General Info

File name

chrome_1440091051.exe

Full analysis
https://app.any.run/tasks/3eeb9a5c-62c3-4049-bfad-5a1e265bef39
Verdict
Malicious activity
Analysis date
3/14/2019, 11:56:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

adware

installcore

pup

addrop

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

d51ee2fd600704134ba3596bdfe34e65

SHA1

109c56f4083ac3e026b621bdfd157a8fe37c97be

SHA256

d2e04616d3146403c5f6b1e7d00ac71939bafd280b546d3d15b3393ab259ab22

SSDEEP

49152:s7M9BJbnndXifbCGf4kt9P9mo/PuESglMaVTjRKMeLU:cMXJbdXiOGt7PQo/PZlMaVALLU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
on
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • instup.exe (PID: 3924)
  • OperaSetup.exe (PID: 3744)
  • OperaSetup.exe (PID: 2528)
  • OperaSetup.exe (PID: 2408)
  • OperaSetup.exe (PID: 3272)
  • OperaSetup.exe (PID: 3916)
Application was dropped or rewritten from another process
  • instup.exe (PID: 3924)
  • OperaSetup.exe (PID: 3744)
  • avast_free_antivirus_setup_online.exe (PID: 3796)
  • OperaSetup.exe (PID: 3272)
  • OperaSetup.exe (PID: 2408)
  • OperaSetup.exe (PID: 3916)
  • OperaSetup.exe (PID: 2528)
  • avastfreeantivirussetuponline.m.exe (PID: 2792)
Downloads executable files from the Internet
  • avastfreeantivirussetuponline.m.exe (PID: 2792)
  • chrome_1440091051.exe (PID: 656)
INSTALLCORE was detected
  • chrome_1440091051.exe (PID: 656)
Changes settings of System certificates
  • chrome_1440091051.exe (PID: 656)
Connects to CnC server
  • chrome_1440091051.exe (PID: 656)
Creates files in the program directory
  • instup.exe (PID: 3924)
  • avast_free_antivirus_setup_online.exe (PID: 3796)
Removes files from Windows directory
  • instup.exe (PID: 3924)
Creates files in the Windows directory
  • instup.exe (PID: 3924)
  • avast_free_antivirus_setup_online.exe (PID: 3796)
  • avastfreeantivirussetuponline.m.exe (PID: 2792)
Executable content was dropped or overwritten
  • instup.exe (PID: 3924)
  • avast_free_antivirus_setup_online.exe (PID: 3796)
  • OperaSetup.exe (PID: 3744)
  • avastfreeantivirussetuponline.m.exe (PID: 2792)
  • OperaSetup.exe (PID: 2528)
  • OperaSetup.exe (PID: 2408)
  • OperaSetup.exe (PID: 3916)
  • chrome_1440091051.exe (PID: 656)
  • chrome_1440091051.exe (PID: 3232)
Low-level read access rights to disk partition
  • instup.exe (PID: 3924)
  • avast_free_antivirus_setup_online.exe (PID: 3796)
  • avastfreeantivirussetuponline.m.exe (PID: 2792)
Application launched itself
  • OperaSetup.exe (PID: 2408)
  • chrome_1440091051.exe (PID: 656)
Creates files in the user directory
  • OperaSetup.exe (PID: 3916)
  • chrome_1440091051.exe (PID: 656)
Starts itself from another location
  • OperaSetup.exe (PID: 2408)
Reads CPU info
  • chrome_1440091051.exe (PID: 656)
Adds / modifies Windows certificates
  • chrome_1440091051.exe (PID: 656)
Reads Environment values
  • chrome_1440091051.exe (PID: 656)
Reads internet explorer settings
  • chrome_1440091051.exe (PID: 656)
Reads the date of Windows installation
  • chrome_1440091051.exe (PID: 656)
Searches for installed software
  • chrome_1440091051.exe (PID: 656)
Application was dropped or rewritten from another process
  • chrome_1440091051.tmp (PID: 2228)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (77.7%)
.exe
|   Win32 Executable Delphi generic (10%)
.dll
|   Win32 Dynamic Link Library (generic) (4.6%)
.exe
|   Win32 Executable (generic) (3.1%)
.exe
|   Win16/32 Executable Delphi generic (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
41472
InitializedDataSize:
17920
UninitializedDataSize:
null
EntryPoint:
0xaa98
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Ganic
FileDescription:
Gokuk Setup
FileVersion:
LegalCopyright:
ProductName:
Gokuk
ProductVersion:
3.2.9
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Ganic
FileDescription:
Gokuk Setup
FileVersion:
null
LegalCopyright:
null
ProductName:
Gokuk
ProductVersion:
3.2.9
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x0000A1D0 0x0000A200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.66012
DATA 0x0000C000 0x00000250 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.74012
BSS 0x0000D000 0x00000E94 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000E000 0x0000097C 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.48608
.tls 0x0000F000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00010000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.190489
.reloc 0x00011000 0x0000091C 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00012000 0x00002C00 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 4.57832
Resources
1

2

3

4

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
44
Monitored processes
12
Malicious processes
7
Suspicious processes
3

Behavior graph

+
drop and start start drop and start download and start download and start drop and start drop and start drop and start drop and start chrome_1440091051.exe chrome_1440091051.tmp no specs #INSTALLCORE chrome_1440091051.exe chrome_1440091051.exe no specs avastfreeantivirussetuponline.m.exe operasetup.exe operasetup.exe operasetup.exe no specs operasetup.exe operasetup.exe avast_free_antivirus_setup_online.exe instup.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3232
CMD
"C:\Users\admin\Downloads\chrome_1440091051.exe"
Path
C:\Users\admin\Downloads\chrome_1440091051.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Ganic
Description
Gokuk Setup
Version
Modules
Image
c:\users\admin\downloads\chrome_1440091051.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-alhod.tmp\chrome_1440091051.tmp

PID
2228
CMD
"C:\Users\admin\AppData\Local\Temp\is-ALHOD.tmp\chrome_1440091051.tmp" /SL5="$2011C,1893042,57856,C:\Users\admin\Downloads\chrome_1440091051.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-ALHOD.tmp\chrome_1440091051.tmp
Indicators
No indicators
Parent process
chrome_1440091051.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-alhod.tmp\chrome_1440091051.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
656
CMD
"C:\Users\admin\Downloads\chrome_1440091051.exe" /SPAWNWND=$50114 /NOTIFYWND=$2011C
Path
C:\Users\admin\Downloads\chrome_1440091051.exe
Indicators
Parent process
chrome_1440091051.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Ganic
Description
Gokuk Setup
Version
Modules
Image
c:\users\admin\downloads\chrome_1440091051.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\olepro32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\in43a9003c\15ff8e10_stp\avastfreeantivirussetuponline.m.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\users\admin\appdata\local\temp\in43a9003c\operasetup.exe

PID
2856
CMD
"C:\Users\admin\Downloads\chrome_1440091051.exe" /SPAWNWND=$50114 /NOTIFYWND=$2011C /_ShowProgress /PrTxt:TG9hZGluZy4uLg== /mnl
Path
C:\Users\admin\Downloads\chrome_1440091051.exe
Indicators
No indicators
Parent process
chrome_1440091051.exe
User
admin
Integrity Level
HIGH
Exit code
259
Version:
Company
Ganic
Description
Gokuk Setup
Version
Modules
Image
c:\users\admin\downloads\chrome_1440091051.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\olepro32.dll

