120fee15d9acbb04fb19e774a
SHA256: d9bec24d1cd12e9d90db8a4ba44c0a5b54b6d1d8a9bfcc94621dc9e1ce36c208
2900
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3634b9af-e424-4244-a595-249f11d12d97.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 037134777ccfe83c2cac9c28039db1e1
SHA256: 6facde0bb488281b6e11caa91c88ad09a5221d9b9246c2ddca6f7ffa869da7ca
3584
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 93871e1433144c58cab0deddd1d46925
SHA256: 3193f3035a4f457d66bab3048880aac2eb8557027f6373e606d4621609af1068
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabC1E5.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarC1E6.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 884451479153a21ca05277f0e04ab310
SHA256: c1b0bdd6050d4fb6e830289cde87810691a7ea7d46547349ffaffd5763cff7f2
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF16bf3e.TMP
text
MD5: 884451479153a21ca05277f0e04ab310
SHA256: c1b0bdd6050d4fb6e830289cde87810691a7ea7d46547349ffaffd5763cff7f2
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e25fc9c0-fbae-4cdf-afc2-2e0d33c22062.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: de6cd55ba3fbfd7c5cb219e0284a5e34
SHA256: d3c9221eeaae5d47cff99732fece6b641018d8306b9c6e832c386f7e9abd35cd
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF16be82.TMP
text
MD5: de6cd55ba3fbfd7c5cb219e0284a5e34
SHA256: d3c9221eeaae5d47cff99732fece6b641018d8306b9c6e832c386f7e9abd35cd
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\fbae5d7f-9950-4ee0-ab88-ce878635328c.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarBD41.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabBD40.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 019cf87806e1476e25a3bb2d16651a00
SHA256: d997e12923d0e8900b01a0e08b01fc6b722a6713a271106bca66754ccc3891ba
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF16bd1b.TMP
binary
MD5: 019cf87806e1476e25a3bb2d16651a00
SHA256: d997e12923d0e8900b01a0e08b01fc6b722a6713a271106bca66754ccc3891ba
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\32bc4891-27ac-4b2c-b3f5-3c254965025b.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 6463cd5396a3a27275aa8080599577d6
SHA256: fca016c1ef6dbec2efd3e2674c953264e68d1a4a39da17d485c1963d5540c8f9
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f4cd0df5-27ca-4217-8687-7b2e171eea3b.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\Downloads\lsop.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\servers.def.vpx
binary
MD5: 7eae1fa681ab95d4d84aaecef04da987
SHA256: b413a4900f70a8dc71c2d492944e14c1c3902a9b0705e6d73245c1d8645f5be4
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarA216.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabA215.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarA204.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabA203.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarA1E3.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabA1E2.tmp
––
MD5:  ––
SHA256:  ––
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\servers.def
text
MD5: c66eff1e07edd34ae3465b8fb23020f1
SHA256: 8eb05c4d9b307cf69ed5f13dac4b18c912ea11b2230e62d9891ef1c138380a42
2248
instup.exe
C:\Windows\Temp\asw.33df43f168676700\servers.def.lkg
text
MD5: c66eff1e07edd34ae3465b8fb23020f1
SHA256: 8eb05c4d9b307cf69ed5f13dac4b18c912ea11b2230e62d9891ef1c138380a42
2248
instup.exe
event_manager.log
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF169f04.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF169e58.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF169e0a.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: caffcde8d6d30a1660d4b85a33d3a252
SHA256: f1961bd75fdb6d3996bd873e8f49f5a726b51cf282769666cdbf302b7dc8947c
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF1699a5.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF169918.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\cd7d147d-0ad0-4c11-868a-6ca0ffd5df51.tmp
––
MD5:  ––
SHA256:  ––
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF1698ca.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF1698ab.TMP
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF16986c.TMP
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF16987c.TMP
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF16983d.TMP
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3584
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
2944
instup.exe
C:\Windows\Temp\asw.33df43f168676700\config.def.ini
text
MD5: 43eb2ccca2b22694a01c66ea92e836a3
SHA256: f5c5adc6e432d9385de75c7bb87656ec38f48ea5d622516d9bc1542bd3a8fd67

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
25
TCP/UDP connections
49
DNS requests
64
Threats
4

