General Info

File name

http://sdl.adaware.com/cdn/avast_free_antivirus_setup_online.exe

Full analysis
https://app.any.run/tasks/93be6dc6-93df-4f75-9d0f-d066b6b5c561
Verdict
Malicious activity
Analysis date
2/10/2019, 17:06:56
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

906009d6e7927189f1803db099b0a162

SHA1

897d13fe64140a2ec3656180aae2de7f06a4e7a1

SHA256

d833649b72de406e636081e1a6271310df0cd62b9e141b8374ed1de02d7b0701

SSDEEP

3072:64UW6InDFMe4aLNHmSQcOCK9v/pUABPQ9LWvYEvVUmuJv5Rhr+F7mFIecRYW0cQb:6NWLnD+5VEK93phlRv3UZvyhYW02GkDK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • AvastUI.exe (PID: 3852)
  • SetupInf.exe (PID: 2316)
  • wsc_proxy.exe (PID: 2560)
  • aswOfferTool.exe (PID: 2648)
  • aswRunDll.exe (PID: 2280)
  • RegSvr.exe (PID: 3800)
  • SetupInf.exe (PID: 3692)
  • overseer.exe (PID: 2672)
  • RegSvr.exe (PID: 3712)
  • SetupInf.exe (PID: 2748)
  • AvastUI.exe (PID: 2928)
  • SetupInf.exe (PID: 3856)
  • AvEmUpdate.exe (PID: 1744)
  • instup.exe (PID: 2728)
  • instup.exe (PID: 3840)
  • CCUpdate.exe (PID: 2544)
  • AvEmUpdate.exe (PID: 3716)
  • AvastNM.exe (PID: 2120)
  • AvEmUpdate.exe (PID: 2300)
  • CCUpdate.exe (PID: 2756)
  • AvEmUpdate.exe (PID: 2988)
  • CCUpdate.exe (PID: 2284)
  • AvEmUpdate.exe (PID: 2376)
  • instup.exe (PID: 3148)
  • AvastSvc.exe (PID: 3856)
  • 8ba921a8-0cf1-4086-8c28-748df44b4367.exe (PID: 3528)
  • CCUpdate.exe (PID: 2920)
  • instup.exe (PID: 2488)
  • sbr.exe (PID: 2468)
  • instup.exe (PID: 3116)
  • avast_free_antivirus_setup_online.exe (PID: 3768)
Loads dropped or rewritten executable
  • instup.exe (PID: 2728)
  • AvastUI.exe (PID: 3852)
  • rundll32.exe (PID: 3420)
  • AvEmUpdate.exe (PID: 1744)
  • rundll32.exe (PID: 1380)
  • AvastUI.exe (PID: 2928)
  • engsup.exe (PID: 3916)
  • RegSvr.exe (PID: 3800)
  • instup.exe (PID: 3840)
  • RegSvr.exe (PID: 3712)
  • aswRunDll.exe (PID: 2280)
  • AvastSvc.exe (PID: 3856)
  • instup.exe (PID: 3148)
  • AvEmUpdate.exe (PID: 3716)
  • AvEmUpdate.exe (PID: 2376)
  • AvEmUpdate.exe (PID: 2300)
  • AvEmUpdate.exe (PID: 2988)
  • instup.exe (PID: 2488)
  • engsup.exe (PID: 2900)
  • instup.exe (PID: 3116)
Loads the Task Scheduler COM API
  • AvEmUpdate.exe (PID: 1744)
  • CCUpdate.exe (PID: 2756)
  • CCUpdate.exe (PID: 2632)
  • overseer.exe (PID: 2672)
  • AvEmUpdate.exe (PID: 3716)
  • AvEmUpdate.exe (PID: 2300)
Changes the autorun value in the registry
  • instup.exe (PID: 3840)
  • instup.exe (PID: 2488)
Stealing of credential data
  • AvastUI.exe (PID: 2928)
Downloads executable files from the Internet
  • CCUpdate.exe (PID: 2756)
  • AvEmUpdate.exe (PID: 3716)
  • avast_free_antivirus_setup_online.exe (PID: 3868)
Changes settings of System certificates
  • AvastSvc.exe (PID: 3856)
  • instup.exe (PID: 2488)
Reads the cookies of Google Chrome
  • AvastSvc.exe (PID: 3856)
  • AvastUI.exe (PID: 2928)
  • engsup.exe (PID: 3916)
Reads the cookies of Mozilla Firefox
  • AvastSvc.exe (PID: 3856)
  • AvastUI.exe (PID: 2928)
  • engsup.exe (PID: 3916)
Low-level read access rights to disk partition
  • AvastUI.exe (PID: 3852)
  • AvastUI.exe (PID: 2928)
  • AvEmUpdate.exe (PID: 1744)
  • instup.exe (PID: 2728)
  • CCUpdate.exe (PID: 2632)
  • instup.exe (PID: 3148)
  • CCUpdate.exe (PID: 2544)
  • overseer.exe (PID: 2672)
  • CCUpdate.exe (PID: 2756)
  • wsc_proxy.exe (PID: 2560)
  • instup.exe (PID: 3840)
  • AvastSvc.exe (PID: 3856)
  • CCUpdate.exe (PID: 2920)
  • CCUpdate.exe (PID: 2284)
  • AvEmUpdate.exe (PID: 2376)
  • AvEmUpdate.exe (PID: 3716)
  • AvEmUpdate.exe (PID: 2988)
  • avast_free_antivirus_setup_online.exe (PID: 3868)
  • avast_free_antivirus_setup_online.exe (PID: 3768)
  • instup.exe (PID: 3116)
  • instup.exe (PID: 2488)
Searches for installed software
  • rundll32.exe (PID: 1380)
  • AvastSvc.exe (PID: 3856)
  • rundll32.exe (PID: 3420)
  • AvastUI.exe (PID: 2928)
Uses RUNDLL32.EXE to load library
  • AvastUI.exe (PID: 2928)
Creates files in the Windows directory
  • keytool.exe (PID: 2364)
  • keytool.exe (PID: 1860)
  • AvastSvc.exe (PID: 3856)
  • avast_free_antivirus_setup_online.exe (PID: 3768)
  • avast_free_antivirus_setup_online.exe (PID: 3868)
  • instup.exe (PID: 3116)
  • instup.exe (PID: 2488)
Creates files in the user directory
  • AvastUI.exe (PID: 2928)
Reads CPU info
  • AvastSvc.exe (PID: 3856)
  • AvastUI.exe (PID: 2928)
Executable content was dropped or overwritten
  • aswOfferTool.exe (PID: 2648)
  • instup.exe (PID: 3840)
  • AvastSvc.exe (PID: 3856)
  • AvEmUpdate.exe (PID: 2376)
  • CCUpdate.exe (PID: 2920)
  • AvEmUpdate.exe (PID: 3716)
  • CCUpdate.exe (PID: 2284)
  • avast_free_antivirus_setup_online.exe (PID: 3868)
  • avast_free_antivirus_setup_online.exe (PID: 3768)
  • instup.exe (PID: 3116)
  • instup.exe (PID: 2488)
Removes files from Windows directory
  • AvastSvc.exe (PID: 3856)
  • avast_free_antivirus_setup_online.exe (PID: 3768)
  • instup.exe (PID: 3116)
  • instup.exe (PID: 2488)
Reads Internet Cache Settings
  • AvastUI.exe (PID: 2928)
  • instup.exe (PID: 2488)
Reads Environment values
  • AvastUI.exe (PID: 2928)
  • AvastSvc.exe (PID: 3856)
Creates files in the program directory
  • aswOfferTool.exe (PID: 2648)
  • AvastUI.exe (PID: 2928)
  • CCUpdate.exe (PID: 2632)
  • wsc_proxy.exe (PID: 2560)
  • CCUpdate.exe (PID: 2756)
  • engsup.exe (PID: 3916)
  • AvastNM.exe (PID: 2120)
  • instup.exe (PID: 3148)
  • CCUpdate.exe (PID: 2284)
  • AvEmUpdate.exe (PID: 3716)
  • avast_free_antivirus_setup_online.exe (PID: 3768)
  • CCUpdate.exe (PID: 2920)
  • engsup.exe (PID: 2900)
  • instup.exe (PID: 3116)
  • instup.exe (PID: 3840)
  • AvastSvc.exe (PID: 3856)
  • instup.exe (PID: 2488)
Application launched itself
  • AvastUI.exe (PID: 2928)
  • CCUpdate.exe (PID: 2756)
  • AvEmUpdate.exe (PID: 3716)
Reads the date of Windows installation
  • AvastSvc.exe (PID: 3856)
Loads DLL from Mozilla Firefox
  • rundll32.exe (PID: 1380)
  • rundll32.exe (PID: 3420)
Starts itself from another location
  • CCUpdate.exe (PID: 2284)
  • instup.exe (PID: 3116)
Creates COM task schedule object
  • RegSvr.exe (PID: 3712)
  • RegSvr.exe (PID: 3800)
  • instup.exe (PID: 2488)
Creates or modifies windows services
  • AvastSvc.exe (PID: 3856)
  • instup.exe (PID: 2488)
Creates a software uninstall entry
  • AvEmUpdate.exe (PID: 2376)
  • instup.exe (PID: 2488)
Modifies the open verb of a shell class
  • instup.exe (PID: 2488)
Creates files in the driver directory
  • instup.exe (PID: 2488)
Adds / modifies Windows certificates
  • instup.exe (PID: 2488)
Reads Microsoft Office registry keys
  • AvastUI.exe (PID: 2928)
Dropped object may contain Bitcoin addresses
  • instup.exe (PID: 3840)
  • instup.exe (PID: 2488)
Reads settings of System Certificates
  • AvastUI.exe (PID: 2928)
  • AvastSvc.exe (PID: 3856)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:01:03 17:42:16+01:00
PEType:
PE32
LinkerVersion:
14.15
CodeSize:
128512
InitializedDataSize:
76800
UninitializedDataSize:
null
EntryPoint:
0x10d0
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
2.1.1252.0
ProductVersionNumber:
2.1.1252.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
AVAST Software
Edition:
1
FileDescription:
Avast Antivirus Installer
FileVersion:
2.1.1252.0
InternalName:
microstub
LegalCopyright:
Copyright (c) 2019 AVAST Software
OriginalFileName:
microstub.exe
ProductName:
Avast MicroInstaller
ProductVersion:
2.1.1252.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
03-Jan-2019 16:42:16
Detected languages
English - United States
Debug artifacts
D:\BUILD\work\00\ec99741887596299\projects\avast\microstub\x86\Release\microstub.pdb
CompanyName:
AVAST Software
Edition:
1
FileDescription:
Avast Antivirus Installer
FileVersion:
2.1.1252.0
InternalName:
microstub
LegalCopyright:
Copyright (c) 2019 AVAST Software
OriginalFilename:
microstub.exe
ProductName:
Avast MicroInstaller
ProductVersion:
2.1.1252.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
03-Jan-2019 16:42:16
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0001F57A 0x0001F600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.57927
.rdata 0x00021000 0x00009204 0x00009400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.30132
.data 0x0002B000 0x00001574 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.7944
.didat 0x0002D000 0x00000030 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.479587
.rsrc 0x0002E000 0x000063E8 0x00006400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 3.9466
.reloc 0x00035000 0x00001B88 0x00001C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.62801
Resources
1

