General Info

File name

Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe

Full analysis
https://app.any.run/tasks/088028c1-cb3f-42ba-a77b-b97701d2a2c6
Verdict
Malicious activity
Analysis date
12/3/2019, 02:10:50
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

installcore

pup

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

2bd38d2fa87a04b326db1f464c93359f

SHA1

b294fd20f748668f2f3de0ed232dba0bc71539a3

SHA256

8f867f2bab359e0826221ac1ee85012e76950568a2537823475fcbbb7d0e3f8d

SSDEEP

49152:Tw7N/sk5l1je+VNGHnZx4kxcK7PrEkjE8Od2nD3M/AWN:c7rFiN5WOfhjEa6zN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • engsup.exe (PID: 3180)
  • instup.exe (PID: 2388)
  • instup.exe (PID: 600)
  • wsc_proxy.exe (PID: 2104)
  • AvastNM.exe (PID: 3176)
  • wsc_proxy.exe (PID: 1488)
  • AvastSvc.exe (PID: 776)
  • overseer.exe (PID: 960)
  • engsup.exe (PID: 4064)
  • RegSvr.exe (PID: 2772)
  • avBugReport.exe (PID: 2616)
  • RegSvr.exe (PID: 3688)
  • CCUpdate.exe (PID: 3268)
  • CCUpdate.exe (PID: 2476)
  • CCUpdate.exe (PID: 3708)
  • SetupInf.exe (PID: 2868)
  • AvEmUpdate.exe (PID: 2576)
  • AvEmUpdate.exe (PID: 2152)
  • CCUpdate.exe (PID: 2412)
  • AvEmUpdate.exe (PID: 2508)
  • CCUpdate.exe (PID: 2668)
  • SetupInf.exe (PID: 1404)
  • AvEmUpdate.exe (PID: 3368)
  • SetupInf.exe (PID: 252)
  • SetupInf.exe (PID: 3992)
  • sbr.exe (PID: 2720)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 1560)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 2524)
  • instup.exe (PID: 2160)
  • instup.exe (PID: 2380)
  • avast_free_antivirus_setup_online.exe (PID: 3460)
  • avastfreeantivirussetuponline.m.exe (PID: 884)
Disables Windows Defender
  • wsc_proxy.exe (PID: 2104)
Changes settings of System certificates
  • AvastSvc.exe (PID: 776)
Loads dropped or rewritten executable
  • engsup.exe (PID: 3180)
  • RegSvr.exe (PID: 3688)
  • AvastSvc.exe (PID: 776)
  • RegSvr.exe (PID: 2772)
  • engsup.exe (PID: 4064)
  • CCUpdate.exe (PID: 3708)
  • AvEmUpdate.exe (PID: 3368)
  • AvEmUpdate.exe (PID: 2508)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 2524)
  • instup.exe (PID: 2380)
  • instup.exe (PID: 2160)
Loads the Task Scheduler COM API
  • overseer.exe (PID: 960)
  • CCUpdate.exe (PID: 2476)
  • AvEmUpdate.exe (PID: 3368)
  • CCUpdate.exe (PID: 3268)
  • AvEmUpdate.exe (PID: 2576)
Downloads executable files from the Internet
  • CCUpdate.exe (PID: 3268)
  • AvEmUpdate.exe (PID: 3368)
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
  • avastfreeantivirussetuponline.m.exe (PID: 884)
Changes the autorun value in the registry
  • instup.exe (PID: 2380)
INSTALLCORE was detected
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Connects to CnC server
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Creates or modifies windows services
  • wsc_proxy.exe (PID: 2104)
  • wsc_proxy.exe (PID: 1488)
  • RegSvr.exe (PID: 2772)
  • AvastSvc.exe (PID: 776)
  • RegSvr.exe (PID: 3688)
  • avBugReport.exe (PID: 2616)
  • SetupInf.exe (PID: 2868)
  • AvEmUpdate.exe (PID: 2576)
  • AvEmUpdate.exe (PID: 3368)
  • SetupInf.exe (PID: 1404)
  • AvEmUpdate.exe (PID: 2152)
  • SetupInf.exe (PID: 252)
  • AvEmUpdate.exe (PID: 2508)
  • SetupInf.exe (PID: 3992)
  • instup.exe (PID: 2160)
  • instup.exe (PID: 2380)
Removes files from Windows directory
  • avast_free_antivirus_setup_online.exe (PID: 3460)
  • AvEmUpdate.exe (PID: 3368)
  • instup.exe (PID: 2380)
  • instup.exe (PID: 2160)
Reads Internet Cache Settings
  • instup.exe (PID: 2380)
Executable content was dropped or overwritten
  • AvastSvc.exe (PID: 776)
  • overseer.exe (PID: 960)
  • CCUpdate.exe (PID: 3268)
  • CCUpdate.exe (PID: 2412)
  • AvEmUpdate.exe (PID: 2508)
  • AvEmUpdate.exe (PID: 3368)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 2524)
  • avastfreeantivirussetuponline.m.exe (PID: 884)
  • instup.exe (PID: 2160)
  • avast_free_antivirus_setup_online.exe (PID: 3460)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 1560)
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
  • CCUpdate.exe (PID: 2668)
  • instup.exe (PID: 2380)
Low-level read access rights to disk partition
  • AvastSvc.exe (PID: 776)
  • overseer.exe (PID: 960)
  • avBugReport.exe (PID: 2616)
  • CCUpdate.exe (PID: 2668)
  • CCUpdate.exe (PID: 3268)
  • CCUpdate.exe (PID: 3708)
  • CCUpdate.exe (PID: 2476)
  • AvEmUpdate.exe (PID: 3368)
  • AvEmUpdate.exe (PID: 2152)
  • CCUpdate.exe (PID: 2412)
  • AvEmUpdate.exe (PID: 2508)
  • instup.exe (PID: 2380)
  • avast_free_antivirus_setup_online.exe (PID: 3460)
  • avastfreeantivirussetuponline.m.exe (PID: 884)
  • instup.exe (PID: 2160)
Reads Environment values
  • AvastSvc.exe (PID: 776)
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Reads the cookies of Google Chrome
  • engsup.exe (PID: 3180)
Creates files in the program directory
  • engsup.exe (PID: 4064)
  • AvastNM.exe (PID: 3176)
  • wsc_proxy.exe (PID: 1488)
  • engsup.exe (PID: 3180)
  • overseer.exe (PID: 960)
  • CCUpdate.exe (PID: 2476)
  • CCUpdate.exe (PID: 3268)
  • avBugReport.exe (PID: 2616)
  • AvEmUpdate.exe (PID: 2576)
  • CCUpdate.exe (PID: 2668)
  • CCUpdate.exe (PID: 2412)
  • AvEmUpdate.exe (PID: 3368)
  • avast_free_antivirus_setup_online.exe (PID: 3460)
  • instup.exe (PID: 2160)
  • AvastSvc.exe (PID: 776)
  • instup.exe (PID: 2380)
Creates COM task schedule object
  • RegSvr.exe (PID: 3688)
  • RegSvr.exe (PID: 2772)
  • instup.exe (PID: 2380)
Reads the cookies of Mozilla Firefox
  • engsup.exe (PID: 3180)
Executed as Windows Service
  • AvastSvc.exe (PID: 776)
Creates files in the Windows directory
  • AvastSvc.exe (PID: 776)
  • AvEmUpdate.exe (PID: 3368)
  • avast_free_antivirus_setup_online.exe (PID: 3460)
  • avastfreeantivirussetuponline.m.exe (PID: 884)
  • instup.exe (PID: 2160)
  • instup.exe (PID: 2380)
Application launched itself
  • CCUpdate.exe (PID: 3268)
  • AvEmUpdate.exe (PID: 3368)
  • cmd.exe (PID: 3856)
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 1296)
Creates files in the driver directory
  • AvEmUpdate.exe (PID: 3368)
  • instup.exe (PID: 2380)
Starts itself from another location
  • CCUpdate.exe (PID: 2668)
  • instup.exe (PID: 2160)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 1560)
Creates a software uninstall entry
  • AvEmUpdate.exe (PID: 2508)
  • instup.exe (PID: 2380)
Starts CMD.EXE for self-deleting
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Starts CMD.EXE for commands execution
  • cmd.exe (PID: 3856)
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 2524)
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Modifies the open verb of a shell class
  • instup.exe (PID: 2380)
Reads internet explorer settings
  • install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe (PID: 2524)
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Starts Internet Explorer
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Changes tracing settings of the file or console
  • Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe (PID: 3280)
Searches for installed software
  • AvastSvc.exe (PID: 776)
Reads the hosts file
  • AvastSvc.exe (PID: 776)
  • overseer.exe (PID: 960)
  • instup.exe (PID: 2380)
  • instup.exe (PID: 2160)
Dropped object may contain Bitcoin addresses
  • AvEmUpdate.exe (PID: 3368)
  • instup.exe (PID: 2380)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 2788)
  • IEXPLORE.EXE (PID: 3244)
Reads Internet Cache Settings
  • IEXPLORE.EXE (PID: 3244)
  • IEXPLORE.EXE (PID: 2788)
Creates files in the user directory
  • IEXPLORE.EXE (PID: 2788)
  • IEXPLORE.EXE (PID: 3244)
Changes internet zones settings
  • IEXPLORE.EXE (PID: 2584)
Application launched itself
  • IEXPLORE.EXE (PID: 2584)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable Delphi generic (45.2%)
.dll
|   Win32 Dynamic Link Library (generic) (20.9%)
.exe
|   Win32 Executable (generic) (14.3%)
.exe
|   Win16/32 Executable Delphi generic (6.6%)
.exe
|   Generic Win/DOS Executable (6.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2016:04:06 16:39:04+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
66560
InitializedDataSize:
53760
UninitializedDataSize:
null
EntryPoint:
0x117dc
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
FileDescription:
Namotitidi Setup
FileVersion:
LegalCopyright:
Bolukona
ProductName:
Namotitidi
ProductVersion:
1.3
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
06-Apr-2016 14:39:04
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
null
FileDescription:
Namotitidi Setup
FileVersion:
null
LegalCopyright:
Bolukona
ProductName:
Namotitidi
ProductVersion:
1.3
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
06-Apr-2016 14:39:04
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000F244 0x0000F400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.39966
.itext 0x00011000 0x00000F64 0x00001000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.73408
.data 0x00012000 0x00000C88 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.29672
.bss 0x00013000 0x000056BC 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x00019000 0x00000E04 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.59781
.tls 0x0001A000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0001B000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.204488
.rsrc 0x0001C000 0x0000B200 0x0000B200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.14026
Resources
1