PID
2792
CMD
"C:\Users\admin\AppData\Local\Temp\in43A9003C\15FF8E10_stp\avastfreeantivirussetuponline.m.exe" /silent /psh:CJGMOUjK3TBNyNxFTcypQk7O3DNbi4xwQMrYNUTI2zVJydgxS83QM0vBzmsbno12QLm+RS6szmcPm9s2QMnYMUjK3jVOzdr+RwAAAH346AQ=
Path
C:\Users\admin\AppData\Local\Temp\in43A9003C\15FF8E10_stp\avastfreeantivirussetuponline.m.exe
Indicators
Parent process
chrome_1440091051.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1252.0
Modules
Image
c:\users\admin\appdata\local\temp\in43a9003c\15ff8e10_stp\avastfreeantivirussetuponline.m.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\temp\asw.51dd5998f970ca9e\avast_free_antivirus_setup_online.exe
c:\windows\system32\apphelp.dll

PID
2408
CMD
"C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe" --silent --allusers=0
Path
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe
Indicators
Parent process
chrome_1440091051.exe
User
admin
Integrity Level
HIGH
Version:
Company
Opera Software
Description
Opera Installer
Version
58.0.3135.107
Modules
Image
c:\users\admin\appdata\local\temp\in43a9003c\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\opera_installer_1903141057239412408.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\opera installer temp\operasetup.exe
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

PID
3916
CMD
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=58.0.3135.107 --initial-client-data=0xd8,0xe0,0xe4,0xdc,0xe8,0x6d5fc900,0x6d5fc910,0x6d5fc91c
Path
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe
Indicators
Parent process
OperaSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Opera Software
Description
Opera Installer
Version
58.0.3135.107
Modules
Image
c:\users\admin\appdata\local\temp\in43a9003c\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\opera_installer_1903141057240973916.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll

PID
3272
CMD
"C:\Users\admin\AppData\Local\Temp\Opera Installer Temp\OperaSetup.exe" --version
Path
C:\Users\admin\AppData\Local\Temp\Opera Installer Temp\OperaSetup.exe
Indicators
No indicators
Parent process
OperaSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\opera installer temp\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\opera_installer_1903141057243943272.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll

PID
2528
CMD
"C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --startmenushortcut=1 --desktopshortcut=1 --quicklaunchshortcut=1 --pintotaskbar=1 --server-tracking-data=server_tracking_data --initial-pid=2408 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\Opera Installer Temp\opera_package_20190314105724" --session-guid=e8f8877c-64ba-418d-9338-c66832804fe6 --server-tracking-blob=ODE2YTQ2YWMzMDFjMzJjNTgyMWY1YzI0NDQ0ZDcxM2I4ZDA3ZDY3NzY4ZDIzZWZkZjI5MWE2ZmU2OTM5MTBkYTp7Imluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1wYmMmdXRtX3NvdXJjZT1haXMmdXRtX2NhbXBhaWduPV9DUlRfbmMmdXRtX2lkPTVMU3VCcVR2JTJGdyUyQmg3ZjU2b2VtTGZhTHIlMkZneTNycTVQck8lMkY2Q3FqdCUyQlFxbDdQb09wJTJCanlES2ZrN0ZUM3U2OUpySks2WHVPOGlFbiUyQnFybGU0JTJGdXBTZkx1JTJCQWFpNWY0RHFlbjhEJTJGNU1BQUFBa2QzS093JTNEJTNEIiwidGltZXN0YW1wIjoiMTU1MjU2MTA0Mi4yMTU2IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wOyAuTkVUNC4wQzsgLk5FVDQuMEUpIiwidXRtIjp7ImNhbXBhaWduIjoiX0NSVF9uYyIsImlkIjoiNUxTdUJxVHYvdytoN2Y1Nm9lbUxmYUxyL2d5M3JxNVByTy82Q3FqdCtRcWw3UG9PcCtqeURLZms3RlQzdTY5SnJKSzZYdU84aUVuK3FybGU0L3VwU2ZMdStBYWk1ZjREcWVuOEQvNU1BQUFBa2QzS093PT0iLCJtZWRpdW0iOiJwYmMiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjEyOGVhYTU1LTNlM2MtNDRkZi04YTk4LWNlZThiNWNiMDA0OSJ9 --silent --wait-for-package --initial-proc-handle=D402000000000000
Path
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe
Indicators
Parent process
OperaSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Opera Software
Description
Opera Installer
Version
58.0.3135.107
Modules
Image
c:\users\admin\appdata\local\temp\in43a9003c\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\opera_installer_1903141057245972528.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3744
CMD
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=58.0.3135.107 --initial-client-data=0xdc,0xec,0xf0,0xe8,0xf4,0x6cffc900,0x6cffc910,0x6cffc91c
Path
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe
Indicators
Parent process
OperaSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Opera Software
Description
Opera Installer
Version
58.0.3135.107
Modules
Image
c:\users\admin\appdata\local\temp\in43a9003c\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\opera_installer_1903141057247693744.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll

PID
3796
CMD
"C:\Windows\Temp\asw.51dd5998f970ca9e\avast_free_antivirus_setup_online.exe" /silent /psh:CJGMOUjK3TBNyNxFTcypQk7O3DNbi4xwQMrYNUTI2zVJydgxS83QM0vBzmsbno12QLm+RS6szmcPm9s2QMnYMUjK3jVOzdr+RwAAAH346AQ= /ga_clientid:8bc1af3a-9aaa-4455-847d-995842d6bbda /edat_dir:C:\Windows\Temp\asw.51dd5998f970ca9e
Path
C:\Windows\Temp\asw.51dd5998f970ca9e\avast_free_antivirus_setup_online.exe
Indicators
Parent process
avastfreeantivirussetuponline.m.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.3.4241.0
Modules
Image
c:\windows\temp\asw.51dd5998f970ca9e\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.4f85d11958f388d8\instup.exe

PID
3924
CMD
"C:\Windows\Temp\asw.4f85d11958f388d8\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edition:1 /ga_clientid:8bc1af3a-9aaa-4455-847d-995842d6bbda /guid:de51209e-a9e2-4d8e-908b-78ec3e278a98 /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.4f85d11958f388d8 /silent /psh:CJGMOUjK3TBNyNxFTcypQk7O3DNbi4xwQMrYNUTI2zVJydgxS83QM0vBzmsbno12QLm+RS6szmcPm9s2QMnYMUjK3jVOzdr+RwAAAH346AQ= /ga_clientid:8bc1af3a-9aaa-4455-847d-995842d6bbda /edat_dir:C:\Windows\Temp\asw.51dd5998f970ca9e
Path
C:\Windows\Temp\asw.4f85d11958f388d8\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.3.4241.0
Modules
Image
c:\windows\temp\asw.4f85d11958f388d8\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.4f85d11958f388d8\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.4f85d11958f388d8\uat_3924.dll