2

3

63

69

70

100

126

132

133

138

139

144

145

200

201

207

208

EDAT_ECOO

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    COMCTL32.dll

    VERSION.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
79
Monitored processes
40
Malicious processes
24
Suspicious processes
6

Behavior graph

+
download and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start download and start drop and start drop and start drop and start avast_free_antivirus_setup_online.exe no specs avast_free_antivirus_setup_online.exe avast_free_antivirus_setup_online.exe instup.exe instup.exe sbr.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs engsup.exe no specs avemupdate.exe no specs avemupdate.exe avemupdate.exe 8ba921a8-0cf1-4086-8c28-748df44b4367.exe no specs avemupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe regsvr.exe no specs regsvr.exe no specs aswrundll.exe no specs avastnm.exe no specs overseer.exe avastsvc.exe engsup.exe no specs wsc_proxy.exe no specs instup.exe no specs instup.exe keytool.exe no specs keytool.exe no specs avemupdate.exe avastui.exe aswoffertool.exe instup.exe no specs rundll32.exe no specs avastui.exe no specs rundll32.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2876
CMD
"C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe"
Path
C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1252.0
Modules
Image
c:\users\admin\desktop\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll

PID
3868
CMD
"C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe"
Path
C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1252.0
Modules
Image
c:\users\admin\desktop\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\temp\asw.83e2cebe156d9b00\avast_free_antivirus_setup_online.exe
c:\windows\system32\apphelp.dll

PID
3768
CMD
"C:\Windows\Temp\asw.83e2cebe156d9b00\avast_free_antivirus_setup_online.exe" /ga_clientid:6763cb32-7faa-4c27-8dbf-205a4b6e133e /edat_dir:C:\Windows\Temp\asw.83e2cebe156d9b00
Path
C:\Windows\Temp\asw.83e2cebe156d9b00\avast_free_antivirus_setup_online.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\windows\temp\asw.83e2cebe156d9b00\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.1d9340ba44724009\instup.exe