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2900 chrome.exe GET 302 216.239.36.21:80 http://download.pdfforge.org/go/op/lsop.exe US
––
––
malicious
3584 chrome.exe GET 200 205.185.216.10:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3584 chrome.exe GET 200 205.185.216.10:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt US
der
whitelisted
2784 installer.exe POST 200 104.18.88.101:80 http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart US
text
text
malicious
2784 installer.exe POST 200 104.18.88.101:80 http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart US
text
text
malicious
3656 OfferInstaller.exe GET 200 104.16.236.79:80 http://sdl.adaware.com/cdn/avast_free_antivirus_setup_online.exe US
executable
suspicious
3836 scc0hqpq.q4x.exe POST 204 5.62.40.214:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
3836 scc0hqpq.q4x.exe POST 200 216.58.207.78:80 http://www.google-analytics.com/collect US
text
image
whitelisted
3836 scc0hqpq.q4x.exe GET 200 2.16.186.50:80 http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe unknown
executable
whitelisted
3836 scc0hqpq.q4x.exe POST 200 216.58.207.78:80 http://www.google-analytics.com/collect US
text
image
whitelisted
3836 scc0hqpq.q4x.exe POST 204 5.62.40.214:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2288 avast_free_antivirus_setup_online.exe GET 200 216.58.207.78:80 http://www.google-analytics.com/collect?aiid=mmm_lvs_ppi_002_967_n&an=Free&av=19.7.4674&cd=stub-extended&cd3=Online&cid=ef8b7e5a-09c1-4bbd-95c9-c61462d2466e&dt=Installation&t=screenview&tid=UA-58120669-3&v=1 US
image
whitelisted
2288 avast_free_antivirus_setup_online.exe POST 204 5.62.40.214:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2248 instup.exe GET 200 23.52.73.102:80 http://z3746924.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx US
binary
whitelisted
2248 instup.exe GET 200 23.52.73.102:80 http://z3746924.iavs9x.u.avast.com/iavs9x/avbugreport_ais-954.vpx US
binary
whitelisted
2248 instup.exe GET 200 23.52.73.102:80 http://z3746924.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-954.vpx US
binary
whitelisted
2248 instup.exe GET 200 23.52.73.102:80 http://z3746924.iavs9x.u.avast.com/iavs9x/offertool_ais-954.vpx US
binary
whitelisted
2248 instup.exe GET 200 23.52.73.102:80 http://z3746924.iavs9x.u.avast.com/iavs9x/sbr_x86_ais-954.vpx US
binary
whitelisted
2944 instup.exe GET 200 23.52.73.102:80 http://g0679661.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx US
binary
whitelisted
2944 instup.exe GET 200 87.245.215.30:80 http://x5026866.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx AT
binary
whitelisted
2944 instup.exe GET 200 87.245.215.30:80 http://x5026866.vps18tiny.u.avcdn.net/vps18tiny/part-jrog2-85.vpx AT
binary
whitelisted
2944 instup.exe GET 200 87.245.215.30:80 http://x5026866.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-19091001.vpx AT
binary
whitelisted
–– –– POST 204 5.62.40.203:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
–– –– POST 204 5.62.40.214:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
–– –– GET –– 87.245.215.30:80 http://x5026866.vps18tiny.u.avcdn.net/vps18tiny/jrog2-85.vpx AT
––
––
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2900 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
2900 chrome.exe 172.217.22.45:443 Google Inc. US whitelisted
2900 chrome.exe 216.239.36.21:80 Google Inc. US whitelisted
2900 chrome.exe 46.165.196.218:443 Leaseweb Deutschland GmbH DE suspicious
–– –– 216.58.206.14:443 Google Inc. US whitelisted
2900 chrome.exe 172.217.18.4:443 Google Inc. US whitelisted
3584 chrome.exe 205.185.216.10:80 Highwinds Network Group, Inc. US whitelisted
2900 chrome.exe 172.217.22.3:443 Google Inc. US whitelisted
2784 installer.exe 104.18.88.101:80 Cloudflare Inc US malicious
1008 GenericSetup.exe 104.16.236.79:443 Cloudflare Inc US suspicious
1008 GenericSetup.exe 104.18.87.101:443 Cloudflare Inc US malicious
3656 OfferInstaller.exe 104.18.87.101:443 Cloudflare Inc US malicious
3656 OfferInstaller.exe 104.16.236.79:80 Cloudflare Inc US suspicious
3836 scc0hqpq.q4x.exe 5.62.40.214:80 AVAST Software s.r.o. DE unknown
3836 scc0hqpq.q4x.exe 216.58.207.78:80 Google Inc. US whitelisted
3836 scc0hqpq.q4x.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
2288 avast_free_antivirus_setup_online.exe 216.58.207.78:80 Google Inc. US whitelisted
2288 avast_free_antivirus_setup_online.exe 5.62.40.214:80 AVAST Software s.r.o. DE unknown
2248 instup.exe 5.62.44.66:443 AVAST Software s.r.o. US unknown
–– –– 8.8.8.8:53 Google Inc. US whitelisted
2248 instup.exe 8.8.8.8:53 Google Inc. US whitelisted
2248 instup.exe 87.245.215.57:80 RETN Limited AT unknown
2248 instup.exe 23.52.73.102:80 Akamai Technologies, Inc. US unknown
2944 instup.exe 8.8.8.8:53 Google Inc. US whitelisted
2944 instup.exe 23.52.73.102:80 Akamai Technologies, Inc. US unknown
2944 instup.exe 87.245.215.30:80 RETN Limited AT unknown
2944 instup.exe 5.62.44.66:443 AVAST Software s.r.o. US unknown
2944 instup.exe 5.45.58.60:443 AVAST Software s.r.o. CZ unknown
–– –– 5.62.40.210:443 AVAST Software s.r.o. DE unknown
–– –– 5.62.40.203:80 AVAST Software s.r.o. DE unknown
–– –– 5.62.40.214:80 AVAST Software s.r.o. DE unknown
–– –– 87.245.215.30:80 RETN Limited AT unknown