Registry activity

Total events
1678
Read events
1057
Write events
621
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
656
chrome_1440091051.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
656
chrome_1440091051.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
656
chrome_1440091051.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASAPI32
EnableFileTracing
0
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASAPI32
EnableConsoleTracing
0
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASAPI32
FileTracingMask
4294901760
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASAPI32
ConsoleTracingMask
4294901760
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASAPI32
MaxFileSize
1048576
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASAPI32
FileDirectory
%windir%\tracing
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASMANCS
EnableFileTracing
0
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASMANCS
EnableConsoleTracing
0
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASMANCS
FileTracingMask
4294901760
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASMANCS
ConsoleTracingMask
4294901760
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASMANCS
MaxFileSize
1048576
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\chrome_1440091051_RASMANCS
FileDirectory
%windir%\tracing
656
chrome_1440091051.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
656
chrome_1440091051.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
chrome_1440091051.exe
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
708992537
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
Blob
040000000100000010000000ACB694A59C17E0D791529BB19706A6E40B0000000100000030000000440069006700690043006500720074002000420061006C00740069006D006F0072006500200052006F006F007400000053000000010000006200000030603020060A2B06010401B13E01640130123010060A2B0601040182373C0101030200C0301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010130123010060A2B0601040182373C0101030200C00F0000000100000014000000CE0E658AA3E847E467A147B3049191093D055E6F140000000100000014000000E59D5930824758CCACFA085436867B3AB5044DF01D0000000100000010000000918AD43A9475F78BB5243DE886D8103C030000000100000014000000D4DE20D05E66FC53FE1A50882C78DB2852CAE47419000000010000001000000068CB42B035EA773E52EF50ECF50EC52909000000010000003E000000303C06082B0601050507030106082B0601050507030406082B0601050507030206082B0601050507030306082B0601050507030906082B0601050507030862000000010000002000000016AF57A9F676B0AB126095AA5EBADEF22AB31119D644AC95CD4B93DBF3F26AEB20000000010000007B030000308203773082025FA0030201020204020000B9300D06092A864886F70D0101050500305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F74301E170D3030303531323138343630305A170D3235303531323233353930305A305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001A3453043301D0603551D0E04160414E59D5930824758CCACFA085436867B3AB5044DF030120603551D130101FF040830060101FF020103300E0603551D0F0101FF040403020106300D06092A864886F70D01010505000382010100850C5D8EE46F51684205A0DDBB4F27258403BDF764FD2DD730E3A41017EBDA2929B6793F76F6191323B8100AF958A4D46170BD04616A128A17D50ABDC5BC307CD6E90C258D86404FECCCA37E38C637114FEDDD68318E4CD2B30174EEBE755E07481A7F70FF165C84C07985B805FD7FBE6511A30FC002B4F852373904D5A9317A18BFA02AF41299F7A34582E33C5EF59D9EB5C89E7C2EC8A49E4E08144B6DFD706D6B1A63BD64E61FB7CEF0F29F2EBB1BB7F250887392C2E2E3168D9A3202AB8E18DDE91011EE7E35AB90AF3E30947AD0333DA7650FF5FC8E9E62CF47442C015DBB1DB532D247D2382ED0FE81DC326A1EB5EE3CD5FCE7811D19C32442EA6339A9
656
chrome_1440091051.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2792
avastfreeantivirussetuponline.m.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.51dd5998f970ca9e
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASAPI32
EnableFileTracing
0
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASAPI32
EnableConsoleTracing
0
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASAPI32
FileTracingMask
4294901760
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASAPI32
ConsoleTracingMask
4294901760
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASAPI32
MaxFileSize
1048576
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASAPI32
FileDirectory
%windir%\tracing
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASMANCS
EnableFileTracing
0
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASMANCS
EnableConsoleTracing
0
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASMANCS
FileTracingMask
4294901760
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASMANCS
ConsoleTracingMask
4294901760
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASMANCS
MaxFileSize
1048576
2408
OperaSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OperaSetup_RASMANCS
FileDirectory
%windir%\tracing
2408
OperaSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2408
OperaSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2408
OperaSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2408
OperaSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2408
OperaSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2528
OperaSetup.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last Stable Install Path
C:\Program Files\Opera\
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
6
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
12
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
18
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
25
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
31
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
37
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
43
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
50
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
56
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
62
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
68
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
75
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
81
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
87
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
93
3796
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
100
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
3924
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Updating the product
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-941.vpx
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
16
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-941.vpx
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
33
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
50
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
3924
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
66