2

3

4

4091

4092

4093

4094

4095

4096

11111

CHARTABLE

DVCLAL

PACKAGEINFO

MAINICON

Imports
    oleaut32.dll

    advapi32.dll

    user32.dll

    kernel32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
83
Monitored processes
41
Malicious processes
19
Suspicious processes
7

Behavior graph

+
start drop and start download and start download and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start adobe_flash_player_(internet_explorer)_64-bit_4278559186.exe no specs #INSTALLCORE adobe_flash_player_(internet_explorer)_64-bit_4278559186.exe avastfreeantivirussetuponline.m.exe avast_free_antivirus_setup_online.exe instup.exe install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe iexplore.exe iexplore.exe instup.exe install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe cmd.exe no specs timeout.exe no specs sbr.exe no specs cmd.exe no specs iexplore.exe cmd.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe avemupdate.exe avemupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe avbugreport.exe regsvr.exe no specs regsvr.exe no specs avastnm.exe no specs overseer.exe engsup.exe no specs wsc_proxy.exe no specs avastsvc.exe engsup.exe no specs wsc_proxy.exe no specs instup.exe no specs instup.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1296
CMD
"C:\Users\admin\AppData\Local\Temp\Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe"
Path
C:\Users\admin\AppData\Local\Temp\Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Namotitidi Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\adobe_flash_player_(internet_explorer)_64-bit_4278559186.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3280
CMD
"C:\Users\admin\AppData\Local\Temp\Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl
Path
C:\Users\admin\AppData\Local\Temp\Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
Indicators
Parent process
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Namotitidi Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\adobe_flash_player_(internet_explorer)_64-bit_4278559186.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\olepro32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\in133d03c4\70553708_stp\avastfreeantivirussetuponline.m.exe
c:\users\admin\downloads\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe

PID
884
CMD
"C:\Users\admin\AppData\Local\Temp\in133D03C4\70553708_stp\avastfreeantivirussetuponline.m.exe" /silent /psh:MHF1aHAqJGF1KCUUdSxQE3YuJWJja3UheCohZHwpI2V2KCBkdCkjZX0qNzojfnQneFlHFBZMNzY3eyJneComYnUgI2R0KCD+RwAAAEUYEVU= /ws
Path
C:\Users\admin\AppData\Local\Temp\in133D03C4\70553708_stp\avastfreeantivirussetuponline.m.exe
Indicators
Parent process
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1252.0
Modules
Image
c:\users\admin\appdata\local\temp\in133d03c4\70553708_stp\avastfreeantivirussetuponline.m.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\temp\asw.17727fbca8f5acaf\avast_free_antivirus_setup_online.exe
c:\windows\system32\apphelp.dll