DNS requests

Domain IP Reputation
download.pdfforge.org 216.239.36.21
216.239.38.21
216.239.34.21
216.239.32.21
malicious
clientservices.googleapis.com 172.217.21.227
whitelisted
accounts.google.com 172.217.22.45
shared
azure.download.pdfforge.org 46.165.196.218
unknown
sb-ssl.google.com 216.58.206.14
whitelisted
www.google.com 172.217.18.4
whitelisted
www.download.windowsupdate.com 205.185.216.10
205.185.216.42
whitelisted
ssl.gstatic.com 172.217.22.3
whitelisted
flow.lavasoft.com 104.18.88.101
104.18.87.101
malicious
sos.adaware.com 104.16.236.79
104.16.235.79
malicious
sdl.adaware.com 104.16.236.79
104.16.235.79
suspicious
v7event.stats.avast.com 5.62.40.214
5.62.40.203
whitelisted
iavs9x.u.avast.com 2.16.186.50
2.16.186.104
whitelisted
www.google-analytics.com 216.58.207.78
whitelisted
shepherd.ff.avast.com 69.94.69.82
5.62.44.66
whitelisted
b1477563.iavs9x.u.avast.com 23.52.73.102
23.52.73.95
malicious
h6891735.iavs9x.u.avast.com 87.245.215.57
87.245.215.23
whitelisted
s-iavs9x.avcdn.net 2.23.108.133
malicious
z3746924.iavs9x.u.avast.com 23.52.73.95
23.52.73.102
whitelisted
r4907515.iavs9x.u.avast.com 87.245.215.57
87.245.215.23
whitelisted
w5810700.iavs9x.u.avast.com 87.245.215.57
87.245.215.23
whitelisted
d3336443.iavs9x.u.avast.com 87.245.215.23
87.245.215.57
suspicious
t7758057.iavs9x.u.avast.com 213.197.182.200
213.197.182.208
suspicious
g0679661.iavs9x.u.avast.com 23.52.73.95
23.52.73.102
whitelisted
d4130079.vps18tiny.u.avcdn.net 213.197.182.201
213.197.182.200
suspicious
r4907515.vps18tiny.u.avcdn.net 2.16.106.203
2.16.106.152
whitelisted
s-vps18tiny.avcdn.net 2.23.108.133
malicious
h1745978.vps18tiny.u.avcdn.net 87.245.215.30
87.245.215.31
whitelisted
p3357684.vps18tiny.u.avcdn.net 87.245.215.31
87.245.215.30
whitelisted
x5026866.vps18tiny.u.avcdn.net 87.245.215.31
87.245.215.30
whitelisted
alpha-license-dealer.ff.avast.com 5.45.58.60
69.94.69.206
69.94.69.210
whitelisted
alpha-iqs.ff.avast.com 5.62.40.210
77.234.45.250
77.234.45.249
whitelisted

Threats

PID Process Class Message
2784 installer.exe A Network Trojan was detected ET MALWARE Lavasoft PUA/Adware Client Install
3656 OfferInstaller.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3656 OfferInstaller.exe Potentially Bad Traffic ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3836 scc0hqpq.q4x.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.