Files activity

Executable files
16
Suspicious files
29
Text files
97
Unknown types
0

Dropped files

PID
Process
Filename
Type
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\instup_ais-941.vpx
executable
MD5: ce17f211441b4baa576c71fc7dd7e933
SHA256: b56341fea3e9f860cdb3b47a025c404eacf68bec7d30706f5639ab22d490181e
2408
OperaSetup.exe
C:\Users\admin\AppData\Local\Temp\Opera Installer Temp\OperaSetup.exe
executable
MD5: 02bc99dd1f6c3d8c5bf1c3fa7afd9bf3
SHA256: df52a14dc029ff0f859d6cd3ed37b91ceb54b1979e36cbdc787473e4d7df929e
2528
OperaSetup.exe
C:\Users\admin\AppData\Local\Temp\Opera_installer_1903141057245972528.dll
executable
MD5: c47121dbc7e672957e61df01f6de57b2
SHA256: f3703b799180acb43e5b1a28c88cfd52cd9b0871f1c41b2004efa99d8e3791fb
3744
OperaSetup.exe
C:\Users\admin\AppData\Local\Temp\Opera_installer_1903141057247693744.dll
executable
MD5: c47121dbc7e672957e61df01f6de57b2
SHA256: f3703b799180acb43e5b1a28c88cfd52cd9b0871f1c41b2004efa99d8e3791fb
2792
avastfreeantivirussetuponline.m.exe
C:\Windows\Temp\asw.51dd5998f970ca9e\avast_free_antivirus_setup_online.exe
executable
MD5: 46e458ac66fccdd4b936c32b9f4de640
SHA256: 6834935c156b8df9f92b123bfbc3f53f4b0ab87efa38b9ead6ace8a31fc8d006
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\avbugreport_ais-941.vpx
executable
MD5: 73d0a13d6b16e4f8f7d4848808487aa5
SHA256: 286ea2906f370d8b47d7b0e681e670fb78a8aa8913a44c43f8037bd7dbdb10b6
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\instcont_ais-941.vpx
executable
MD5: 4ecd7b061ede629726afbd1008f6baa9
SHA256: 1bdb351b98ae0d470eceec0c5cfbd17c117a8fe78130830c0001508ea4705c43
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\Instup.dll
executable
MD5: ce17f211441b4baa576c71fc7dd7e933
SHA256: b56341fea3e9f860cdb3b47a025c404eacf68bec7d30706f5639ab22d490181e
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\avdump_x86_ais-941.vpx
executable
MD5: 53ab0de8d12e754b7a15e86b77f79dc5
SHA256: 809b8b2300693389a8bb9bd3f392c180bcfe910a05f8e0854296398e024db29d
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\HTMLayout.dll
executable
MD5: 0b05d8032961c3713a2fdaaed55a23ff
SHA256: 0d2a40455f130ae4fc73aa9f155e763bfe08632885b6888e93e6c50006379a2c
3916
OperaSetup.exe
C:\Users\admin\AppData\Local\Temp\Opera_installer_1903141057240973916.dll
executable
MD5: c47121dbc7e672957e61df01f6de57b2
SHA256: f3703b799180acb43e5b1a28c88cfd52cd9b0871f1c41b2004efa99d8e3791fb
2408
OperaSetup.exe
C:\Users\admin\AppData\Local\Temp\Opera_installer_1903141057239412408.dll
executable
MD5: c47121dbc7e672957e61df01f6de57b2
SHA256: f3703b799180acb43e5b1a28c88cfd52cd9b0871f1c41b2004efa99d8e3791fb
3232
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\is-ALHOD.tmp\chrome_1440091051.tmp
executable
MD5: 0818576255df4251d7c50751e9b5e716
SHA256: 69ee202870c982c27954585f4af0cff037f389a3080f41c5f39ca9e10645f3b5
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\OperaSetup.exe
executable
MD5: 02bc99dd1f6c3d8c5bf1c3fa7afd9bf3
SHA256: df52a14dc029ff0f859d6cd3ed37b91ceb54b1979e36cbdc787473e4d7df929e
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\15FF8E10_stp\avastfreeantivirussetuponline.m.exe
executable
MD5: db0f47766ce8fb10e26e959ef78b9b0e
SHA256: 7cacb1acfe4ebd29805bbf61e2734043b3ace498981698032c8f19be20c77df7
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\Instup.exe
executable
MD5: 4ecd7b061ede629726afbd1008f6baa9
SHA256: 1bdb351b98ae0d470eceec0c5cfbd17c117a8fe78130830c0001508ea4705c43
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\ID.locale
html
MD5: b845cd19c00cd23632495ae6f63ca97f
SHA256: c2a29bad00e0f887bc659d1765b281476bafef75a5df3abb3c5ddcf3dfccd788
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\setgui_ais-941.vpx
binary
MD5: 066c11dbdd40bc3348d77e8b9598431f
SHA256: 0537a27736dfa9d747a6d8338f9c34988bb21e5e29ea7b7c1d8a9cb3c126c925
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\config.def.new
––
MD5:  ––
SHA256:  ––
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\uat.vpx
binary
MD5: f634de768213111b2b18ecb6ae3edb96
SHA256: 36b1b32ae1af1e0f9209f92208ec59ad84c76a3ed26800bbedfc59adb6d24df8
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\instcont_ais-941.vpx
binary
MD5: 256fa10857e310a239c9cda32e4d9962
SHA256: e34f8037ce0ab16bed606192051f776653e55008da7729de2e83452bf32adebe
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\uat64.vpx
binary
MD5: 9761cc3fb0efccb10257babf6ba15bae
SHA256: 6aec4d940eeeca6839bbeab6848bc34543be64d6e944769ac006e33609d335ab
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\uata64.vpx
binary
MD5: aa756bc57f940249a5ddfe6c2bf5c6e6
SHA256: e6d5c2042cae686ba274544e19407a03f93895312d21ec4f42e31053f29cce7a
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\servers.def.vpx
binary
MD5: 7eae1fa681ab95d4d84aaecef04da987
SHA256: b413a4900f70a8dc71c2d492944e14c1c3902a9b0705e6d73245c1d8645f5be4
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\servers.def
text
MD5: c66eff1e07edd34ae3465b8fb23020f1
SHA256: 8eb05c4d9b307cf69ed5f13dac4b18c912ea11b2230e62d9891ef1c138380a42
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\part-setup_ais-13030941.vpx
binary
MD5: 641bd8bdd0a25ec868bffe7ae6d3e20a
SHA256: ec0c89e784f23ef02ba9406d491437cb1c84aec210baac85546bcf3daa4b50c5
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\prod-pgm.vpx
binary
MD5: 9eb32e2d9fb6686b2312dde2ab03593e
SHA256: ee983efcbe72aab59e8f2806fb7bbad54c1d971a8f45a4861c78bcde08a8ceab
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\part-vps_windows-19031004.vpx
binary
MD5: e052c48b1362da6dda12a2db2dabf776
SHA256: fc88702d4812a70d57f21f18bdf27a48eb68ee2bf00a9245d8c6e871370ff8b1
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\prod-vps.vpx
binary
MD5: f49d6ac1de8011f562bb57765232486a
SHA256: fc09fc58756a46feff8dc739e4f78be9a16659c4ae3f79fdd5fe05939e22bebc
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\part-prg_ais-13030941.vpx
binary
MD5: 96db59f9ae7561d307a58ca6d1693a25
SHA256: bd1d641970684f96c914095728db09358e01bc7ae068177feb82db7b1efee88d
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\config.def
text
MD5: 553b471777d328a6ef79790fd516bb47
SHA256: 38b63d92fc4300b5a9d4ce9cbb77194cd3e8aa7faaacb09dd33f851ee7622026
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\config.def.vpx
binary
MD5: 769fb18b50fb08b666d75b796281ec0e
SHA256: a3a99ed4a3b3932944c86f7213fdd25dd2cd627351bd04043f4b57e7840b35ac
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\part-jrog2-290.vpx
binary
MD5: f8b94df1633c11c342f4c1dc6d8114f3
SHA256: 3a2e2bad1b5a1e1f4f73770691607233fdf2232f743cbba0d91fb9dac8ffad54
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\cookie.bin
text
MD5: 0ca781cfa931f2f0d9f9dbd0ba264811
SHA256: e24cb3abb41d4b83c1d02d48442a41835989f95844a81f7638da5864684c57c5
3796
avast_free_antivirus_setup_online.exe
Setup.log
––
MD5:  ––
SHA256:  ––
3924
instup.exe
event_manager.log
––
MD5:  ––
SHA256:  ––
2528
OperaSetup.exe
C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
binary
MD5: 19d9cabbc9d7fd83026c97a39054fdce
SHA256: df69fdb0507977350112463f5296e4c14f975d0654945f66d9f287c2647efe64
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\config.def
text
MD5: 8ada02d3af3d82c4c1b8a25ac0f47ff4
SHA256: ebfb193e5f0a9b3909f87f8560679fe9db0a12f0cfa69fdeb153838f6282d881
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\servers.def.vpx
binary
MD5: 7eae1fa681ab95d4d84aaecef04da987
SHA256: b413a4900f70a8dc71c2d492944e14c1c3902a9b0705e6d73245c1d8645f5be4
3272
OperaSetup.exe
C:\Users\admin\AppData\Local\Temp\Opera_installer_1903141057243943272.dll
––
MD5:  ––
SHA256:  ––
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\servers.def
text
MD5: c66eff1e07edd34ae3465b8fb23020f1
SHA256: 8eb05c4d9b307cf69ed5f13dac4b18c912ea11b2230e62d9891ef1c138380a42
2408
OperaSetup.exe
C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
binary
MD5: 19d9cabbc9d7fd83026c97a39054fdce
SHA256: df69fdb0507977350112463f5296e4c14f975d0654945f66d9f287c2647efe64
3916
OperaSetup.exe
C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
binary
MD5: 19d9cabbc9d7fd83026c97a39054fdce
SHA256: df69fdb0507977350112463f5296e4c14f975d0654945f66d9f287c2647efe64
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\servers.def.lkg
text
MD5: c66eff1e07edd34ae3465b8fb23020f1
SHA256: 8eb05c4d9b307cf69ed5f13dac4b18c912ea11b2230e62d9891ef1c138380a42
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\prod-pgm.vpx
binary
MD5: 9eb32e2d9fb6686b2312dde2ab03593e
SHA256: ee983efcbe72aab59e8f2806fb7bbad54c1d971a8f45a4861c78bcde08a8ceab
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\uat_3924.dll
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\0DD39A92_stp.exe
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\0DD39A92_stp.dat.part
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\0DD39A92_stp.dat
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\0DD39A92_stp.dat.tmp
