Avast Threat Labs on Twitter: "Additional detail: The C&C server is derived from a DNS response sent to the specific CNAME (rpc.1qw[.]us). The domain name of CNAME is m.tet.kozow[.]com, and we discovered
![Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587) | the-deniss.github.io Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587) | the-deniss.github.io](https://the-deniss.github.io/assets/images/avast-privileged-arbitrary-file-create-on-quarantine/QuarantineExploit_Trace1.png)
Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587) | the-deniss.github.io
![Elevation of privileges from Everyone through Avast Sandbox to System AmPPL (CVE-2021-45335, CVE-2021-45336 and CVE-2021-45337) | the-deniss.github.io Elevation of privileges from Everyone through Avast Sandbox to System AmPPL (CVE-2021-45335, CVE-2021-45336 and CVE-2021-45337) | the-deniss.github.io](https://the-deniss.github.io/assets/images/elevation-of-privileges-from-everyone-through-avast-av-sandbox-to-system-amppl/aswEngSrv_details.png)