PID
3460
CMD
"C:\Windows\Temp\asw.17727fbca8f5acaf\avast_free_antivirus_setup_online.exe" /silent /psh:MHF1aHAqJGF1KCUUdSxQE3YuJWJja3UheCohZHwpI2V2KCBkdCkjZX0qNzojfnQneFlHFBZMNzY3eyJneComYnUgI2R0KCD+RwAAAEUYEVU= /ws /ga_clientid:928f7e39-1488-4ada-9761-1b02366fdd17 /edat_dir:C:\Windows\Temp\asw.17727fbca8f5acaf
Path
C:\Windows\Temp\asw.17727fbca8f5acaf\avast_free_antivirus_setup_online.exe
Indicators
Parent process
avastfreeantivirussetuponline.m.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\windows\temp\asw.17727fbca8f5acaf\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.25672edae8406733\instup.exe

PID
2160
CMD
"C:\Windows\Temp\asw.25672edae8406733\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edition:1 /ga_clientid:928f7e39-1488-4ada-9761-1b02366fdd17 /guid:3d406fc2-3afb-4b77-b7cb-a05ff5faa992 /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.25672edae8406733 /silent /psh:MHF1aHAqJGF1KCUUdSxQE3YuJWJja3UheCohZHwpI2V2KCBkdCkjZX0qNzojfnQneFlHFBZMNzY3eyJneComYnUgI2R0KCD+RwAAAEUYEVU= /ws /ga_clientid:928f7e39-1488-4ada-9761-1b02366fdd17 /edat_dir:C:\Windows\Temp\asw.17727fbca8f5acaf
Path
C:\Windows\Temp\asw.25672edae8406733\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\windows\temp\asw.25672edae8406733\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.25672edae8406733\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.25672edae8406733\uat_2160.dll
c:\windows\temp\asw.25672edae8406733\new_13080959\asw54b8863df5a73fb8.tmp
c:\windows\temp\asw.25672edae8406733\new_13080959\aswf1f51fbff3587d04.tmp
c:\windows\temp\asw.25672edae8406733\new_13080959\aswb4e25d5fa8406d92.tmp
c:\windows\temp\asw.25672edae8406733\new_13080959\aswf7cb094ef9ca5bbd.tmp
c:\windows\temp\asw.25672edae8406733\new_13080959\aswa753ef47772bf49d.tmp
c:\windows\temp\asw.25672edae8406733\new_13080959\aswdb6190b18c7411bc.tmp
c:\windows\temp\asw.25672edae8406733\new_13080959\aswdf96724aa9f1f9ef.tmp
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.25672edae8406733\new_13080959\instup.exefa8406d92.tmp

PID
1560
CMD
"C:\Users\admin\Downloads\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe"
Path
C:\Users\admin\Downloads\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
Indicators
Parent process
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Solid State Networks
Description
Adobe Flash Player Installer
Version
3.2.2.3
Modules
Image
c:\users\admin\downloads\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe

PID
2584
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ic-dc.applicationlaboratorygift.com/pr/c51018e2-c867-11e6-bdf1-0a5c81a6aa2b/typ_1.html?exld=101&exlg=494
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
2788
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:79873
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll

PID
2380
CMD
"C:\Windows\Temp\asw.25672edae8406733\New_13080959\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edat_dir:C:\Windows\Temp\asw.17727fbca8f5acaf /edition:1 /ga_clientid:928f7e39-1488-4ada-9761-1b02366fdd17 /guid:3d406fc2-3afb-4b77-b7cb-a05ff5faa992 /online_installer /prod:ais /psh:MHF1aHAqJGF1KCUUdSxQE3YuJWJja3UheCohZHwpI2V2KCBkdCkjZX0qNzojfnQneFlHFBZMNzY3eyJneComYnUgI2R0KCD+RwAAAEUYEVU= /sfx /sfxstorage:C:\Windows\Temp\asw.25672edae8406733 /silent /ws
Path
C:\Windows\Temp\asw.25672edae8406733\New_13080959\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\windows\temp\asw.25672edae8406733\new_13080959\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.25672edae8406733\new_13080959\instup.dllef9ca5bbd.tmp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.25672edae8406733\uat_2380.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.25672edae8406733\new_13080959\sbr.exe90b18c7411bc.tmp
c:\program files\avast software\avast\asw984ff462c27e16ad.tmp
c:\program files\avast software\avast\aswdf971ab1e94197c8.tmp
c:\program files\avast software\avast\setup\inf\x86\aswb14c2f48acd8494d.tmp
c:\program files\avast software\avast\setup\inf\x86\aswcc07b61ec744d562.tmp
c:\program files\avast software\avast\setup\inf\x86\aswdf62c2259a183fe1.tmp
c:\program files\avast software\avast\setup\inf\x86\asw5b50aa0e87b6c3ab.tmp
c:\program files\avast software\avast\tuneupbin\asw4499b06343f9337b.tmp
c:\program files\avast software\avast\asw98bc89ec89bdee4e.tmp
c:\program files\avast software\avast\asw2c1f0bd6135cd4fb.tmp
c:\program files\avast software\avast\asw0fc0cbd12a140b1c.tmp
c:\program files\avast software\avast\asw37d8aad2f0f5650e.tmp
c:\program files\avast software\avast\asw102824f1d9bebf11.tmp
c:\program files\avast software\avast\aswf6fd9f30bcfe9e0b.tmp
c:\program files\avast software\avast\asw62f49c548346a232.tmp
c:\program files\avast software\avast\aswa024e3e1281a31ee.tmp
c:\program files\avast software\avast\asw444f7267e67d665b.tmp
c:\program files\avast software\avast\aswd2b28aa05f4ed65a.tmp
c:\program files\avast software\avast\aswb453a03bd701cb4a.tmp
c:\program files\avast software\avast\aswfa97645bf2655daf.tmp
c:\program files\avast software\avast\asw429a7fbe6a91bfe0.tmp
c:\program files\avast software\avast\aswe1c7c5311bb684d2.tmp
c:\program files\avast software\avast\aswaff37b499a4ec168.tmp
c:\program files\avast software\avast\asw88e5ad1c1db5d08a.tmp
c:\program files\avast software\avast\aswba2a677abe555d7d.tmp
c:\program files\avast software\avast\rescuedisk\asw3f03ba2ba55af090.tmp
c:\program files\avast software\avast\rescuedisk\aswa6ba31a5860b1540.tmp
c:\program files\avast software\avast\rescuedisk\aswc631ae11e39026a3.tmp
c:\program files\avast software\avast\rescuedisk\asw890f3de141faaf29.tmp
c:\program files\avast software\avast\rescuedisk\asw08a19598302d9b3c.tmp
c:\program files\avast software\avast\asw35805fd31c4715d3.tmp
c:\program files\avast software\avast\setup\redist\aswe8ed3867c090d4f2.tmp
c:\program files\avast software\avast\asw5c2aa2e594124627.tmp
c:\program files\avast software\avast\aswba51f2661485465d.tmp
c:\program files\avast software\avast\setup\inf\x86\asw3568877068d19d0d.tmp
c:\program files\avast software\avast\aswe5774b86610aed3f.tmp
c:\program files\avast software\avast\aswad9c89b949dc78c5.tmp
c:\program files\avast software\avast\1033\asw48e3406340c584e4.tmp
c:\program files\avast software\avast\1033\asw66478e979ad01558.tmp
c:\program files\avast software\avast\1033\asw8fecc417f69959cb.tmp
c:\program files\avast software\avast\setup\inf\x86\asw8925cc8fffb9297b.tmp
c:\program files\avast software\avast\setup\inf\x86\aswb7ed692995bb789c.tmp
c:\program files\avast software\avast\asw8e664375e3106912.tmp
c:\program files\avast software\avast\aswad44a3b26c6db023.tmp
c:\program files\avast software\avast\asw014d001605fa98f7.tmp
c:\program files\avast software\avast\asw17a413a9efa20fca.tmp
c:\program files\avast software\avast\asw91c60735eb0bf434.tmp
c:\program files\avast software\avast\asw169e267e18c33161.tmp
c:\program files\avast software\avast\asw81ff5a2548b1d70a.tmp
c:\program files\avast software\avast\aswa2782ad2d0c5daec.tmp
c:\program files\avast software\avast\asw9eff9e90fcfb352a.tmp
c:\program files\avast software\avast\asw8e184f61d7c81860.tmp
c:\program files\avast software\avast\asw3e8e040f8528c7d1.tmp
c:\program files\avast software\avast\aswb1d80272dca0ed7b.tmp
c:\program files\avast software\avast\asw0e6e012af00ac233.tmp
c:\program files\avast software\avast\asw7db4dc43af6af45e.tmp
c:\program files\avast software\avast\asw56ecc1b849a5e963.tmp
c:\program files\avast software\avast\asw32c9f7306923bfa5.tmp
c:\program files\avast software\avast\asw4d53c4d96cbcefb5.tmp
c:\program files\avast software\avast\asw444bf096ba652134.tmp
c:\program files\avast software\avast\aswaa34919a6f8bb36f.tmp
c:\program files\avast software\avast\asw07edc371418d341b.tmp
c:\program files\avast software\avast\aswd37b1867300e7488.tmp
c:\program files\avast software\avast\asw3e541bba82c1043f.tmp
c:\program files\avast software\avast\aswe2370b4c74e0db38.tmp
c:\program files\avast software\avast\asw0a31d69d53b7cf2a.tmp
c:\program files\avast software\avast\asw66f51071ed5eb296.tmp
c:\program files\avast software\avast\aswd7960fbdfefe47ad.tmp
c:\program files\avast software\avast\asw850477e190236fc9.tmp
c:\program files\avast software\avast\aswdfcd89123ad1a315.tmp
c:\program files\avast software\avast\aswd9be3411bcc1c207.tmp
c:\program files\avast software\avast\aswb86ebede9fc8afd4.tmp
c:\program files\avast software\avast\asw61a17dcf317f28e6.tmp
c:\program files\avast software\avast\asw09928d02d250a429.tmp
c:\program files\avast software\avast\asw0db294af737a07da.tmp
c:\program files\avast software\avast\aswa0731b7bfd035efa.tmp
c:\program files\avast software\avast\asw560d585ee4fd70d9.tmp
c:\program files\avast software\avast\aswea94d8eaaba29ac2.tmp
c:\program files\avast software\avast\asw7156efbf01a1a14f.tmp
c:\program files\avast software\avast\asw0de886527b66932b.tmp
c:\program files\avast software\avast\asw4dfe8dfd2a26d331.tmp
c:\program files\avast software\avast\asw8799f5fe48c67982.tmp
c:\program files\avast software\avast\asw06980151e33f74c6.tmp
c:\program files\avast software\avast\asw3bdc2e80b2d7541a.tmp
c:\program files\avast software\avast\asw5ebf199fcbd28cee.tmp
c:\program files\avast software\avast\asw08dc9e94c97e08ce.tmp
c:\program files\avast software\avast\asw94e8e0d1d72e7404.tmp
c:\program files\avast software\avast\asw9abbafa6f22d5aa5.tmp
c:\program files\avast software\avast\asw7fb0c29da6aab2e9.tmp
c:\program files\avast software\avast\asw5aa2671efbd02355.tmp
c:\program files\avast software\avast\aswd8cc37fddd47ada0.tmp
c:\program files\avast software\avast\aswca72a48a906b9dc9.tmp
c:\program files\avast software\avast\asw88659984f72fd47c.tmp
c:\program files\avast software\avast\aswcdc76c827a2afee3.tmp
c:\program files\avast software\avast\asw80d05cc9231a93de.tmp
c:\program files\avast software\avast\aswe2030191ee21b5d5.tmp
c:\program files\avast software\avast\aswdcefa9500bbb5845.tmp
c:\program files\avast software\avast\asw5faf417eb26a6306.tmp
c:\program files\avast software\avast\asw5064c0d43590ba59.tmp
c:\program files\avast software\avast\asw0e74945cce4651cb.tmp
c:\program files\avast software\avast\aswb865851dd92cc129.tmp
c:\program files\avast software\avast\aswb97108eba3c6eb5b.tmp
c:\program files\avast software\avast\aswd3b33e6ccd3a8b5d.tmp
c:\program files\avast software\avast\asw59a1ff15a240742f.tmp
c:\program files\avast software\avast\aswc1d571f2f329df44.tmp
c:\program files\avast software\avast\asw27fd9ba03e3e053d.tmp
c:\program files\avast software\avast\asw30da1381e58ce33b.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswfbf0925dd1fe32ef.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw9a199672d3914213.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswaa4c42132636bb49.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswdd0c56e04b6e8954.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw896edb5a40e19b24.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw1bb842c9e19c1056.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswa5e1e19fd449bf77.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw277061c303eb21cd.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw8e37dc2b5c444b33.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswb54bf66b5565e185.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw354a5ef037e3dd31.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw8f75c809cc8d6387.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw0898560b73ec884d.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw806928a562032ae6.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswd1e444f5c23cf852.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswe042e5b69a2c052d.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw38621aa822493c51.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw2326bca1d7805dc8.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswef7c4d3bc1d6a79d.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswf0cea65fd59b834e.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw35250be6bd5283d3.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswbfafbb0767bb74bf.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswd6e066fc9a634dda.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw8bd610760e8564c5.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswb292d63ecc67327f.tmp