––
MD5:  ––
SHA256:  ––
2792
avastfreeantivirussetuponline.m.exe
C:\windows\temp\asw.51dd5998f970ca9e\ecoo.edat
text
MD5: 0ca781cfa931f2f0d9f9dbd0ba264811
SHA256: e24cb3abb41d4b83c1d02d48442a41835989f95844a81f7638da5864684c57c5
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\setup.def
text
MD5: 72df6eabbd12547f00d446f99ba9a16f
SHA256: dd870c1e2c7d080c9990f5529420486277e19f7e0d0421b86b921c0a1629a467
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\15FF8E10_stp.dat
binary
MD5: 783fc7fa368a131a4bc589abd32aed8c
SHA256: 8c342945fbf01059c5c2fbde4150f67df7450dbfffad79183e9a6ad4b8623263
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\15FF8E10_stp.dat.part
binary
MD5: 7d7a166bcc3f34579da886be7fa7526c
SHA256: 32c16ca5d4935687cddcff55cbb26e4df868105f631bd3fbce8ff0ae15750e76
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\15FF8E10_stp.dat.tmp
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\BF_YL\we23.html
html
MD5: f44fe01996c6ccf478eedf839c9aff9f
SHA256: b9a65628749309eee149cf9d8ea2b02d1e68df74518933aa03fe79d2baa0cf6b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\BF_YL\wp24.html
html
MD5: 4e1fbd1b00200772639dfe0dd05d3d3b
SHA256: 211614a416e30dc66ec39726151da58576282745026651d18523f677c669587b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\0019FEC9.log
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\6A720B1A_stp\we23.html
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\6A720B1A_stp\wp24.html
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\6A720B1A_stp.dat
binary
MD5: ec97803e3e59311f9aaa382cbd2b4151
SHA256: 50397c464d43ae8761d69a651d0fe1f87e33fe5befe0643cf152dbf1fbe84fc6
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\6A720B1A_stp.dat.part
binary
MD5: 81ecadfb7ff35471939f7499821ccbe7
SHA256: e862977050cac13e6b20345372694fbfaf451f0126e12a93f249605cb9c52cf1
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\6A720B1A_stp.dat.tmp
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\Jimomoromoj_logo[1].png
image
MD5: a42fffd68be18b8ae986986a71521138
SHA256: 61a11ed258dc9bc734bdd2370d9ab39aeefe8817bf0765f8a66e8ee6dedf1a65
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\logo[1].png
image
MD5: 81fb0acbd81cd2bf5104f29cbe1bb1ad
SHA256: 81c5d333a5d5061b00596e12487ac7df9d5f53b9b930d19de0cc56d152699adc
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\icon3[1].png
image
MD5: 4ff19890aeb97c685a46820eae3bff58
SHA256: 69f3e7034b3396dcf072c361a24e3476ea4d35e36ab5905e58d0e8b6c291fe65
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\icon2[1].png
image
MD5: beead83fb83e1f91904352dab6508338
SHA256: 59e22060f7d08432f02828f9fc86f0d72192bc3611a1bb5f6537ffec2cedfde4
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\icon1[1].png
image
MD5: a4d65a1fd06d6db37b726b71ba575121
SHA256: 633b6332755a485cbd36c29cf0514607f67b1b20d6411ea815a75ce3907e4529
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\b2_win_clean[1].png
image
MD5: c3abf64e98119c18c15f0cd68fd4ea06
SHA256: 540e6856bf7485eb209966f0c11d92e6bb6747f2924861cfe7d22f5545907c13
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\EN[1].png
image
MD5: 46bd51d12590a67a66cc21ba18059a20
SHA256: 731cfc592c539f564a7d6c24bc196ce59ef7f47dfab1cd0cfec25d2e0313d4ee
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\Tefenece_logo_black[1].png
image
MD5: a53385c7239a3a59b0f2a3ccd46bf2bc
SHA256: 64389d10ba157c1cb2644efad182af0c4173745e92559181db697ae50de785b8
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\Nononotot_BG[1].jpg
image
MD5: 304b1dda461c2873db414d287b5e1e42
SHA256: 3833df639f18812a5dddc36b591ff1a94beb0b818c91e0e7788688180cab050e
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\in43A9003C\icut.dat
binary
MD5: 576166b408e8218e067a962b6ddf82e8
SHA256: 789fb0f7cd59b46cc27104bf17b9302397d8283c68af327f0e62bfce55d5e34d
656
chrome_1440091051.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 0c8ab50fdeafb5697f64f977b9b79892
SHA256: 36c99b86b679e49b11631fe27e66171baa9b721ea43786fca3041bf1324ba294
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\bootstrap_5229.html
html
MD5: 1ea9e5b417811379e874ad4870d5c51a
SHA256: f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\0019A8C9.log
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\TR.locale
html
MD5: 97fc4f6b7f0ce5e670a768a5e3537e84
SHA256: 61f6f52a7bb1018a0eeda2e1a177dec29a57c712311abd9deaaf1a98972d7c2d
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\ZH.locale
html
MD5: 32d45171b98f80160856ec1f106d10c1
SHA256: 66f423762b08f632e25d5c993970c692971d55ed2deff4034d04c234cca34671
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\RU.locale
html
MD5: ff37921d458748c8085389a8f2944da0
SHA256: 9bd52c5480db88738a98682616a958803ed0944776b1ff418df536dd82873b0a
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\SV.locale
html
MD5: f56320d1f4507ed025ce5f5d39deb0b5
SHA256: 7441422d83897cc1accb963a4e3e2d10eee168609fc3681279f63fd2c698a885
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\NO.locale
html
MD5: 575a8d6024070828ab4b174d9eee5330
SHA256: aa33b24c8df5e3fed815dda7578e3aa4ae741676f67be9ef6a3b249a39fbd7c8
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\NL.locale
html
MD5: 13e8746748a94ce6a7dfd5aeb9bbc472
SHA256: 9f35e40a1f0aaf0e533dd4e3db781bf985c2fe7f17dbbc66c6c11488a6cb07a7
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\PL.locale
html
MD5: 34b98a8e7cdf51318b309c11e0a343cc
SHA256: a78c1b777216f6807b7f630e7b78b0d50a1a31ae4999c21e28609861bccc5441
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\KO.locale
html
MD5: 36daf6cf2b4c540655a4d6b159b7841a
SHA256: 73679073708873e2961193b3e4b6687c815870bd35bf0d689747697135c55d83
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\PT.locale
html
MD5: 88fdaaeb610fb9675c4e1a55ba468801
SHA256: aca86c58990ff66a948e4874a57f77434a037c19614566633b36a7f94e6d7bcc
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\ES.locale
html
MD5: 70954f559ce0ce9252b82ad1f0491bbe
SHA256: 257d0f2d45f05615a9f8a9d99b3d5678f5e9f75a3c200d38acb86146083077ec
3796
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.4f85d11958f388d8\instup_ais-941.vpx
––
MD5:  ––
SHA256:  ––
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\DE.locale
html
MD5: 65996ab87cfdaf69e029580ad5723347
SHA256: c8bad21aee890ade3b72b0d31d0840b1ca4a31cb2018d7fad9362b8ce1112cd4
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\IT.locale
html
MD5: c23ffc2982188bcbaba8938207c188a8
SHA256: 0e7a65743b46b2c46a19e50c89bd79233d6a1d7558ba22c54ff5f774678be270
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\EL.locale
html
MD5: 2e065da149f8d88b2fb02e76f9b01c34
SHA256: 6c482ca57d2941adc616861e8eb7158bd8569c58e682795870208c738799f5ea
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\JA.locale
html
MD5: d032467becbc1e2dee737613ea95c225
SHA256: a1ff77ae9b47b6d21af608a8ae0a284e63a095961c28cf9a855943f32a9e09aa
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\EN.locale
html
MD5: e94cb7e8b9247e6af8d4da349361efc2
SHA256: 1827fd0d78ab6f015a2344680a8f8ccb6b4b86d5565babc84bf8e452234284e5
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\FR.locale
html
MD5: 3f495446384812d17ebbb2e8d2fa8489
SHA256: cc0bdaedb5e0e81ecd1c392547bdb3ef9742a0d21f3fd883832415a54769d7a5
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\sponsored.png
image
MD5: e3758d529f93fee4807f5ea95fbc1a6c
SHA256: 8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\libs\localAssests\icut\icut_v2_2.cis
binary
MD5: 6eea368901ea5a93df886508c3fdfb6d
SHA256: 6e7d76f573135648243b15da732272e8e6f0c8948834ec88ac9f9f13045cae8e
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\DA.locale
html
MD5: ac4708b110c4bc0e435394852f7a85a0
SHA256: de0ed5724b0e6991d1f9916f3680c5922df16e4513f1206f815337c11c226115
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\libs\localAssests\icc\icc_v5_8.cis
binary
MD5: d3275dae3b2da9508907b2e97cd72712
SHA256: 9ae11521ced6ba7905386fbbc151c039eb056140d57413103ec0d164e94b9d03
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\locale\CS.locale
html
MD5: 55ebbf3f25728f4b023f9060885a12da
SHA256: a0a6d17c63b280bb33d0c7868b236c7d1956560ece8480a564a63ba1a67e6252
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Regular_Button_Middle.png
image
MD5: 10e5234fb776f556b51ee63ab0d77791
SHA256: a9b3eb314462cc9c794902da437b7841064d0d55dbb55ad3d4aaa89bf08f139b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Pause_Button.png
image
MD5: 84b37cb510f50c8fea812eb308d3f03f
SHA256: 7bf800336671204de36b7d1f6ceffdff830040f51d21bc44f220f68d72cf492b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Regular_Button_Right.png
image
MD5: 670bbcd28971e2d04c45a9f4c16328ff
SHA256: 28b34975ec9894642087286569a9d95091ba7e0100cbf1114ad2b12eeef19b5e
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Regular_Button_Left.png
image
MD5: bf86b34a94c6839ee091d0d804172ec8