PID
3116
CMD
"C:\Windows\Temp\asw.1d9340ba44724009\instup.exe" /cookie:mmm_lvs_ppi_002_967_n /edition:1 /ga_clientid:6763cb32-7faa-4c27-8dbf-205a4b6e133e /guid:275776f9-5580-40f8-a584-e3cf9797729c /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.1d9340ba44724009 /ga_clientid:6763cb32-7faa-4c27-8dbf-205a4b6e133e /edat_dir:C:\Windows\Temp\asw.83e2cebe156d9b00
Path
C:\Windows\Temp\asw.1d9340ba44724009\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\windows\temp\asw.1d9340ba44724009\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.1d9340ba44724009\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\temp\asw.1d9340ba44724009\htmlayout.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.1d9340ba44724009\uat_3116.dll
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\avb758e.tmp
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\avd75be.tmp
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\ins75cf.tmp
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\ins75ff.tmp
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\asw769c.tmp
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\htm76bc.tmp
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\instup.exep

PID
2488
CMD
"C:\Windows\Temp\asw.1d9340ba44724009\New_1302093c\instup.exe" /cookie:mmm_lvs_ppi_002_967_n /edat_dir:C:\Windows\Temp\asw.83e2cebe156d9b00 /edition:1 /ga_clientid:6763cb32-7faa-4c27-8dbf-205a4b6e133e /guid:275776f9-5580-40f8-a584-e3cf9797729c /online_installer /prod:ais /sfx /sfxstorage:C:\Windows\Temp\asw.1d9340ba44724009
Path
C:\Windows\Temp\asw.1d9340ba44724009\New_1302093c\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\instup.dllp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.1d9340ba44724009\uat_2488.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\htm76bc.tmp
c:\windows\system32\comdlg32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\sbr.exe
c:\program files\avast software\avast\aswefa0.tmp
c:\program files\avast software\avast\aswefb1.tmp
c:\program files\avast software\avast\setup\inf\x86\aswefc1.tmp
c:\program files\avast software\avast\setup\inf\x86\aswefc2.tmp
c:\program files\avast software\avast\setup\inf\x86\aswefe3.tmp
c:\program files\avast software\avast\setup\inf\x86\asweff3.tmp
c:\program files\avast software\avast\setup\inf\x86\aswf004.tmp
c:\program files\avast software\avast\tuneupbin\tunf016.tmp
c:\program files\avast software\avast\aswf055.tmp
c:\program files\avast software\avast\dndf075.tmp
c:\program files\avast software\avast\gamf096.tmp
c:\program files\avast software\avast\gamf0c9.tmp
c:\program files\avast software\avast\gamf0f9.tmp
c:\program files\avast software\avast\gamf0fa.tmp
c:\program files\avast software\avast\aswf10b.tmp
c:\program files\avast software\avast\ahrf152.tmp
c:\program files\avast software\avast\aswf163.tmp
c:\program files\avast software\avast\aswf174.tmp
c:\program files\avast software\avast\aswf175.tmp
c:\program files\avast software\avast\aswf185.tmp
c:\program files\avast software\avast\aswf196.tmp
c:\program files\avast software\avast\aswf1a7.tmp
c:\program files\avast software\avast\aswf1b7.tmp
c:\program files\avast software\avast\aswf1f7.tmp
c:\program files\avast software\avast\aswf207.tmp
c:\program files\avast software\avast\aswf218.tmp
c:\program files\avast software\avast\aswf238.tmp
c:\program files\avast software\avast\aswf239.tmp
c:\program files\avast software\avast\vaaf24a.tmp
c:\program files\avast software\avast\pamf25b.tmp
c:\program files\avast software\avast\rescuedisk\avaf29b.tmp
c:\program files\avast software\avast\rescuedisk\basf2ac.tmp
c:\program files\avast software\avast\rescuedisk\aswf2ad.tmp
c:\program files\avast software\avast\rescuedisk\aswf2bd.tmp
c:\program files\avast software\avast\rescuedisk\uilf2ce.tmp
c:\program files\avast software\avast\resf2ef.tmp
c:\program files\avast software\avast\setup\crt\insf300.tmp
c:\program files\avast software\avast\aswf340.tmp
c:\program files\avast software\avast\snxf351.tmp
c:\program files\avast software\avast\setup\inf\x86\aswf362.tmp
c:\program files\avast software\avast\asuf383.tmp
c:\program files\avast software\avast\aswf393.tmp
c:\program files\avast software\avast\1033\basf3d8.tmp
c:\program files\avast software\avast\1033\boof3d9.tmp
c:\program files\avast software\avast\1033\uilf3e9.tmp
c:\program files\avast software\avast\setup\inf\x86\aswf40a.tmp
c:\program files\avast software\avast\setup\inf\x86\aswf40b.tmp
c:\program files\avast software\avast\aavf465.tmp
c:\program files\avast software\avast\ashf475.tmp
c:\program files\avast software\avast\aswf486.tmp
c:\program files\avast software\avast\aswf497.tmp
c:\program files\avast software\avast\firf4a7.tmp
c:\program files\avast software\avast\avaf501.tmp
c:\program files\avast software\avast\aavf512.tmp
c:\program files\avast software\avast\avef552.tmp
c:\program files\avast software\avast\avaf572.tmp
c:\program files\avast software\avast\comf573.tmp
c:\program files\avast software\avast\comf583.tmp
c:\program files\avast software\avast\visf5a4.tmp
c:\program files\avast software\avast\anef5b4.tmp
c:\program files\avast software\avast\ashf5c5.tmp
c:\program files\avast software\avast\ashf5d6.tmp
c:\program files\avast software\avast\ashf5e6.tmp
c:\program files\avast software\avast\ashf626.tmp
c:\program files\avast software\avast\ashf636.tmp
c:\program files\avast software\avast\ashf637.tmp
c:\program files\avast software\avast\aswf648.tmp
c:\program files\avast software\avast\aswf649.tmp
c:\program files\avast software\avast\aswf65a.tmp
c:\program files\avast software\avast\aswf66a.tmp
c:\program files\avast software\avast\aswf66b.tmp
c:\program files\avast software\avast\aswf67c.tmp
c:\program files\avast software\avast\aswf67d.tmp
c:\program files\avast software\avast\aswf68d.tmp
c:\program files\avast software\avast\aswf69e.tmp
c:\program files\avast software\avast\aswf69f.tmp
c:\program files\avast software\avast\aswf6b0.tmp
c:\program files\avast software\avast\aswf6b1.tmp
c:\program files\avast software\avast\aswf6c1.tmp
c:\program files\avast software\avast\aswf6c2.tmp
c:\program files\avast software\avast\aswf6d3.tmp
c:\program files\avast software\avast\aswf6e4.tmp
c:\program files\avast software\avast\aswf6e5.tmp
c:\program files\avast software\avast\brof6f5.tmp
c:\program files\avast software\avast\burf6f6.tmp
c:\program files\avast software\avast\cusf716.tmp
c:\program files\avast software\avast\dllf717.tmp
c:\program files\avast software\avast\evef728.tmp
c:\program files\avast software\avast\evef739.tmp
c:\program files\avast software\avast\evef73a.tmp
c:\program files\avast software\avast\evef74a.tmp
c:\program files\avast software\avast\evef75b.tmp
c:\program files\avast software\avast\evef76c.tmp
c:\program files\avast software\avast\fflf77c.tmp
c:\program files\avast software\avast\fltf78d.tmp
c:\program files\avast software\avast\guif78e.tmp
c:\program files\avast software\avast\limf79e.tmp
c:\program files\avast software\avast\logf7bf.tmp
c:\program files\avast software\avast\modf7cf.tmp
c:\program files\avast software\avast\netf7d0.tmp
c:\program files\avast software\avast\prof7e1.tmp
c:\program files\avast software\avast\schf7f2.tmp
c:\program files\avast software\avast\serf802.tmp
c:\program files\avast software\avast\shef813.tmp
c:\program files\avast software\avast\strf823.tmp
c:\program files\avast software\avast\tasf834.tmp
c:\program files\avast software\avast\wscf835.tmp
c:\program files\avast software\avast\wscf855.tmp
