I understand the reason for these template questions as I am a software developer myself. The only necessary one in this case is “How did you produce this issue?”,… which as it happens I’ve already answered, but in case you missed it the first time: It’s easy to reproduce: Just run the “suspicious” program as an underprivileged user. Make sure to explicitly tell avast not to use the sandbox, and watch it execute in the context of SYSTEM.