SHA256: 02b3aa2605e4d4acc915dd0e17db3cdfe6bb2295858c64bb2c40cff76041abd7
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\ProgressBar.png
image
MD5: 48fa7919b2d348dd9ce343c9ab22b299
SHA256: d52573953ec429e4f9c6ba6567d2b0d0832925b63c8517210f3ab9b380a11bbc
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Resume_Button.png
image
MD5: 9d31583bcfad58a6b9ddeaf44549a5e6
SHA256: e466a2db2f755d9eb68619439af37ff4e45559b7a3f476e226ab2a11aeadae1a
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Quick_Specs.png
image
MD5: 07cd59b954e8495ad6cd6a7c11d2de86
SHA256: 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Progress.png
image
MD5: 04b45069bc9843d14e9f9caa644aae1a
SHA256: 5654476149b7a84dd4d08046d35180567b01e8d87e270d96b12ed40649ec8736
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Color_Button_Hover.png
image
MD5: 198593ed7fda78677ebcf6e2576b4bdd
SHA256: 2ce222b53057f8489cf72b71f24fc2fc0f8743569119bf8e57acb1a0595c988c
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Loader.gif
image
MD5: afc685139a108e33bd945d5a3ff64122
SHA256: 4d70f45a9c69d8ce2e630214c1b2871454d631ccf9d88976470170d0e106acbc
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Finish_Check.png
image
MD5: ad5d4e4130a63adb186504f4639fbde9
SHA256: eae44a71cc09c4657b1071e8a78a62fe30a84e520fd46a59df72a728da05bb59
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Icon_Generic.png
image
MD5: a35aeb077ffa7ffb4382c639743d29cc
SHA256: dccfb478e6097086d886b5a01d120bf511b381982b0975e0c65eab3846e4234d
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Dots.png
image
MD5: 2e5b2a15d1a3956dee90907c01f33045
SHA256: 030b83b07692fd72ad414780dcc5d1374dfefcd9223a720f7e5c8f51eccf802a
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Grey_Button_Hover.png
image
MD5: 198593ed7fda78677ebcf6e2576b4bdd
SHA256: 2ce222b53057f8489cf72b71f24fc2fc0f8743569119bf8e57acb1a0595c988c
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Grey_Button.png
image
MD5: 3e21c454ad120482f2099ce4c44982ec
SHA256: 1ba3bcb175afb99570cb331f8dc88306c7fe14a424a7311e8ccbca5285d51079
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Blue_Button_Middle.png
image
MD5: d27bd30b9c4858b41df31d950f84366a
SHA256: f70751acc483291dca2336921f995a9e518592b40094f0d29397ac9445751b80
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Blue_Button_Right.png
image
MD5: e9acea4d13b5cfeb7cb81f3cd6ce60d0
SHA256: 4309899661ae4c7c313f531b387ce7ff0844a9c7a1509446dfcf0ae64752f681
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Blue_Button_Left.png
image
MD5: a5b6fc528cafff63429c92590557f4e5
SHA256: 59c6d6acb82424d7495c79cbc0dd3feda28616857a8bd8ba1212a6d0169b5766
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Color_Button.png
image
MD5: 3e21c454ad120482f2099ce4c44982ec
SHA256: 1ba3bcb175afb99570cb331f8dc88306c7fe14a424a7311e8ccbca5285d51079
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Close.png
image
MD5: c222a4f3d309721c0898606960120266
SHA256: f638cc042b7ade6f43f2faf0077e020137562e559178396b7e975db39ac13df6
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\Close_Hover.png
image
MD5: f5bdb3cabdc15580d97fa94aa3397c08
SHA256: b28db98f2a6b06b6783b8fca6aabdcb89234d5bd4306fa71711988dba1fc71ea
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\images\BG.png
image
MD5: 43fa697a120df14a695bb41a12d0ece8
SHA256: 95ed32d9182b61655760a862f863484b2b7801c3df1faa7ac8d2d432609aae51
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\_button.scss
text
MD5: cfe3a6bdd0517296eb8217d40a7acb4f
SHA256: 2ee3a84389a7073946f77e3a5c3780caa17e1656e65a953dc0d8b91b89209060
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\_checkbox.scss
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\_browse.scss
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_z-index.scss
text
MD5: 76a55c9ab774e449c10487624ac3f45e
SHA256: 176c81a57205a8496a0a472bdead1de1350beb5fc03ea339703c65d2a29a0b93
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_width-height.scss
text
MD5: dd8af246e3a767aeb684a8272fc7c2c9
SHA256: 86d060bfd279cf4e9cbbaa9a3f444da99339f247af0c9d9e85b109a31474bdd9
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\sdk-ui\_progress-bar.scss
text
MD5: 0dce8b2d152948a7c134bfb98cb09522
SHA256: 2d92f324b5e52b412057b5a7cc428665ee5205d07022c681e99b631d20a5137e
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_visibility.scss
text
MD5: 02061aea75eac76fff1d2a8e9607d64c
SHA256: f32292cf3212f83814c985aa82f0f8a0e8dada0aee81cd7401aa3aac08e45bc0
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_padding.scss
text
MD5: 839ce4bba9e717524487b58757ea63da
SHA256: 54c64f48133908b48ed7c739a95b9edca865b3a89bdaa34d29973652c3648ede
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_margin.scss
text
MD5: e83d43d06045e990e910e494aebae8ae
SHA256: 15484f9e0794f7526e5671615bcdbb436dc7f53012387821d2163ce59fa5e84b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_positions.scss
text
MD5: d70ee316e26374f839174916490e937e
SHA256: 3affbaeb6f57451faf94ca9cbcab2504ef75df0e8570aa7be99dd52c9cecb8e7
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_lists.scss
text
MD5: bda575f11636073d71b86b89c94c6e42
SHA256: b15b8db0368e31991fbe43c121409484562e20fb9599b5b3828e3093217de163
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_typography.scss
text
MD5: 0d6e99087615172921e0383b0bce87d2
SHA256: a94bd2fb6595faea527116d8d8ee090ff74e89216ef3c9260f5f0b5bfa330e0e
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_align.scss
text
MD5: bbbbd243f9525acc7dc6077010627409
SHA256: 1f11b5f53e0aa7da1a1559a1a5cdd52bf03119ea74e5091462461c550e9288db
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_border-radius.scss
text
MD5: 6bdf3fd89410e39d33f8137e04ad4a16
SHA256: 2c6b98cb19c3e3a0e37472767c53df213243ae92bc80ef9a7f5baa17f7b6fa31
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_clearfix.scss
text
MD5: add166bc071472dc105f4734d2dcf0e2
SHA256: 75ebe8b4a4cbbac0eb4de35b60972452b4526c56eefb5186dd40a92c70773377
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_border.scss
text
MD5: 681fb7eb197e8e7ebd89f828d1181fd6
SHA256: 51e8afa69ed6d92eb82f71939b0b8fd34ef23faecee457698238e5a4f28df984
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_colors.scss
text
MD5: 2da278fbb61e370e0cc9f548e8154e1c
SHA256: 857a73fc1da7cf54525048aa60ec9e2f07328ee1d718a66e3b17186170bb5b5b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_backgrounds.scss
text
MD5: 6092a3768f84cfbc6e5c52301f5b63ea
SHA256: 8a22a3285f3c7d82aa1a4273bdd62729da241723507c1ecd5d2fd0a24c12e23b
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_float.scss
text
MD5: bc5eb91b59a99e0fc439e02f80319975
SHA256: eaf9d36e3e75177e64090ac71c6fcf9bb6465cd21f5c0a5ccb05666033609da8
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\helpers\_display.scss
text
MD5: 7fc18252c6212f1ebb349b5f7f429217
SHA256: 1b1f774d3b163c1ba9c86cad87d4b594fba588a364132121f8a234f149816429
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\_variables.scss
text
MD5: 07922410c30f0117cbc3c140f14aea88
SHA256: af1999b49c03f5dcbb19466466fac2d8172c684c0ff18931b85a8d0a06332c73
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\main.css
text
MD5: 2f8e73f6862f835d7bfe217510d017be
SHA256: 01f56175429629e8393b6b74214bec6800654c498b8334b2e3c3ef168158a8d4
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\swAgent.css
text
MD5: 2543e3af757c7d7c8a26c7cf57795f60
SHA256: c38892a06c8f50c6386ed794af4f1ea3e1897ad5f0c7e19594d9ea7b20cfb3f1
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\main.scss
text
MD5: 7e96c47b209126678b910c38225e1373
SHA256: 1d818ef8eefebae32fcf9004bf582c952ee3ad5af56719144300d30397be89fb
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\_helpers.scss
text
MD5: 5f158dbbd9fc4594a2f6c13854501916
SHA256: bf12b79f67f1cb9988797f7d81f6f504c8dfe0f0435482e64819a140dbc8da14
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\ie6_main.scss
text
MD5: d10348d17adf8a90670696728f54562d
SHA256: e8a3d15cf32009b01b9145b6e62ff6caa9c2981f81ce063578c73c7adff08dfc
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\_functions.scss
text
MD5: 8f7259de64f6ddf352bf461f44d34a81
SHA256: 80edc9d67172bc830d68d33f4547735fb072cadf3ef25aab37a10b50db87a069
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\form.bmp.Mask
binary
MD5: d2fc989f9c2043cd32332ec0fad69c70
SHA256: 27dd029405cbfb0c3bf8bac517be5db9aa83e981b1dc2bd5c5d6c549fa514101
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\inH168110932609\css\ie6_main.css
text
MD5: ad234e6a62580f62019c78b2a718de00
SHA256: c4f2684f16c8e4553cc29c604a2f505399039638a34e652a7a1acdeb157a0861
656
chrome_1440091051.exe
C:\Users\admin\AppData\Local\Temp\0019A6D5.log
––
MD5:  ––
SHA256:  ––
3924
instup.exe
C:\Windows\Temp\asw.4f85d11958f388d8\avdump_x86_ais-941.vpx
binary
MD5: e79c3274955e0dc15d4d832b6a1ff851
SHA256: 70bb0d629e91953ab3b191451dae1e1927777049a53f3b64893ea0bc2799fa60