c:\program files\avast software\avast\asw02831ef9aa25e1c4.tmp
c:\program files\avast software\avast\aswa1c98229f098e50f.tmp
c:\program files\avast software\avast\setup\inf\x86\asw9c335db966874c1f.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswc06ffd36d7402571.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw6f982769da6d6e06.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw8c8cb263f154dbab.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw32e673123140ef2e.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswe01fe86480b1c5ea.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw936cc8021acda695.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw155c45e274eae697.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw252e39e9cc6cea15.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw78c550a7acf17fce.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswf034b0e9a2a85b5d.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw89c5af8fae364c24.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswc7bd880a5a6349b1.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswf6ca7ae59a774e4b.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw916acc9a0adc7621.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswca7ce4ce87908717.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw292ede0e73d58134.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswc4b566b92703726d.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\asw9adb47f4013e9489.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.crt\x86\aswc898eade010902d5.tmp
c:\program files\avast software\avast\setup\redist\data\avast.vc140.mfc\x86\aswf17db5c16f7639e9.tmp
c:\program files\avast software\avast\setup\inf\x86\asw5313736ff1589029.tmp
c:\program files\avast software\avast\aswe9d6f2ffee097520.tmp
c:\program files\avast software\avast\setup\inf\x86\asw53e2caa84fd4875c.tmp
c:\program files\avast software\avast\asw1efa007a89586671.tmp
c:\program files\avast software\avast\asw1eae69b6137948d7.tmp
c:\program files\avast software\avast\setup\inf\x86\asw42e408557d9dfe2b.tmp
c:\program files\avast software\avast\setup\inf\x86\asw416d7418b9c33fe6.tmp
c:\program files\avast software\avast\setup\inf\x86\asw58f793273f235547.tmp
c:\program files\avast software\avast\setup\inf\x86\asw0a0227b436fc8567.tmp
c:\program files\avast software\avast\setup\inf\x86\aswb462da4c6e653151.tmp
c:\program files\avast software\avast\asw06516508244a377e.tmp
c:\program files\avast software\avast\aswa2b37676e62b6c88.tmp
c:\program files\avast software\avast\aswa535daa69e5c7c4e.tmp
c:\program files\avast software\avast\asw775f789f8c0df5a8.tmp
c:\program files\avast software\avast\asw64cac10e24339feb.tmp
c:\program files\avast software\avast\setup\aswb0648d74c4288c6a.tmp
c:\program files\avast software\avast\asw27770a0fdea8172c.tmp
c:\program files\avast software\avast\setup\inf\x86\asw56a50e78b37f7901.tmp
c:\program files\avast software\avast\aswe55f2f6af462fec3.tmp
c:\program files\avast software\avast\setup\asw51acc8bbaaa2567d.tmp
c:\program files\avast software\avast\setup\aswd796b6da9703c8a7.tmp
c:\program files\avast software\avast\setup\asw7095dbd2ceb9967b.tmp
c:\program files\avast software\avast\setup\asw2e6cbebf49d08d0d.tmp
c:\program files\avast software\avast\setup\asw4e09041e6819f6dc.tmp
c:\program files\avast software\avast\setup\asw1c1b920107a61c14.tmp
c:\program files\avast software\avast\setup\aswe8089091c315c434.tmp
c:\program files\avast software\avast\defs\19112999\asw3656877ac8c797ae.tmp
c:\program files\avast software\avast\defs\19112999\asw7d3e6df1c64685d9.tmp
c:\program files\avast software\avast\defs\19112999\aswfb5ffa8979bbbaae.tmp
c:\program files\avast software\avast\defs\19112999\asw27262f2c20ee69dd.tmp
c:\program files\avast software\avast\defs\19112999\asw30a9f1bb2b22d1fc.tmp
c:\program files\avast software\avast\defs\19112999\asw4da17c0c513950f0.tmp
c:\program files\avast software\avast\defs\19112999\asw76986f213f1a9a86.tmp
c:\program files\avast software\avast\defs\19112999\asw84aef7aa7f7e867d.tmp
c:\program files\avast software\avast\defs\19112999\aswaacc3d5b714e5077.tmp
c:\program files\avast software\avast\defs\19112999\asw4c86820edf9d6d04.tmp
c:\program files\avast software\avast\defs\19112999\aswe90bc64653767356.tmp
c:\program files\avast software\avast\defs\19112999\asw02a0d0a79dbf4496.tmp
c:\program files\avast software\avast\defs\19112999\aswc939dc0e498e99bf.tmp
c:\program files\avast software\avast\defs\19112999\asw27a8f9511fe22cfc.tmp
c:\program files\avast software\avast\defs\19112999\asw890f92b104001159.tmp
c:\program files\avast software\avast\defs\19112999\aswa19851c3a5f22679.tmp
c:\program files\avast software\avast\defs\19112999\asw0c103b95cdbe25f8.tmp
c:\program files\avast software\avast\defs\19112999\asw6ffe3f2c8a741f0e.tmp
c:\program files\avast software\avast\defs\19112999\aswfe46214cbf5f8e0e.tmp
c:\program files\avast software\avast\defs\19112999\aswd8e7815d75ccf868.tmp
c:\program files\avast software\avast\defs\19112999\asw678bdbe9b9b50fb0.tmp
c:\program files\avast software\avast\defs\19112999\asw1175f7eb35cd7f10.tmp
c:\program files\avast software\avast\defs\19112999\asw3fca7fde9b362ed2.tmp
c:\windows\system32\drivers\asw486abaa9b154cc1b.tmp
c:\windows\system32\drivers\aswdaacf005a740f2b4.tmp
c:\windows\system32\drivers\aswb28d4d7d7d16d8f1.tmp
c:\windows\system32\drivers\aswd96f0354a00613d2.tmp
c:\windows\system32\drivers\asw1ba0dea70c2873cd.tmp
c:\windows\system32\drivers\aswafba94747cc7e4e9.tmp
c:\windows\system32\drivers\asw3095033f4db1e84f.tmp
c:\windows\system32\drivers\asw28cfae119a1fa48f.tmp
c:\windows\system32\drivers\asw07c7778078bec87f.tmp
c:\windows\system32\drivers\aswf1828572ee22f4e8.tmp
c:\windows\system32\drivers\asw1f77141e9a767a62.tmp
c:\windows\system32\drivers\asw26e5dfa4784d22ad.tmp
c:\windows\system32\drivers\asw66ee9732e1a0b705.tmp
c:\windows\system32\drivers\aswc87fc57ea8f82aa8.tmp
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\avast software\avast\setupinf.exe4339feb.tmp
c:\windows\system32\wintrust.dll
c:\program files\avast software\avast\avemupdate.exeaf45e.tmp
c:\program files\avast software\avast\regsvr.exe6e62b6c88.tmp
c:\program files\avast software\avast\avastnm.exe49a5e963.tmp
c:\program files\common files\avast software\overseer\overseer.exe
c:\program files\avast software\avast\defs\19112999\engsup.exee9b362ed2.tmp
c:\program files\avast software\avast\wsc_proxy.exea0ed7b.tmp
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\program files\avast software\avast\dll_loader.dllb352a.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\aavmrpch.dll3106912.tmp
c:\program files\avast software\avast\aswproperty.dlld70a.tmp
c:\program files\avast software\avast\module_lifetime.dll.tmp
c:\program files\avast software\avast\ashtaskex.dllb7cf2a.tmp
c:\program files\avast software\avast\aavm4h.dllaf00ac233.tmp
c:\windows\system32\samcli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\avast software\avast\ashtask.dll74e0db38.tmp
c:\program files\avast software\avast\ashbase.dll418d341b.tmp
c:\windows\system32\wsock32.dll
c:\program files\avast software\avast\aswengldr.dll7f28e6.tmp
c:\program files\avast software\avast\aswcmnis.dllb0bf434.tmp
c:\program files\avast software\avast\aswcmnos.dll8c33161.tmp
c:\program files\avast software\avast\aswcmnbs.dllad1a315.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\libcrypto-1_1.dll71.tmp
c:\program files\avast software\avast\commchannel.dllbfa5.tmp
c:\program files\avast software\avast\aswip.dllaf737a07da.tmp
c:\program files\avast software\avast\libssl-1_1.dll948d7.tmp
c:\program files\avast software\avast\aswaux.dlldfefe47ad.tmp
c:\program files\avast software\avast\streamback.dlle053d.tmp
c:\program files\avast software\avast\aswlog.dllbfd035efa.tmp
c:\program files\avast software\avast\aswsqlt.dllaba29ac2.tmp
c:\program files\avast software\avast\log.dlla9500bbb5845.tmp
c:\program files\avast software\avast\aswpropertyav.dllec.tmp
c:\program files\avast software\avast\1033\base.dll06340c584e4.tmp
c:\windows\system32\winsatapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\dispci.dll
c:\windows\system32\wdi.dll
c:\windows\system32\firewallapi.dll