c:\program files\avast software\avast\setup\inf\x86\aswf886.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8a8.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8a9.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8ba.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8bb.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8cc.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8dc.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8dd.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8ee.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif8ef.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif900.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif910.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif911.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif912.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif923.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif933.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif934.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif945.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif946.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif957.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif958.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif968.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif979.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif97a.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif98b.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9ab.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9ac.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9bc.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9bd.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9ce.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9cf.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9e0.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9e1.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apif9f1.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa02.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa03.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa14.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa24.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa35.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa45.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\apifa46.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\confa57.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\msvfa68.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\ucrfa78.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.crt\x86\vcrfab8.tmp
c:\program files\avast software\avast\setup\crt\data\avast.vc140.mfc\x86\mfcfada.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfbaa.tmp
c:\program files\avast software\avast\hnsfbbb.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfbcb.tmp
c:\program files\avast software\avast\libfbdc.tmp
c:\program files\avast software\avast\libfbfc.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfbfd.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfc0e.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfc0f.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfc20.tmp
c:\program files\avast software\avast\aswfc40.tmp
c:\program files\avast software\avast\aswfc41.tmp
c:\program files\avast software\avast\aswfc61.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfc62.tmp
c:\program files\avast software\avast\avdfc82.tmp
c:\program files\avast software\avast\regfc93.tmp
c:\program files\avast software\avast\aswfca4.tmp
c:\program files\avast software\avast\avbfcc4.tmp
c:\program files\avast software\avast\setfcd4.tmp
c:\program files\avast software\avast\setup\ovefce5.tmp
c:\program files\avast software\avast\aswfd15.tmp
c:\program files\avast software\avast\setup\inf\x86\aswfd26.tmp
c:\program files\avast software\avast\ahr25a.tmp
c:\program files\avast software\avast\aso26b.tmp
c:\program files\avast software\avast\ahr27b.tmp
c:\program files\avast software\avast\ash28c.tmp
c:\program files\avast software\avast\ahr2ae.tmp
c:\program files\avast software\avast\setup\avb2af.tmp
c:\program files\avast software\avast\setup\avd2fe.tmp
c:\program files\avast software\avast\setup\ins31f.tmp
c:\program files\avast software\avast\setup\ins34e.tmp
c:\program files\avast software\avast\setup\asw4f5.tmp
c:\program files\avast software\avast\setup\htm544.tmp
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\avast software\avast\setupinf.ex
c:\windows\system32\wintrust.dll
c:\program files\avast software\avast\defs\19020905\asw1b9c.tmp
c:\program files\avast software\avast\defs\19020905\sf21bbc.tmp
c:\program files\avast software\avast\defs\19020905\alg1bcd.tmp
c:\program files\avast software\avast\defs\19020905\arp1bfd.tmp
c:\program files\avast software\avast\defs\19020905\asw1c0e.tmp
c:\program files\avast software\avast\defs\19020905\asw1c1e.tmp
c:\program files\avast software\avast\defs\19020905\asw1c1f.tmp
c:\program files\avast software\avast\defs\19020905\asw1c30.tmp
c:\program files\avast software\avast\defs\19020905\asw1c31.tmp
c:\program files\avast software\avast\defs\19020905\asw1c41.tmp
c:\program files\avast software\avast\defs\19020905\asw1c42.tmp
c:\program files\avast software\avast\defs\19020905\asw1c63.tmp
c:\program files\avast software\avast\defs\19020905\asw1c73.tmp
c:\program files\avast software\avast\defs\19020905\asw1cc2.tmp
c:\program files\avast software\avast\defs\19020905\asw1cc3.tmp
c:\program files\avast software\avast\defs\19020905\asw1cd4.tmp
c:\program files\avast software\avast\defs\19020905\bcu1cd5.tmp
c:\program files\avast software\avast\defs\19020905\ext1d05.tmp
c:\program files\avast software\avast\defs\19020905\fwa1d16.tmp
c:\program files\avast software\avast\defs\19020905\pus1d17.tmp
c:\program files\avast software\avast\defs\19020905\swh1d27.tmp
c:\program files\avast software\avast\defs\19020905\uie1d38.tmp
c:\program files\avast software\avast\defs\19020905\eng1ee8.tmp
c:\program files\avast software\avast\defs\19020905\engsup.exep
c:\program files\avast software\avast\avemupdate
c:\program files\avast software\avast\regsvr.exep
c:\program files\avast software\avast\aswrundll.e
c:\program files\avast software\avast\avastnm.exe
c:\program files\common files\avast software\overseer\overseer.exe
c:\program files\avast software\avast\dll_loader
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\program files\avast software\avast\aswproperty
c:\program files\avast software\avast\module_life
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\ashtaskex.d
c:\program files\avast software\avast\aavm4h.dllp
c:\windows\system32\samcli.dll
c:\program files\avast software\avast\ashtask.dll
c:\program files\avast software\avast\aswaux.dllp
c:\program files\avast software\avast\ashbase.dll
c:\windows\system32\wsock32.dll
c:\program files\avast software\avast\aswengldr.d
c:\program files\avast software\avast\aswcmnbs.dl
c:\program files\avast software\avast\aswcmnis.dl
c:\program files\avast software\avast\aswcmnos.dl
c:\program files\avast software\avast\libcrypto-1
c:\program files\avast software\avast\libssl-1_1
c:\program files\avast software\avast\commchannel
c:\program files\avast software\avast\aswip.dllmp
c:\program files\avast software\avast\streamback
c:\program files\avast software\avast\aswlog.dllp
c:\program files\avast software\avast\aswsqlt.dll
c:\program files\avast software\avast\log.dll.tmp
c:\program files\avast software\avast\tasks_core
c:\program files\avast software\avast\1033\base.dlltmp
c:\windows\system32\winsatapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\dispci.dll
c:\windows\system32\wdi.dll
c:\windows\system32\firewallapi.dll