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
44
TCP/UDP connections
36
DNS requests
32
Threats
7

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
656 chrome_1440091051.exe POST –– 52.212.157.66:80 http://www3.nofoteccaret.com/?wina=0 IE
binary
––
––
malicious
656 chrome_1440091051.exe POST 200 52.212.157.66:80 http://www3.nofoteccaret.com/?texoquen=1 IE
binary
text
malicious
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
656 chrome_1440091051.exe POST 200 52.51.129.59:80 http://vps.nofoteccaret.com/ IE
binary
binary
malicious
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Nononotot/Nononotot_BG.jpg NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Jimomoromoj/Jimomoromoj_logo.png NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Tefenece/Tefenece_logo_black.png NL
image
suspicious
656 chrome_1440091051.exe HEAD 200 95.211.184.67:80 http://app.nofoteccaret.com/ofr/Niniwic/YL/Niniwic_Tefenece_12Apr16.cis NL
––
––
suspicious
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Tavasat/15Feb17/v2/EN.png NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Rowabobeso/b2_win_clean.png NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Rowabobeso/icon1.png NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Rowabobeso/icon2.png NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Rowabobeso/icon3.png NL
image
suspicious
656 chrome_1440091051.exe GET 200 46.166.187.59:80 http://img.nofoteccaret.com/img/Rowabobeso/logo.png NL
image
suspicious
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
656 chrome_1440091051.exe GET 416 192.96.201.161:80 http://remote.nofoteccaret.com/ofr/Niniwic/YL/Niniwic_Tefenece_12Apr16.cis US
html
suspicious
656 chrome_1440091051.exe GET 200 95.211.184.67:80 http://app.nofoteccaret.com/ofr/Niniwic/YL/Niniwic_Tefenece_12Apr16.cis NL
binary
suspicious
656 chrome_1440091051.exe HEAD 200 95.211.184.67:80 http://app.nofoteccaret.com/ofr/Tavasat/Tavasat_18Jan19_m.cis NL
binary
suspicious
656 chrome_1440091051.exe GET 200 192.96.201.161:80 http://remote.nofoteccaret.com/ofr/Tavasat/Tavasat_18Jan19_m.cis US
binary
suspicious
656 chrome_1440091051.exe HEAD 403 104.27.202.90:80 http://dl.jalecdn.com/US/chrome.exe US
––
––
malicious
656 chrome_1440091051.exe HEAD 200 185.26.182.111:80 http://net.geo.opera.com/opera/stable?utm_medium=pbc&utm_source=ais&utm_campaign=_CRT_nc&utm_id=5LSuBqTv%2Fw%2Bh7f56oemLfaLr%2Fgy3rq5PrO%2F6Cqjt%2BQql7PoOp%2BjyDKfk7FT3u69JrJK6XuO8iEn%2Bqrle4%2FupSfLu%2BAai5f4Dqen8D%2F5MAAAAkd3KOw%3D%3D unknown
––
––
whitelisted
656 chrome_1440091051.exe GET 403 104.27.202.90:80 http://dl.jalecdn.com/US/chrome.exe US
html
malicious
656 chrome_1440091051.exe GET 200 185.26.182.111:80 http://net.geo.opera.com/opera/stable?utm_medium=pbc&utm_source=ais&utm_campaign=_CRT_nc&utm_id=5LSuBqTv%2Fw%2Bh7f56oemLfaLr%2Fgy3rq5PrO%2F6Cqjt%2BQql7PoOp%2BjyDKfk7FT3u69JrJK6XuO8iEn%2Bqrle4%2FupSfLu%2BAai5f4Dqen8D%2F5MAAAAkd3KOw%3D%3D unknown
executable
whitelisted
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
2792 avastfreeantivirussetuponline.m.exe POST 200 216.58.212.142:80 http://www.google-analytics.com/collect US
text
image
whitelisted
2792 avastfreeantivirussetuponline.m.exe POST 204 77.234.45.54:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2792 avastfreeantivirussetuponline.m.exe GET 200 95.101.0.232:80 http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe unknown
executable
whitelisted
656 chrome_1440091051.exe POST 200 52.214.73.247:80 http://bbs.nofoteccaret.com/ IE
binary
––
––
malicious
656 chrome_1440091051.exe GET 403 104.27.202.90:80 http://dl.jalecdn.com/US/chrome.exe US
html
malicious
2792 avastfreeantivirussetuponline.m.exe POST 200 216.58.212.142:80 http://www.google-analytics.com/collect US
text
image
whitelisted
2792 avastfreeantivirussetuponline.m.exe POST 204 77.234.45.54:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
3796 avast_free_antivirus_setup_online.exe GET 200 216.58.212.142:80 http://www.google-analytics.com/collect?aiid=mmm_irs_ppi_002_451_m&an=Free&av=19.3.4241&cd=stub-extended&cd3=Online&cid=de51209e-a9e2-4d8e-908b-78ec3e278a98&dt=Installation&t=screenview&tid=UA-58120669-3&v=1 US
image
whitelisted
3796 avast_free_antivirus_setup_online.exe POST 204 77.234.45.54:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
3924 instup.exe GET 200 95.101.0.203:80 http://p3357684.iavs9x.u.avast.com/iavs9x/servers.def.vpx unknown
binary
suspicious
3924 instup.exe GET 200 95.101.0.203:80 http://p3357684.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx unknown
binary
suspicious
3924 instup.exe GET 200 95.101.0.203:80 http://p3357684.iavs9x.u.avast.com/iavs9x/avbugreport_ais-941.vpx unknown
binary
suspicious
3924 instup.exe GET 200 95.101.0.203:80 http://p3357684.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-941.vpx unknown
binary
suspicious
3924 instup.exe GET –– 95.101.0.203:80 http://p3357684.iavs9x.u.avast.com/iavs9x/offertool_ais-941.vpx unknown
––
––
suspicious
656 chrome_1440091051.exe GET 403 104.27.202.90:80 http://dl.jalecdn.com/US/chrome.exe US
html
malicious
656 chrome_1440091051.exe GET 403 104.27.202.90:80 http://dl.jalecdn.com/US/chrome.exe US
html
malicious
–– –– GET 403 104.27.202.90:80 http://dl.jalecdn.com/US/chrome.exe US
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
656 chrome_1440091051.exe 52.214.73.247:80 Amazon.com, Inc. IE malicious
656 chrome_1440091051.exe 52.212.157.66:80 Amazon.com, Inc. IE malicious
656 chrome_1440091051.exe 104.25.236.8:443 Cloudflare Inc US shared
656 chrome_1440091051.exe 52.51.129.59:80 Amazon.com, Inc. IE malicious
656 chrome_1440091051.exe 46.166.187.59:80 NForce Entertainment B.V. NL malicious
656 chrome_1440091051.exe 95.211.184.67:80 LeaseWeb Netherlands B.V. NL malicious
656 chrome_1440091051.exe 192.96.201.161:80 Leaseweb USA, Inc. US suspicious
656 chrome_1440091051.exe 104.27.202.90:80 Cloudflare Inc US suspicious
656 chrome_1440091051.exe 185.26.182.111:80 Opera Software AS –– whitelisted
2792 avastfreeantivirussetuponline.m.exe 216.58.212.142:80 Google Inc. US whitelisted
2792 avastfreeantivirussetuponline.m.exe 77.234.45.54:80 AVAST Software s.r.o. DE unknown
2792 avastfreeantivirussetuponline.m.exe 95.101.0.232:80 Akamai International B.V. –– whitelisted
2408 OperaSetup.exe 185.26.182.95:443 Opera Software AS –– unknown
2408 OperaSetup.exe 82.145.217.121:443 Opera Software AS –– unknown
3796 avast_free_antivirus_setup_online.exe 77.234.45.54:80 AVAST Software s.r.o. DE unknown
3796 avast_free_antivirus_setup_online.exe 216.58.212.142:80 Google Inc. US whitelisted
3924 instup.exe 5.62.40.201:443 AVAST Software s.r.o. DE unknown
2408 OperaSetup.exe 185.26.182.112:443 Opera Software AS –– suspicious
3924 instup.exe 8.8.8.8:53 Google Inc. US whitelisted
3924 instup.exe 95.101.0.203:80 Akamai International B.V. –– whitelisted
2408 OperaSetup.exe 185.26.182.117:443 Opera Software AS –– unknown
2408 OperaSetup.exe 151.101.38.2:443 Fastly US unknown
–– –– 104.27.202.90:80 Cloudflare Inc US suspicious

