| URL: | https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon |
| Full analysis: | https://app.any.run/tasks/0a739935-5043-4a4f-ab62-ad15ee029d61 |
| Verdict: | Malicious activity |
| Analysis date: | October 04, 2024, 11:54:40 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 956FE807FF02DDC66994350728490BD8 |
| SHA1: | 8DF782E5D585EE2C89FEB3A90151C118587FEF34 |
| SHA256: | 9420CEE30EB8BFF3DC274C3FE0DC1DFC7B804B83DD07F7D0A8B79EE53765E215 |
| SSDEEP: | 3:N8DSL/K7C/I1dBRIYrJD6QWmOLEom//I+lAL+2MJGDLnX8L:2OLCVsQfWmMmYddMJGXnsL |
MALICIOUS
PHISHING has been detected (SURICATA)
- AvastSvc.exe (PID: 3648)
Antivirus name has been found in the command line (generic signature)
- AvastUI.exe (PID: 6224)
- AvastUI.exe (PID: 7864)
- AvastUI.exe (PID: 652)
- AvastUI.exe (PID: 7776)
- AvastUI.exe (PID: 6492)
- AvastUI.exe (PID: 5708)
- AvastUI.exe (PID: 8440)
- AvastUI.exe (PID: 8788)
SUSPICIOUS
Checks for external IP
- avast_free_antivirus_online-installation.exe (PID: 6208)
- AvEmUpdate.exe (PID: 1076)
- AvastSvc.exe (PID: 3648)
- AvastUI.exe (PID: 7864)
- AvEmUpdate.exe (PID: 5596)
Executable content was dropped or overwritten
- avast_free_antivirus_setup_online_x64.exe (PID: 6744)
- aswOfferTool.exe (PID: 7248)
- avast_free_antivirus_online-installation.exe (PID: 6208)
- Instup.exe (PID: 832)
- aswOfferTool.exe (PID: 7300)
- instup.exe (PID: 2240)
- AvEmUpdate.exe (PID: 1076)
- instup.exe (PID: 1172)
- aswOfferTool.exe (PID: 3848)
- AvastSvc.exe (PID: 3648)
Starts itself from another location
- Instup.exe (PID: 832)
- aswOfferTool.exe (PID: 7248)
Likely accesses (executes) a file from the Public directory
- aswOfferTool.exe (PID: 7300)
Process drops legitimate windows executable
- instup.exe (PID: 2240)
- instup.exe (PID: 1172)
The process drops C-runtime libraries
- instup.exe (PID: 2240)
Drops a system driver (possible attempt to evade defenses)
- instup.exe (PID: 2240)
Executes as Windows Service
- AvastSvc.exe (PID: 3648)
- wsc_proxy.exe (PID: 2632)
- aswToolsSvc.exe (PID: 3904)
Potential Corporate Privacy Violation
- AvastUI.exe (PID: 7864)
Application launched itself
- AvastUI.exe (PID: 7864)
INFO
Application launched itself
- chrome.exe (PID: 6704)
Executable content was dropped or overwritten
- chrome.exe (PID: 6704)
The process uses the downloaded file
- chrome.exe (PID: 2820)
Manual execution by a user
- AvastUI.exe (PID: 7864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
200
Monitored processes
57
Malicious processes
6
Suspicious processes
3
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 652 | "C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=8480,11239239897119759526,8139186804168553211,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --lang=en-US --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\admin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=8676 /prefetch:2 | C:\Program Files\Avast Software\Avast\AvastUI.exe | AvastUI.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: MEDIUM Description: Avast Antivirus Version: 24.9.9452.0 Modules
| |||||||||||||||
| 832 | "C:\WINDOWS\Temp\asw.98b67e175f3d2040\instup.exe" /sfx:lite /sfxstorage:C:\WINDOWS\Temp\asw.98b67e175f3d2040 /edition:1 /prod:ais /stub_context:38288367-2aee-4e7b-b2be-775a5a47a735:11058160 /guid:88806e32-2d40-40f4-b703-11134527d75c /ga_clientid:cce02fe5-678a-418b-86ff-c64e6272d5d1 /cookie:mmm_ava_esg_000_361_m /ga_clientid:cce02fe5-678a-418b-86ff-c64e6272d5d1 /edat_dir:C:\WINDOWS\Temp\asw.35cec6b879b5cea9 /geo:DE | C:\Windows\Temp\asw.98b67e175f3d2040\Instup.exe | avast_free_antivirus_setup_online_x64.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 24.9.9452.0 Modules
| |||||||||||||||
| 1020 | "C:\Program Files\Avast Software\Avast\defs\24100399\engsup.exe" /prepare_definitions_folder | C:\Program Files\Avast Software\Avast\defs\24100399\engsup.exe | — | instup.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus vps tool Exit code: 0 Version: 18.0.2037.0 Modules
| |||||||||||||||
| 1076 | "C:\Program Files\Avast Software\Avast\AvEmUpdate.exe" /installer1 | C:\Program Files\Avast Software\Avast\AvEmUpdate.exe | instup.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Emergency Update Exit code: 0 Version: 24.9.9452.0 Modules
| |||||||||||||||
| 1132 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4236 --field-trial-handle=1876,i,17055765731344181408,12160962876474003534,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 122.0.6261.70 | |||||||||||||||