PID
2524
CMD
"C:\Users\admin\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe" {RemoveFile:C:\Users\admin\Downloads\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe}
Path
C:\Users\admin\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
Indicators
Parent process
install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Solid State Networks
Description
Adobe Flash Player Installer
Version
3.2.2.3
Modules
Image
c:\users\admin\appdata\local\temp\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\users\admin\appdata\local\temp\aih.b588c6c96508b3428366c4d3520b9927aef71216\launcher.dll
c:\users\admin\appdata\local\temp\aih.b588c6c96508b3428366c4d3520b9927aef71216\downloader.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wship6.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\shdocvw.dll

PID
3856
CMD
/d /c TIMEOUT 3 & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\ADOBE_~1.EXE"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\timeout.exe

PID
2148
CMD
TIMEOUT 3
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2720
CMD
"C:\Windows\Temp\asw.25672edae8406733\New_13080959\sbr.exe" 2380 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Path
C:\Windows\Temp\asw.25672edae8406733\New_13080959\sbr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Shutdown blocker
Version
19.8.4793.0
Modules
Image
c:\windows\temp\asw.25672edae8406733\new_13080959\sbr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1160
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\ADOBE_~1.EXE"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3244
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:14339
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\msi.dll

PID
3796
CMD
cmd /c ""C:\Users\admin\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.bat" "
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3992
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswRdr2.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\devobj.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
252
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswHwid.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
1404
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswVmm.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
2868
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswRvrt.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
2576
CMD
"C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe" /installer /reg
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Emergency Update
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3368
CMD
"C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe" /installer1
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Emergency Update
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswrvrt.dlle4fd70d9.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\apphelp.dll
c:\program files\avast software\avast\avemupdate.exeaf45e.tmp
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\avbugreport.exef5a8.tmp

PID
2152
CMD
AvEmUpdate.exe /installer1 /emupdater /applydll "C:\Program Files\AVAST Software\Avast\Setup\13fbdc9e-de34-4841-bb36-8feb64250891.dll"
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Emergency Update
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\avast software\avast\setup\13fbdc9e-de34-4841-bb36-8feb64250891.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe

PID
2508
CMD
AvEmUpdate.exe /installer1 /emupdater /applydll "C:\Program Files\AVAST Software\Avast\Setup\70b3658e-38dd-4bfa-83c9-c617253ece97.dll"
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Emergency Update
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\avast software\avast\setup\70b3658e-38dd-4bfa-83c9-c617253ece97.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\ccupdate.exe

PID
2412
CMD
"C:\Users\admin\AppData\Local\Temp\\CCUpdate.exe" /applycab "C:\Users\admin\AppData\Local\Temp\ccAA5B.tmp"
Path
C:\Users\admin\AppData\Local\Temp\CCUpdate.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
17, 8, 77, 0
Modules
Image
c:\users\admin\appdata\local\temp\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\program files\ccleaner\setup\9ffb768a-5183-4025-aa80-45c2019d9eb3\ccupdate.exe