DNS requests

Domain IP Reputation
bbs.nofoteccaret.com 52.214.73.247
malicious
www3.nofoteccaret.com 52.212.157.66
malicious
cdn.jaleco.com 104.25.236.8
unknown
vps.nofoteccaret.com 52.51.129.59
malicious
img.nofoteccaret.com 46.166.187.59
suspicious
app.nofoteccaret.com 95.211.184.67
suspicious
remote.nofoteccaret.com 192.96.201.161
suspicious
dl.jalecdn.com 104.27.202.90
malicious
net.geo.opera.com 185.26.182.111
whitelisted
www.google-analytics.com 216.58.212.142
whitelisted
v7event.stats.avast.com 77.234.45.54
whitelisted
iavs9x.u.avast.com 95.101.0.232
whitelisted
autoupdate.geo.opera.com 185.26.182.95
whitelisted
desktop-netinstaller-sub.osp.opera.software 82.145.217.121
whitelisted
shepherd.ff.avast.com 5.62.40.201
whitelisted
dl.opera.com 185.26.182.112
whitelisted
d3336443.iavs9x.u.avast.com 95.101.0.203
suspicious
d4130079.iavs9x.u.avast.com 95.101.0.232
suspicious
g0679661.iavs9x.u.avast.com 95.101.0.203
whitelisted
m5972635.iavs9x.u.avast.com 95.101.0.232
whitelisted
p3357684.iavs9x.u.avast.com 95.101.0.203
suspicious
s-iavs9x.avcdn.net 2.21.40.53
malicious
download.opera.com 185.26.182.117
unknown
download1.operacdn.com 151.101.38.2
whitelisted

Threats

PID Process Class Message
656 chrome_1440091051.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
656 chrome_1440091051.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1
656 chrome_1440091051.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
656 chrome_1440091051.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4
656 chrome_1440091051.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1

2 ETPRO signatures available at the full report

Debug output strings

Process Message
instup.exe [2019-03-14 10:57:33.441] [error ] [Ares ] [ 3924: 3640] Unable to resolve 's-iavs9x.avcdn.net' into IPv6 via DNS servers [8.8.8.8,8.8.4.4] (13004, Domain name not found)
instup.exe [2019-03-14 10:57:33.441] [error ] [Ares ] [ 3924: 3640] Unable to resolve 's-iavs9x.avcdn.net' into IPv6 via DNS servers [8.8.8.8,8.8.4.4] (13004, Domain name not found)
instup.exe [2019-03-14 10:57:33.441] [error ] [Ares ] [ 3924: 3640] Unable to resolve 's-iavs9x.avcdn.net' into IPv6 via DNS servers [8.8.8.8,8.8.4.4] (13004, Domain name not found)
instup.exe [2019-03-14 10:57:33.441] [error ] [Ares ] [ 3924: 3640] Unable to resolve 's-iavs9x.avcdn.net' into IPv6 via DNS servers [8.8.8.8,8.8.4.4] (13004, Domain name not found)
instup.exe [2019-03-14 10:57:33.441] [error ] [Ares ] [ 3924: 3640] Unable to resolve 's-iavs9x.avcdn.net' into IPv6 via DNS servers [8.8.8.8,8.8.4.4] (13004, Domain name not found)
instup.exe [2019-03-14 10:57:33.441] [error ] [Ares ] [ 3924: 3640] Unable to resolve 's-iavs9x.avcdn.net' into IPv6 via DNS servers [8.8.8.8,8.8.4.4] (13004, Domain name not found)