PID
2468
CMD
"C:\Windows\Temp\asw.1d9340ba44724009\New_1302093c\sbr.exe" 2488 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Path
C:\Windows\Temp\asw.1d9340ba44724009\New_1302093c\sbr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Shutdown blocker
Version
19.2.4186.0
Modules
Image
c:\windows\temp\asw.1d9340ba44724009\new_1302093c\sbr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2748
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswRdr2.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
3692
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswHwid.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
2316
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswVmm.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
3856
CMD
"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswRvrt.cat /uninstall
Path
C:\Program Files\AVAST Software\Avast\SetupInf.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll

PID
2900
CMD
"C:\Program Files\AVAST Software\Avast\defs\19020905\engsup.exe" /prepare_definitions_folder
Path
C:\Program Files\AVAST Software\Avast\defs\19020905\engsup.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus vps tool
Version
18.0.468.0
Modules
Image
c:\program files\avast software\avast\defs\19020905\engsup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\defs\19020905\aswengin.dl
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\defs\19020905\aswcmnbs.dl
c:\program files\avast software\avast\defs\19020905\aswcmnis.dl
c:\program files\avast software\avast\defs\19020905\aswcmnos.dl
c:\program files\avast software\avast\defs\19020905\algo.dlltmp

PID
2300
CMD
"C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe" /installer /reg
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Emergency Update
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\firewallapi.dll

PID
3716
CMD
"C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe" /installer1
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Emergency Update
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\aswrvrt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\program files\avast software\avast\avemupdate
c:\program files\avast software\avast\setup\8ba921a8-0cf1-4086-8c28-748df44b4367.exe

PID
2988
CMD
AvEmUpdate.exe /installer1 /emupdater /applydll "C:\Program Files\AVAST Software\Avast\Setup\ecb49d1a-90dd-4aaf-9fa6-f6a194c6179b.dll"
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Emergency Update
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\avast software\avast\setup\ecb49d1a-90dd-4aaf-9fa6-f6a194c6179b.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\ccleaner\ccleaner.exe

PID
3528
CMD
dummy /installer1
Path
C:\Program Files\AVAST Software\Avast\Setup\8ba921a8-0cf1-4086-8c28-748df44b4367.exe
Indicators
No indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\avast software\avast\setup\8ba921a8-0cf1-4086-8c28-748df44b4367.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\program files\avast software\avast\avemupdate

PID
2376
CMD
AvEmUpdate.exe /installer1 /emupdater /applydll "C:\Program Files\AVAST Software\Avast\Setup\2a9d526f-2e0f-4f31-9a1b-66e5a785a2f9.dll"
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Emergency Update
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\avast software\avast\setup\2a9d526f-2e0f-4f31-9a1b-66e5a785a2f9.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\ccupdate.exe

PID
2920
CMD
"C:\Users\admin\AppData\Local\Temp\\CCUpdate.exe" /applycab "C:\Users\admin\AppData\Local\Temp\cc3749.tmp"
Path
C:\Users\admin\AppData\Local\Temp\CCUpdate.exe
Indicators
Parent process
AvEmUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
17, 8, 77, 0
Modules
Image
c:\users\admin\appdata\local\temp\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\program files\ccleaner\setup\1e34223a-40ba-4aa8-8d4e-f26cc38132ad\ccupdate.exe

PID
2284
CMD
CCUpdate.exe /emupdater /applyupdate "C:\Program Files\CCleaner\Setup\1e34223a-40ba-4aa8-8d4e-f26cc38132ad\update.xml"
Path
C:\Program Files\CCleaner\Setup\1e34223a-40ba-4aa8-8d4e-f26cc38132ad\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
18.6.553.0
Modules
Image
c:\program files\ccleaner\setup\1e34223a-40ba-4aa8-8d4e-f26cc38132ad\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\program files\ccleaner\ccupdate.exe

PID
2756
CMD
dummy /emupdater /reg
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
1237
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
18.6.553.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll

PID
2544
CMD
CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\ccd1112e-75d8-4c2d-9c0c-4e4202531ade.dll"
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Ltd
Description
CCleaner emergency updater
Version
18.6.553.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\ccleaner\setup\ccd1112e-75d8-4c2d-9c0c-4e4202531ade.dll
c:\windows\system32\shell32.dll

PID
2632
CMD
dummy /emupdater
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Software Ltd
Description
CCleaner emergency updater
Version
19.2.566.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll

PID
3800
CMD
"C:\Program Files\AVAST Software\Avast\RegSvr.exe" "C:\Program Files\AVAST Software\Avast\aswAMSI.dll"
Path
C:\Program Files\AVAST Software\Avast\RegSvr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\regsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswamsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\dll_loader
c:\program files\avast software\avast\aswcmnos.dl
c:\program files\avast software\avast\aswcmnis.dl

PID
3712
CMD
"C:\Program Files\AVAST Software\Avast\RegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
Path
C:\Program Files\AVAST Software\Avast\RegSvr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\regsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\asoutext.d
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\version.dll