PID
2668
CMD
CCUpdate.exe /emupdater /applyupdate "C:\Program Files\CCleaner\Setup\9ffb768a-5183-4025-aa80-45c2019d9eb3\update.xml"
Path
C:\Program Files\CCleaner\Setup\9ffb768a-5183-4025-aa80-45c2019d9eb3\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
18.6.553.0
Modules
Image
c:\program files\ccleaner\setup\9ffb768a-5183-4025-aa80-45c2019d9eb3\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\program files\ccleaner\ccupdate.exe

PID
3268
CMD
dummy /emupdater /reg
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
1237
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
18.6.553.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll

PID
3708
CMD
CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\3b3ed0eb-74d5-4600-b594-ab9e0f46f688.dll"
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
18.6.553.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\ccleaner\setup\3b3ed0eb-74d5-4600-b594-ab9e0f46f688.dll
c:\windows\system32\shell32.dll

PID
2476
CMD
dummy /emupdater
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Software Ltd
Description
CCleaner emergency updater
Version
19.2.566.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll

PID
2616
CMD
"C:\Program Files\AVAST Software\Avast\avBugReport.exe" --send dumps|report --silent --guid 3d406fc2-3afb-4b77-b7cb-a05ff5faa992
Path
C:\Program Files\AVAST Software\Avast\avBugReport.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
AVAST Software
Description
Avast Antivirus Bug Report
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\avbugreport.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\profapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll

PID
3688
CMD
"C:\Program Files\AVAST Software\Avast\RegSvr.exe" "C:\Program Files\AVAST Software\Avast\aswAMSI.dll"
Path
C:\Program Files\AVAST Software\Avast\RegSvr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\regsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswamsi.dll05fa98f7.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-multibyte-l1-1-0.dll

PID
2772
CMD
"C:\Program Files\AVAST Software\Avast\RegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
Path
C:\Program Files\AVAST Software\Avast\RegSvr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\regsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\asoutext.dll462fec3.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\version.dll

PID
3176
CMD
"C:\Program Files\AVAST Software\Avast\AvastNM.exe" /install
Path
C:\Program Files\AVAST Software\Avast\AvastNM.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\avast software\avast\avastnm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
960
CMD
"C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe" /skip_uptime /skip_remediations
Path
C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast OverSeer Overseer
Version
1.0.385.0
Modules
Image
c:\program files\common files\avast software\overseer\overseer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\avast software\avast\avastsvc.exe528c7d1.tmp
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
4064
CMD
"C:\Program Files\AVAST Software\Avast\defs\19112999\engsup.exe" /prepare_definitions_folder
Path
C:\Program Files\AVAST Software\Avast\defs\19112999\engsup.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus vps tool
Version
18.0.636.0
Modules
Image
c:\program files\avast software\avast\defs\19112999\engsup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\defs\19112999\aswengin.dll98e99bf.tmp
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\defs\19112999\aswcmnbs.dllf9d6d04.tmp
c:\program files\avast software\avast\defs\19112999\aswcmnis.dll3767356.tmp
c:\program files\avast software\avast\defs\19112999\aswcmnos.dlldbf4496.tmp
c:\program files\avast software\avast\defs\19112999\algo.dllc0c513950f0.tmp

PID
1488
CMD
"C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /svc /register /ppl_svc
Path
C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus remediation exe
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\wsc_proxy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\avast\wsc.dll8229f098e50f.tmp
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll

PID
776
CMD
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Path
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AVAST Software
Description
Avast Antivirus Service
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\avastsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\program files\avast software\avast\ashbase.dll418d341b.tmp
c:\program files\avast software\avast\aswengldr.dll7f28e6.tmp
c:\program files\avast software\avast\aswcmnis.dllb0bf434.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\avast software\avast\aswcmnos.dll8c33161.tmp
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\aswcmnbs.dllad1a315.tmp
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\program files\avast software\avast\libcrypto-1_1.dll71.tmp
c:\windows\system32\bcrypt.dll
c:\program files\avast software\avast\commchannel.dllbfa5.tmp
c:\program files\avast software\avast\aswip.dllaf737a07da.tmp
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\avast software\avast\module_lifetime.dll.tmp
c:\windows\system32\dnsapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wbemcomn.dll
c:\program files\avast software\avast\dll_loader.dllb352a.tmp
c:\program files\avast software\avast\log.dlla9500bbb5845.tmp
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswpropertyav.dllec.tmp
c:\program files\avast software\avast\aswproperty.dlld70a.tmp
c:\program files\avast software\avast\1033\base.dll06340c584e4.tmp
c:\program files\avast software\avast\ashserv.dll82c1043f.tmp
c:\program files\avast software\avast\ashtaskex.dllb7cf2a.tmp
c:\program files\avast software\avast\aavm4h.dllaf00ac233.tmp
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\program files\avast software\avast\ashtask.dll74e0db38.tmp
c:\windows\system32\wintrust.dll
c:\program files\avast software\avast\libssl-1_1.dll948d7.tmp
c:\windows\system32\wtsapi32.dll
c:\program files\avast software\avast\aswaux.dlldfefe47ad.tmp
c:\program files\avast software\avast\aavmrpch.dll3106912.tmp
c:\program files\avast software\avast\streamback.dlle053d.tmp
c:\program files\avast software\avast\aswlog.dllbfd035efa.tmp
c:\program files\avast software\avast\aswsqlt.dllaba29ac2.tmp
c:\program files\avast software\avast\aswstrm.dll01a1a14f.tmp
c:\program files\avast software\avast\anen.dll19a6f8bb36f.tmp
c:\program files\avast software\avast\event_routing.dlle9.tmp
c:\windows\system32\rpcrtremote.dll
c:\program files\avast software\avast\aswpsic.dll6a91bfe0.tmp
c:\program files\avast software\avast\aswsys.dll1e94197c8.tmp
c:\program files\avast software\avast\aswcml.dll2c27e16ad.tmp
c:\program files\avast software\avast\event_routing_rpc.dllmp
c:\program files\avast software\avast\serialization.dll2f.tmp
c:\program files\avast software\avast\tasks_core.dllce33b.tmp
c:\windows\system32\winsta.dll
c:\program files\avast software\avast\process_monitor.dll.tmp
c:\program files\avast software\avast\event_manager.dllee.tmp
c:\program files\avast software\avast\event_manager_burger.dl
c:\program files\avast software\avast\burger_client.dllc6.tmp
c:\program files\avast software\avast\event_manager_ga.dlltmp
c:\program files\avast software\avast\event_manager_er.dlltmp
c:\program files\avast software\avast\lim.dll0191ee21b5d5.tmp
c:\program files\avast software\avast\defs\19112999\aswengin.dll98e99bf.tmp
c:\program files\avast software\avast\defs\19112999\aswcmnis.dll3767356.tmp
c:\program files\avast software\avast\defs\19112999\aswcmnos.dlldbf4496.tmp
c:\program files\avast software\avast\defs\19112999\aswcmnbs.dllf9d6d04.tmp
c:\program files\avast software\avast\defs\19112999\aswrep.dll5cdbe25f8.tmp
c:\program files\avast software\avast\defs\19112999\aswfidb.dll1fe22cfc.tmp
c:\program files\avast software\avast\defs\19112999\aswarray.dllf7e867d.tmp
c:\program files\avast software\avast\defs\19112999\aswcleanerdll.dll77.tmp
c:\program files\avast software\avast\defs\19112999\algo.dllc0c513950f0.tmp
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\program files\avast software\avast\ring_client.dlleb5b.tmp
c:\program files\avast software\avast\fltlib_wrapper.dllc.tmp
c:\windows\system32\fltlib.dll
c:\windows\system32\wship6.dll
c:\program files\avast software\avast\aswsecapi.dll4ec168.tmp
c:\program files\avast software\avast\aswdetallocator.dll.tmp
c:\program files\avast software\avast\aswcomm.dll281a31ee.tmp
c:\program files\avast software\avast\aswremoval.dll684d2.tmp
c:\program files\avast software\avast\aswntsqlite.dll5daf.tmp
c:\program files\avast software\avast\aswvmm.dllfdea8172c.tmp
c:\program files\avast software\avast\custody.dllb2d7541a.tmp
c:\program files\avast software\avast\vaarclient.dll5e1c4.tmp
c:\program files\avast software\avast\ffl2.dll48a906b9dc9.tmp
c:\windows\system32\samlib.dll
c:\program files\avast software\avast\defs\19112999\arpot.dll8979bbbaae.tmp
c:\windows\system32\netprofm.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\program files\avast software\avast\gui_cache.dll2afee3.tmp
c:\windows\system32\clbcatq.dll
c:\windows\system32\winsatapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\npmproxy.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\nlasvc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\firewallapi.dll
c:\program files\avast software\avast\features_manager.dlltmp
c:\program files\avast software\avast\defs\19112999\exts.dll14cbf5f8e0e.tmp
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\avast software\avast\hns_tools.dll097520.tmp
c:\program files\avast software\avast\defs\19112999\aswar.dll213f1a9a86.tmp
c:\program files\avast software\avast\defs\19112999\aswrawfs.dll5f22679.tmp
c:\windows\system32\credssp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\avast software\avast\rescue_disk.dll15d3.tmp
c:\program files\avast software\avast\setup\instup.exe2ceb9967b.tmp
c:\windows\system32\schannel.dll
c:\program files\avast software\avast\opm.dll945cce4651cb.tmp
c:\program files\avast software\avast\shepherdsync.dllf44.tmp
c:\windows\system32\ncrypt.dll
c:\program files\avast software\avast\tuneupbin\tuneupsmartscan.dll.tmp
c:\windows\system32\psapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rstrtmgr.dll