| 1172 | "C:\Program Files\Avast Software\Avast\setup\instup.exe" /wait /session_id:1 /edat_dir:C:\WINDOWS\Temp\asw.35cec6b879b5cea9 /geo:DE /finish_delayed_installation | C:\Program Files\Avast Software\Avast\setup\instup.exe | AvastSvc.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Version: 24.9.9452.0 Modules
| |||||||||||||||
| 2088 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=1876,i,17055765731344181408,12160962876474003534,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 2240 | "C:\WINDOWS\Temp\asw.98b67e175f3d2040\New_180917f2\instup.exe" /sfx /sfxstorage:C:\WINDOWS\Temp\asw.98b67e175f3d2040 /edition:1 /prod:ais /stub_context:38288367-2aee-4e7b-b2be-775a5a47a735:11058160 /guid:88806e32-2d40-40f4-b703-11134527d75c /ga_clientid:cce02fe5-678a-418b-86ff-c64e6272d5d1 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\WINDOWS\Temp\asw.35cec6b879b5cea9 /geo:DE /online_installer | C:\Windows\Temp\asw.98b67e175f3d2040\New_180917f2\instup.exe | Instup.exe | ||||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 24.9.9452.0 Modules
| |||||||||||||||
| 2632 | "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver | C:\Program Files\Avast Software\Avast\wsc_proxy.exe | — | services.exe | |||||||||||
User: SYSTEM Company: AVAST Software Integrity Level: SYSTEM Description: Avast remediation exe Version: 21.4.6162.0 Modules
| |||||||||||||||
| 2808 | "C:\Program Files\Avast Software\Avast\SetupInf.exe" /catinstall:"C:\Program Files\Avast Software\Avast\setup\crts.cat" /basename:pkg_{af98c830-4f53-4176-a7b0-ec21fc603adc}.cat /crtid:D9D1E63123760F5EE0F69B6613E0933E9CBCAB11 | C:\Program Files\Avast Software\Avast\SetupInf.exe | — | instup.exe | |||||||||||
User: admin Company: Gen Digital Inc. Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 24.9.9452.0 Modules
| |||||||||||||||
Total events
66 214
Read events
56 757
Write events
9 333
Delete events
124
Modification events
| (PID) Process: | (2820) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
| Operation: | write | Name: | {2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF |
Value: 0100000000000000B1018C395416DB01 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software |
| Operation: | write | Name: | SymbolicLinkValue |
Value: \Registry\MACHINE\SOFTWARE\Avast Software | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 0 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 7 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 14 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 21 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 28 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 35 | |||
| (PID) Process: | (6744) avast_free_antivirus_setup_online_x64.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage |
| Operation: | write | Name: | SfxInstProgress |
Value: 42 | |||
Executable files
726
Suspicious files
724
Text files
428
Unknown types
22
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF3f53ea.TMP | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF3f53ea.TMP | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF3f53f9.TMP | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF3f53f9.TMP | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF3f53f9.TMP | — | |
MD5:— | SHA256:— | |||
| 6704 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
105
TCP/UDP connections
768
DNS requests
652
Threats
17
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2120 | MoUsoCoreWorker.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
6208 | avast_free_antivirus_online-installation.exe | POST | 204 | 34.117.223.223:80 | http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi | unknown | — | — | whitelisted |
3160 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
6744 | avast_free_antivirus_setup_online_x64.exe | GET | 200 | 142.250.185.174:80 | http://www.google-analytics.com/collect?aiid=mmm_ava_esg_000_361_m&an=Free&av=24.9.9452&cd=stub-extended&cd3=Online&cid=88806e32-2d40-40f4-b703-11134527d75c&dt=Installation&t=screenview&tid=UA-58120669-3&v=1 | unknown | — | — | whitelisted |
6208 | avast_free_antivirus_online-installation.exe | POST | 204 | 34.117.223.223:80 | http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi | unknown | — | — | whitelisted |
6208 | avast_free_antivirus_online-installation.exe | POST | 200 | 142.250.185.174:80 | http://www.google-analytics.com/collect | unknown | — | — | whitelisted |