PID
2280
CMD
"C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\ashMaiSv.dll,Install"
Path
C:\Program Files\AVAST Software\Avast\aswRunDll.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\aswrundll.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\ashmaisv.d
c:\program files\avast software\avast\aavm4h.dllp
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\program files\avast software\avast\ashtask.dll
c:\program files\avast software\avast\aswaux.dllp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\ashbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\avast software\avast\aswengldr.d
c:\program files\avast software\avast\aswcmnbs.dl
c:\program files\avast software\avast\aswcmnis.dl
c:\program files\avast software\avast\aswcmnos.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\program files\avast software\avast\libcrypto-1
c:\windows\system32\bcrypt.dll
c:\program files\avast software\avast\libssl-1_1
c:\program files\avast software\avast\commchannel
c:\program files\avast software\avast\aswip.dllmp
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\avast software\avast\module_life
c:\windows\system32\dnsapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\program files\avast software\avast\streamback
c:\program files\avast software\avast\aswlog.dllp
c:\program files\avast software\avast\aswsqlt.dll
c:\program files\avast software\avast\ahresmai.d
c:\program files\avast software\avast\dll_loader

PID
2120
CMD
"C:\Program Files\AVAST Software\Avast\AvastNM.exe" /install
Path
C:\Program Files\AVAST Software\Avast\AvastNM.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\avast software\avast\avastnm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2672
CMD
"C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe" /skip_update /skip_uptime /skip_remediations
Path
C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Overseer
Version
1.0.350.0
Modules
Image
c:\program files\common files\avast software\overseer\overseer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\avast software\avast\avastsvc.ex
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
3856
CMD
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Path
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AVAST Software
Description
Avast Service
Version
19.2.4186.0
Modules
Image
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\kernel32.dll
c:\program files\avast software\avast\setupinf.exe
c:\program files\avast software\avast\avastsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\avast software\avast\ashbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\program files\avast software\avast\aswengldr.d
c:\program files\avast software\avast\aswcmnbs.dl
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\program files\avast software\avast\aswcmnis.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\avast software\avast\aswcmnos.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\program files\avast software\avast\libcrypto-1
c:\windows\system32\bcrypt.dll
c:\program files\avast software\avast\libssl-1_1
c:\program files\avast software\avast\commchannel
c:\program files\avast software\avast\aswip.dllmp
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\avast software\avast\module_life
c:\windows\system32\shell32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\imm32.dll
c:\program files\avast software\avast\dll_loader
c:\program files\avast software\avast\log.dll.tmp
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswproperty
c:\program files\avast software\avast\tasks_core
c:\windows\system32\powrprof.dll
c:\program files\avast software\avast\1033\base.dlltmp
c:\windows\system32\bcryptprimitives.dll
c:\program files\avast software\avast\ashserv.dll
c:\program files\avast software\avast\anen.dlltmp
c:\program files\avast software\avast\ashtaskex.d
c:\program files\avast software\avast\aavm4h.dllp
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\program files\avast software\avast\ashtask.dll
c:\program files\avast software\avast\aswaux.dllp
c:\windows\system32\wtsapi32.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\program files\avast software\avast\streamback
c:\program files\avast software\avast\aswlog.dllp
c:\program files\avast software\avast\aswsqlt.dll
c:\program files\avast software\avast\aswstrm.dll
c:\program files\avast software\avast\event_routi
c:\windows\system32\rpcrtremote.dll
c:\program files\avast software\avast\serializati
c:\windows\system32\winsta.dll
c:\program files\avast software\avast\process_mon
c:\program files\avast software\avast\event_manag
c:\program files\avast software\avast\burger_clie
c:\windows\system32\sensapi.dll
c:\program files\avast software\avast\netf7d0.tmp
c:\program files\avast software\avast\lim.dll.tmp
c:\program files\avast software\avast\defs\19020905\aswengin.dl
c:\program files\avast software\avast\defs\19020905\aswcmnis.dl
c:\program files\avast software\avast\defs\19020905\aswcmnos.dl
c:\program files\avast software\avast\defs\19020905\aswcmnbs.dl
c:\program files\avast software\avast\defs\19020905\aswrep.dllp
c:\program files\avast software\avast\defs\19020905\aswfidb.dll
c:\program files\avast software\avast\defs\19020905\aswarray.dl
c:\program files\avast software\avast\defs\19020905\aswcleanerd
c:\windows\system32\clbcatq.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\program files\avast software\avast\defs\19020905\algo.dlltmp
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\program files\avast software\avast\aswpsic.dll
c:\program files\avast software\avast\aswsys.dllp
c:\program files\avast software\avast\fltlib_wrap
c:\windows\system32\fltlib.dll
c:\program files\avast software\avast\ahresmai.d
c:\program files\avast software\avast\ahresstd.d
c:\program files\avast software\avast\ahresws2.d
c:\program files\avast software\avast\ahresidp.dl
c:\program files\avast software\avast\aswsecapi.d
c:\program files\avast software\avast\aswcml.dllp
c:\program files\avast software\avast\aswidplog.d
c:\program files\avast software\avast\aswdetalloc
c:\program files\avast software\avast\aswcomm.dll
c:\program files\avast software\avast\aswremoval
c:\program files\avast software\avast\aswntsqlite
c:\program files\avast software\avast\aswidpsdk.d
c:\program files\avast software\avast\aswvmm.dllp
c:\program files\avast software\avast\custody.dll
c:\program files\avast software\avast\ffl2.dlltmp
c:\windows\system32\samlib.dll
c:\program files\avast software\avast\defs\19020905\arpot.dllmp
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wship6.dll
c:\program files\avast software\avast\gui_cache.d
c:\windows\system32\winsatapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msxml6.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\program files\avast software\avast\ashmaisv.d
c:\program files\avast software\avast\defs\19020905\exts.dlltmp
c:\windows\system32\apphelp.dll
c:\program files\avast software\avast\wsc_proxy.e
c:\program files\avast software\avast\aswstreamfi
c:\program files\avast software\avast\aswdnscache
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\avast software\avast\hns_tools.d
c:\windows\system32\firewallapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\program files\avast software\avast\defs\19020905\aswar.dllmp
c:\program files\avast software\avast\defs\19020905\aswrawfs.dl
c:\program files\avast software\avast\setup\instup.exe
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\program files\avast software\avast\rescue_disk
c:\program files\avast software\avast\aswurlcache
c:\windows\system32\imagehlp.dll
c:\program files\avast software\avast\shepherdsyn
c:\program files\avast software\avast\tuneupbin\tunf016.tmp
c:\windows\system32\msi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\gpapi.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\cryptnet.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\program files\java\jre1.8.0_92\bin\keytool.exe
c:\program files\avast software\avast\gaming_mode
c:\program files\avast software\avast\aswpatchmgt
c:\program files\avast software\avast\defs\19020905\swhealthex2
c:\program files\avast software\avast\defs\19020905\bcuengine.d
c:\program files\microsoft office\office14\onbttnie.dll
c:\program files\microsoft office\office14\onbttnielinkednotes.dll
c:\progra~1\micros~1\office14\outlctl.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\program files\videolan\vlc\axvlc.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll

PID
3916
CMD
"C:\Program Files\AVAST Software\Avast\defs\19020905\engsup.exe" /get_download_cookie /get_latest_ga_client_id /get_latest_gclid
Path
C:\Program Files\AVAST Software\Avast\defs\19020905\engsup.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
AVAST Software
Description
Avast Antivirus vps tool
Version
18.0.468.0
Modules
Image
c:\program files\avast software\avast\defs\19020905\engsup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\defs\19020905\pushpin.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\program files\avast software\avast\defs\19020905\aswcmnbs.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\defs\19020905\aswcmnis.dl
c:\program files\avast software\avast\defs\19020905\aswcmnos.dl

PID
2560
CMD
"C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /av_as /signatures:up_to_date /state:on /svc /update
Path
C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
AVAST Software
Description
Avast remediation exe
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\wsc_proxy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\avast\wsc.dll.tmp
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wscisvif.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscproxystub.dll

PID
3148
CMD
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:check_for_updates /wait
Path
C:\Program Files\AVAST Software\Avast\setup\instup.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setup\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\avast software\avast\setup\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll

PID
3840
CMD
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /edat_dir:C:\Windows\Temp\asw.83e2cebe156d9b00 /finish_delayed_installation /session_id:1 /wait
Path
C:\Program Files\AVAST Software\Avast\setup\instup.exe
Indicators
Parent process
AvastSvc.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setup\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\avast software\avast\setup\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\avast software\avast\setup\htmlayout
c:\windows\system32\comdlg32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\program files\avast software\avast\dll_loader
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\aswproperty
c:\program files\avast software\avast\module_life
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\avast software\avast\ashtaskex.d
c:\program files\avast software\avast\aavm4h.dllp
c:\windows\system32\samcli.dll
c:\program files\avast software\avast\ashtask.dll
c:\program files\avast software\avast\aswaux.dllp
c:\program files\avast software\avast\ashbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\program files\avast software\avast\aswengldr.d
c:\program files\avast software\avast\aswcmnbs.dl
c:\program files\avast software\avast\aswcmnis.dl
c:\program files\avast software\avast\aswcmnos.dl
c:\program files\avast software\avast\libcrypto-1
c:\windows\system32\bcrypt.dll
c:\program files\avast software\avast\libssl-1_1
c:\program files\avast software\avast\commchannel
c:\program files\avast software\avast\aswip.dllmp
c:\program files\avast software\avast\aavmrpch.dl
c:\program files\avast software\avast\streamback
c:\program files\avast software\avast\aswlog.dllp
c:\program files\avast software\avast\aswsqlt.dll
c:\program files\avast software\avast\log.dll.tmp
c:\program files\avast software\avast\1033\base.dlltmp
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\program files\avast software\avast\aswrvrt.dll.tmp
c:\program files\avast software\avast\htmd58c.tmp
c:\program files\avast software\avast\avad5cb.tmp
c:\program files\avast software\avast\avld668.tmp
c:\program files\avast software\avast\comd6d7.tmp
c:\program files\avast software\avast\avcdaac.tmp
c:\program files\avast software\avast\chrdabc.tmp
c:\program files\avast software\avast\libdacd.tmp
c:\program files\avast software\avast\libdadd.tmp
c:\program files\avast software\avast\libdb0d.tmp
c:\windows\system32\apphelp.dll
c:\program files\avast software\avast\avemupdate
c:\program files\avast software\avast\avastui.exe
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
2364
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\keytool.exe" -exportcert -alias "Avastsslscannerroot" -keystore "C:\Program Files\Java\jre1.8.0_92\lib\security\cacerts" -storepass changeit
Path
C:\Program Files\Java\jre1.8.0_92\bin\keytool.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
1
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\keytool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\java\jre1.8.0_92\bin\jli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll

PID
1860
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\keytool.exe" -importcert -alias "Avastsslscannerroot" -file "C:\ProgramData\AVAST Software\Avast\wscert.der" -keystore "C:\Program Files\Java\jre1.8.0_92\lib\security\cacerts" -storepass changeit -noprompt
Path
C:\Program Files\Java\jre1.8.0_92\bin\keytool.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\keytool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\java\jre1.8.0_92\bin\jli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll

PID
1744
CMD
"C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe" /installer2
Path
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AVAST Software
Description
Avast Emergency Update
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\aswrvrt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll

PID
2928
CMD
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /welcome
Path
C:\Program Files\AVAST Software\Avast\AvastUI.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avastui.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\program files\avast software\avast\ashtask.dll
c:\program files\avast software\avast\aswaux.dllp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\ashbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\program files\avast software\avast\aswengldr.d
c:\program files\avast software\avast\aswcmnbs.dl
c:\program files\avast software\avast\aswcmnis.dl
c:\program files\avast software\avast\aswcmnos.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\avast software\avast\libcrypto-1
c:\windows\system32\bcrypt.dll
c:\program files\avast software\avast\libssl-1_1
c:\program files\avast software\avast\commchannel
c:\program files\avast software\avast\aswip.dllmp
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\avast software\avast\module_life
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\program files\avast software\avast\aswlog.dllp
c:\program files\avast software\avast\aswsqlt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\winmm.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\program files\avast software\avast\avchrome.dl
c:\program files\avast software\avast\commonui.dl
c:\windows\system32\dwmapi.dll
c:\program files\avast software\avast\aswutil.dll
c:\windows\winsxs\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.27012.0_none_a93423e024c3902a\mfc140u.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\program files\avast software\avast\dll_loader
c:\program files\avast software\avast\log.dll.tmp
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswproperty
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\1033\base.dlltmp
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\sspicli.dll
c:\program files\avast software\avast\event_routi
c:\program files\avast software\avast\tasks_core
c:\windows\system32\powrprof.dll
c:\program files\avast software\avast\libcef.dllp
c:\program files\avast software\avast\chrome_elf
c:\windows\system32\comdlg32.dll
c:\windows\system32\credui.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\winspool.drv
c:\windows\system32\fontsub.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\avast software\avast\serializati
c:\program files\avast software\avast\aswdata.dll
c:\program files\avast software\avast\ashtaskex.d
c:\program files\avast software\avast\aavm4h.dllp
c:\program files\avast software\avast\streamback
c:\program files\avast software\avast\event_manag
c:\program files\avast software\avast\burger_clie
c:\windows\system32\sensapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winsta.dll
c:\program files\avast software\avast\gaming_prob
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\apphelp.dll
c:\program files\avast software\avast\setup\aswofferto
c:\program files\avast software\avast\defs\19020905\aswengin.dl
c:\program files\avast software\avast\defs\19020905\aswcmnis.dl
c:\program files\avast software\avast\defs\19020905\aswcmnos.dl
c:\program files\avast software\avast\defs\19020905\aswcmnbs.dl
c:\program files\avast software\avast\defs\19020905\aswrep.dllp
c:\program files\avast software\avast\defs\19020905\aswfidb.dll
c:\program files\avast software\avast\defs\19020905\aswarray.dl
c:\program files\avast software\avast\defs\19020905\aswcleanerd
c:\program files\avast software\avast\gaming_mode
c:\program files\avast software\avast\1033\uilangres.d
c:\program files\avast software\avast\commonres.d
c:\program files\avast software\avast\htmlayout.d
c:\program files\avast software\avast\defs\19020905\uiext.dllmp
c:\program files\avast software\avast\pam.dll.tmp
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\avast software\avast\process_mon
c:\program files\avast software\avast\aswidpm.dll
c:\program files\avast software\avast\aswsys.dllp
c:\program files\avast software\avast\aswcml.dllp
c:\program files\avast software\avast\aswidplog.d
c:\program files\avast software\avast\aswcomm.dll
c:\program files\avast software\avast\aswdatascan
c:\windows\system32\logoncli.dll
c:\windows\system32\query.dll
c:\windows\system32\samlib.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\program files\avast software\avast\defs\19020905\pushpin.dll
c:\program files\avast software\avast\browser_pas
c:\windows\system32\rundll32.exe
c:\windows\system32\schannel.dll
c:\windows\system32\mscms.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll

PID
2648
CMD
"C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe" -checkChrome
Path
C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe
Indicators
Parent process
AvastUI.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
AVAST Software
Description
Avast Offer Installation Tool
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setup\aswoffertool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\setup\gcapi_15498149342648.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll

PID
2728
CMD
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:check_for_updates /wait
Path
C:\Program Files\AVAST Software\Avast\setup\instup.exe
Indicators
No indicators
Parent process
AvastSvc.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\setup\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\avast software\avast\setup\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll

PID
3420
CMD
"C:\Windows\system32\rundll32.exe" "C:\Program Files\AVAST Software\Avast\firefox_pass.dll",[email protected]
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
AvastUI.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\firefox_pas
c:\windows\system32\psapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\cryptbase.dll

PID
3852
CMD
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=renderer --disable-gpu-compositing --disable-pinch --no-sandbox --primordial-pipe-token=A3CB6AD124CE07E349C95BCAE98742D4 --lang=en-US --lang=en-US --log-file="C:\Users\admin\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.3.2987.1601 Safari/537.36 Avastium (19.2.2364)" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=A3CB6AD124CE07E349C95BCAE98742D4 --renderer-client-id=2 --mojo-platform-channel-handle=5852 /prefetch:1
Path
C:\Program Files\AVAST Software\Avast\AvastUI.exe
Indicators
No indicators
Parent process
AvastUI.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus
Version
19.2.4186.0
Modules
Image
c:\program files\avast software\avast\avastui.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\program files\avast software\avast\ashtask.dll
c:\program files\avast software\avast\aswaux.dllp
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\avast software\avast\ashbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\program files\avast software\avast\aswengldr.d
c:\program files\avast software\avast\aswcmnbs.dl
c:\program files\avast software\avast\aswcmnis.dl
c:\program files\avast software\avast\aswcmnos.dl
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\avast software\avast\libcrypto-1
c:\windows\system32\bcrypt.dll
c:\program files\avast software\avast\libssl-1_1
c:\program files\avast software\avast\commchannel
c:\program files\avast software\avast\aswip.dllmp
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\avast software\avast\module_life
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\program files\avast software\avast\aswlog.dllp
c:\program files\avast software\avast\aswsqlt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\winmm.dll
c:\program files\avast software\avast\aavmrpch.dl
c:\program files\avast software\avast\avchrome.dl
c:\program files\avast software\avast\commonui.dl
c:\windows\system32\dwmapi.dll
c:\program files\avast software\avast\aswutil.dll
c:\windows\winsxs\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.27012.0_none_a93423e024c3902a\mfc140u.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\program files\avast software\avast\dll_loader
c:\program files\avast software\avast\log.dll.tmp
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\avast software\avast\aswproperty
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\avast software\avast\1033\base.dlltmp
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\sspicli.dll
c:\program files\avast software\avast\event_routi
c:\program files\avast software\avast\libcef.dllp
c:\program files\avast software\avast\chrome_elf
c:\windows\system32\comdlg32.dll
c:\windows\system32\credui.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\winspool.drv
c:\windows\system32\fontsub.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

PID
1380
CMD
"C:\Windows\system32\rundll32.exe" "C:\Program Files\AVAST Software\Avast\firefox_pass.dll",[email protected]
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
AvastUI.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\avast software\avast\firefox_pas
c:\windows\system32\psapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\msvcp140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\vcruntime140.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\ucrtbase.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-localization-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-file-l2-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-string-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-math-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-time-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.27012.0_none_a45421ee27ef60f7\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
11118
Read events
4138
Write events
6971
Delete events
9

Modification events

PID
Process
Operation
Key
Name
Value
3868
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.83e2cebe156d9b00
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
6
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
13
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
20
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
26
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
33
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
40
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
46
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
53
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
60
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
66
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
73
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
80
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
86
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
93
3768
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
100
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
3116
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Updating the product
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-93c.vpx
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
16
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-93c.vpx
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
33
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
50
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
66
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: offertool_ais-93c.vpx
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
83
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
100
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvBugReport.exe
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvDump.exe
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.exe
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.dll
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: aswOfferTool.exe
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: HTMLayout.dll
3116
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Replacing files
2488
instup.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aswProbeKey
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
100
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
0
2488
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
AvRepair
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:repair /wait
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Installing the product
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
0
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
1
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
2
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
3
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
5
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
6
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
7
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
8
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
9
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
11
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
12
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
13
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
14
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
15
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
17
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
18
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
20
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
21
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
22
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
23
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
25
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
26
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
28
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
30
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
31
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
33
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
34
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
36
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
37
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
39
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
40
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
42
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
44
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
45
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
47
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
49
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
50
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
52
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
53
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
55
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
57
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
58
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
60
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
62
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
63
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
65
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
66
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
68
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
70
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
71
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
73
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
74
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
76
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
78
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
79
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
81
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
83
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
84
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
85
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
87
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
89
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
90
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
92
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
93
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
95
2488
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
97