PID
3180
CMD
"C:\Program Files\AVAST Software\Avast\defs\19112999\engsup.exe" /get_download_cookie /get_latest_ga_client_id /get_latest_gclid
Path
C:\Program Files\AVAST Software\Avast\defs\19112999\engsup.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
AVAST Software
Description
Avast Antivirus vps tool
Version
18.0.636.0
Modules
Image
c:\program files\avast software\avast\defs\19112999\engsup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\defs\19112999\pushpin.dll2b22d1fc.tmp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\program files\avast software\avast\defs\19112999\aswcmnbs.dllf9d6d04.tmp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27821.0_none_a334f2202a770025\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\defs\19112999\aswcmnis.dll3767356.tmp
c:\program files\avast software\avast\defs\19112999\aswcmnos.dlldbf4496.tmp

PID
2104
CMD
"C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /av_as /signatures:up_to_date /state:on /svc /update
Path
C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus remediation exe
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\wsc_proxy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\avast\wsc.dll8229f098e50f.tmp
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wscisvif.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscproxystub.dll

PID
2388
CMD
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /edat_dir:C:\Windows\Temp\asw.17727fbca8f5acaf /instop:finish_delayed_installation /session_id:1 /silent /wait /ws
Path
C:\Program Files\AVAST Software\Avast\setup\instup.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\setup\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\avast software\avast\setup\instup.dllf49d08d0d.tmp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll

PID
600
CMD
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:check_for_updates /wait
Path
C:\Program Files\AVAST Software\Avast\setup\instup.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.8.4793.0
Modules
Image
c:\program files\avast software\avast\setup\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\avast software\avast\setup\instup.dllf49d08d0d.tmp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
9908
Read events
5173
Write events
4721
Delete events
14

Modification events

PID
Process
Operation
Key
Name
Value
1296
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1296
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableFileTracing
0
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableConsoleTracing
0
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileTracingMask
4294901760
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
ConsoleTracingMask
4294901760
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
MaxFileSize
1048576
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileDirectory
%windir%\tracing
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableFileTracing
0
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableConsoleTracing
0
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileTracingMask
4294901760
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
ConsoleTracingMask
4294901760
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
MaxFileSize
1048576
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileDirectory
%windir%\tracing
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1459953544
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_CURRENT_USER\Software\undefined
install_flashplayer11x64ax_gtbd_aih_v11.2.202.228.exe
1575335515472,http://www.afterdawn.com/software/general/download.cfm?software_id=3759&version_id=45443&installer_download=1&isc_installer=1
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
74
3280
Adobe_Flash_Player_(Internet_Explorer)_64-bit_4278559186.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
75
884
avastfreeantivirussetuponline.m.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.17727fbca8f5acaf
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
6
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
12
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
18
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
25
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
31
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
37
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
43
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
50
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
56
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
62
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
68
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
75
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
81
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
87
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
93
3460
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
100
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr
EnableCounterForIoctl
1
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
2160
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Updating the product
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-959.vpx
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
14
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-959.vpx
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
28
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
42
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
57
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: offertool_ais-959.vpx
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
71
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: sbr_x86_ais-959.vpx
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: sbr_x86_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
85
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
100
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvBugReport.exe
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvDump.exe
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.exe
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.dll
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: aswOfferTool.exe
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: sbr.exe
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: HTMLayout.dll
2160
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Replacing files
2160
instup.exe