832 | Instup.exe | GET | 200 | 23.48.23.20:80 | http://r9319236.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx | unknown | — | — | whitelisted |
832 | Instup.exe | GET | 200 | 23.48.23.20:80 | http://p9854759.iavs9x.u.avast.com/iavs9x/servers.def.vpx | unknown | — | — | whitelisted |
832 | Instup.exe | GET | 200 | 23.48.23.20:80 | http://r9319236.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a4b.vpx | unknown | — | — | whitelisted |
6208 | avast_free_antivirus_online-installation.exe | POST | 200 | 142.250.185.174:80 | http://www.google-analytics.com/collect | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2120 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
— | — | 104.75.89.115:443 | www.avast.com | AKAMAI-AS | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5992 | chrome.exe | 173.194.69.84:443 | accounts.google.com | GOOGLE | US | whitelisted |
— | — | 104.18.86.42:443 | cdn.cookielaw.org | CLOUDFLARENET | — | whitelisted |
5992 | chrome.exe | 104.18.86.42:443 | cdn.cookielaw.org | CLOUDFLARENET | — | whitelisted |
— | — | 23.56.205.198:443 | static3.avast.com | AKAMAI-AS | GB | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.avast.com |
| whitelisted |
accounts.google.com |
| whitelisted |
cdn.cookielaw.org |
| whitelisted |
static3.avast.com |
| whitelisted |
s.go-mpulse.net |
| whitelisted |
assets.adobedtm.com |
| whitelisted |
static.avast.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO Suspicious Domain (polyfill .io) in DNS Lookup |
2256 | svchost.exe | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
6208 | avast_free_antivirus_online-installation.exe | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
2256 | svchost.exe | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
1076 | AvEmUpdate.exe | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
3648 | AvastSvc.exe | Misc activity | ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com) |
3648 | AvastSvc.exe | Misc activity | ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI |
3648 | AvastSvc.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
3648 | AvastSvc.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
3648 | AvastSvc.exe | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing Domain [Cloudflare] (google .com .br) |
Process | Message |
|---|---|
avast_free_antivirus_setup_online_x64.exe | [2024-10-04 11:55:05.966] [info ] [sfxinst ] [ 6744: 6972] [A24B7D: 406] Running SFX 'C:\WINDOWS\Temp\asw.35cec6b879b5cea9\avast_free_antivirus_setup_online_x64.exe'
|
avast_free_antivirus_setup_online_x64.exe | [2024-10-04 11:55:06.203] [info ] [sfxinst ] [ 6744: 6972] [A24B7D: 648] Moved extra data file 'ecoo.edat' to 'C:\WINDOWS\Temp\asw.98b67e175f3d2040\cookie.bin'.
|
avast_free_antivirus_setup_online_x64.exe | [2024-10-04 11:55:06.206] [info ] [sfxinst ] [ 6744: 6972] [A24B7D: 648] Moved extra data file 'eref.edat' to 'C:\WINDOWS\Temp\asw.98b67e175f3d2040\eref.edat'.
|
avast_free_antivirus_setup_online_x64.exe | [2024-10-04 11:55:06.295] [notice ] [burger_rep ] [ 6744: 4892] [FD923F: 64] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70.
|
avast_free_antivirus_setup_online_x64.exe | [2024-10-04 11:55:06.295] [info ] [sfxstats ] [ 6744: 5112] [FA1280: 149] Statistics sent successfully.
|
avast_free_antivirus_setup_online_x64.exe | [2024-10-04 11:55:06.827] [info ] [sfxinst ] [ 6744: 6972] [A24B7D: 938] Starting installer/updater executable 'C:\WINDOWS\Temp\asw.98b67e175f3d2040\instup.exe'
|
Instup.exe | [2024-10-04 11:55:07.171] [error ] [settings ] [ 832: 6776] [04A405: 390] Failed to get program directory
Exception: Unable to determine program folder of product 'avast-av'!
Code: 0x000000c0 (192)
|
Instup.exe | [2024-10-04 11:55:07.217] [debug ] [repsup ] [ 832: 6776] [3A1790: 58] PfroMutant: \PendingRenameMutex mutant has been successfully opened.
|
Instup.exe | [2024-10-04 11:55:07.217] [info ] [instup ] [ 832: 6776] [3E294C:2663] Command: '"C:\WINDOWS\Temp\asw.98b67e175f3d2040\instup.exe" /sfx:lite /sfxstorage:C:\WINDOWS\Temp\asw.98b67e175f3d2040 /edition:1 /prod:ais /stub_context:38288367-2aee-4e7b-b2be-775a5a47a735:11058160 /guid:88806e32-2d40-40f4-b703-11134527d75c /ga_clientid:cce02fe5-678a-418b-86ff-c64e6272d5d1 /cookie:mmm_ava_esg_000_361_m /ga_clientid:cce02fe5-678a-418b-86ff-c64e6272d5d1 /edat_dir:C:\WINDOWS\Temp\asw.35cec6b879b5cea9 /geo:DE'
|
Instup.exe | [2024-10-04 11:55:07.217] [info ] [instup ] [ 832: 6776] [3E294C:2669] CPU: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz,4
|